Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 30-10-2019 Uruchomiony przez Łukasz (01-11-2019 09:51:01) Uruchomiony z C:\Users\Łukasz\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2018-08-29 22:07:19) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-1908724746-673112573-3840648487-500 - Administrator - Disabled) Gość (S-1-5-21-1908724746-673112573-3840648487-501 - Limited - Disabled) Łukasz (S-1-5-21-1908724746-673112573-3840648487-1000 - Administrator - Enabled) => C:\Users\Łukasz ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189} AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 1400 (HKLM-x32\...\{22DD005D-0EF1-4E3E-92F8-49D89E31479A}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden 1400_Help (HKLM-x32\...\{6FBE200D-1F00-40B7-BF48-FEB265AADE94}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden 1400Trb (HKLM-x32\...\{6A3C2391-BCE2-4D28-A336-73B953B4502F}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.270 - Adobe) AIO_CDB_Software (HKLM-x32\...\{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden AMD Catalyst Install Manager (HKLM\...\{8C1DA63E-3B80-46B5-64CC-8BE27A0C3FB4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology) Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team) Call of Duty 4 Modern Warfare wersja 1.7 (HKLM-x32\...\{FC6A85BF-52A3-4186-8BFC-1D9F1F2757A0}_is1) (Version: 1.7 - Activision) CCleaner (HKLM\...\CCleaner) (Version: 5.45 - Piriform) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden Core Temp 1.12.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.12.1 - ALCPU) CPUID CPU-Z 1.90 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.90 - CPUID, Inc.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.9.0.0603 - Disc Soft Ltd) DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden Entity Framework 6.2.0 Tools for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden Epic Games Launcher (HKLM-x32\...\{B1D4F6EB-C2A8-48BA-A251-89F230F13ED3}) (Version: 1.1.229.0 - Epic Games, Inc.) f.lux (HKU\S-1-5-21-1908724746-673112573-3840648487-1000\...\Flux) (Version: - f.lux Software LLC) f.lux (HKU\S-1-5-21-1908724746-673112573-3840648487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11012019094645375\...\Flux) (Version: - f.lux Software LLC) Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden Free Video Editor (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.54.606 - Digital Wave Ltd) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.57 - Google Inc.) Hidden GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard) HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation) HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.88.3 - HTC) icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{9725C7F1-2D22-4FD0-B25F-A0CBDB6B2743}) (Version: 15.8.27924 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{75D686C3-277D-4FAB-AD2C-FC71FE6BDF63}) (Version: 15.8.27924 - Microsoft Corporation) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation) IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) Java 8 Update 221 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180221F0}) (Version: 8.0.2210.11 - Oracle Corporation) K-Lite Codec Pack 14.7.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.7.0 - KLCP) KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) Malwarebytes (wersja 3.8.3.2965) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation) Microsoft .NET Framework 4.8 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.8.03761 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27012 (HKLM-x32\...\{67f67547-9693-4937-aa13-56e296bd40f6}) (Version: 14.16.27012.6 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1080.1029 - Microsoft Corporation) Mozilla Firefox 70.0.1 (x64 pl) (HKLM\...\Mozilla Firefox 70.0.1 (x64 pl)) (Version: 70.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.2 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Pakiet zbiorczy funkcji IntelliSense platformy Microsoft .NET Framework Cumulative Intellisense Pack dla programu Visual Studio (Polski) (HKLM-x32\...\{BCCDC1D3-999C-445B-826F-5B5548F19858}) (Version: 4.7.02558 - Microsoft Corporation) Hidden PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.322.10 - Tracker Software Products (Canada) Ltd.) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) RadioSure (HKU\S-1-5-21-1908724746-673112573-3840648487-1000\...\RadioSure) (Version: - ) RadioSure (HKU\S-1-5-21-1908724746-673112573-3840648487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11012019094645375\...\RadioSure) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.) Revo Uninstaller Pro (HKLM\...\Revo Uninstaller Pro) (Version: - VS Revo Group) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) SmartControl-4.3.12 (HKLM-x32\...\{3A167B0A-2DED-4C10-BD88-DE2FCE197AA9}) (Version: 4.3.12 - PHL) Spintires: MudRunner (HKLM-x32\...\Spintires: MudRunner_is1) (Version: - ) Sunrise Seven 1.2.61 (HKLM-x32\...\{AB0DBC9A-422A-4888-A8E5-A32EC1779E68}_is1) (Version: - Sunrise Software) Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) vcpp_crt.redist.clickonce (HKLM-x32\...\{3073DDA2-99E5-47A6-9AFA-3F6CA9C44BB5}) (Version: 14.16.27012 - Microsoft Corporation) Hidden Visual Studio Community 2017 (HKLM-x32\...\989adfa7) (Version: 15.9.28307.145 - Microsoft Corporation) VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{CEF65212-694E-4F0B-ADB5-17CE0C2AE213}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{871BE104-8114-4C84-9809-D3F2DAB18E06}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden WinRAR 5.40 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. ) ==================== Niestandardowe rejestracje CLSID (filtrowane): ============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6670552 2014-05-22] (Microsoft Corporation -> Microsoft Corporation) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2014-05-22] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-09-19] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-09-19] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2011-03-15] (WinZip Computing -> WinZip Computing, S.L.) ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-08-27] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-08-27] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Brak pliku ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2011-03-15] (WinZip Computing -> WinZip Computing, S.L.) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Brak pliku ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2018-09-06] (VS Revo Group Ltd. -> VS Revo Group) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-09-19] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-09-19] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2011-03-15] (WinZip Computing -> WinZip Computing, S.L.) ==================== Codecs (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [Brak podpisu cyfrowego] HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [Brak podpisu cyfrowego] HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [Brak podpisu cyfrowego] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [Brak podpisu cyfrowego] HKLM\...\Drivers32: [msacm.lame] => C:\Windows\system32\lame.ax [245760 2005-08-01] () [Brak podpisu cyfrowego] HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [Brak podpisu cyfrowego] HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [Brak podpisu cyfrowego] HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [Brak podpisu cyfrowego] HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [Brak podpisu cyfrowego] HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\system32\xvidvfw.dll [139264 2004-07-03] () [Brak podpisu cyfrowego] HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [Brak podpisu cyfrowego] HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [Brak podpisu cyfrowego] HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [Brak podpisu cyfrowego] HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [Brak podpisu cyfrowego] HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] ( ) [Brak podpisu cyfrowego] ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ==================== Załadowane moduły (filtrowane) ============= 2018-08-29 18:13 - 2011-04-29 18:28 - 000059904 _____ () [Brak podpisu cyfrowego] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2015-08-03 18:14 - 2015-08-03 18:14 - 000004608 _____ (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiamplk.dll 2008-12-03 15:05 - 2008-12-03 15:05 - 000071680 _____ (Hewlett-Packard) [Brak podpisu cyfrowego] c:\windows\system32\hpzinw12.dll 2008-12-03 15:05 - 2008-12-03 15:05 - 000089600 _____ (Hewlett-Packard) [Brak podpisu cyfrowego] c:\windows\system32\hpzipm12.dll 2018-08-29 18:13 - 2011-04-29 18:28 - 000004608 _____ (Intel Corp.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorCommon.dll 2018-08-29 18:13 - 2011-04-29 18:28 - 000062464 _____ (Intel Corporation) [Brak podpisu cyfrowego] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgr.dll 2018-08-29 18:13 - 2011-04-29 18:28 - 000184320 _____ (Intel Corporation) [Brak podpisu cyfrowego] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUIHelper.dll 2018-08-29 18:13 - 2011-04-29 18:28 - 000140288 _____ (Intel Corporation) [Brak podpisu cyfrowego] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUtil.dll 2018-08-29 18:13 - 2011-04-29 18:28 - 001318912 _____ (Intel Corporation) [Brak podpisu cyfrowego] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IntelVisualDesign.dll 2018-08-29 18:13 - 2011-04-29 18:19 - 000278528 _____ (Intel Corporation) [Brak podpisu cyfrowego] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI.dll 2018-08-29 18:13 - 2011-04-29 18:31 - 000007680 _____ (Intel Corporation) [Brak podpisu cyfrowego] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\pl-PL\IAStorDataMgr.resources.dll 2018-08-29 18:13 - 2011-04-29 18:30 - 000032768 _____ (Intel Corporation) [Brak podpisu cyfrowego] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\pl-PL\IAStorIcon.resources.dll 2018-08-29 18:13 - 2011-04-29 18:30 - 000004608 _____ (Intel Corporation) [Brak podpisu cyfrowego] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\pl-PL\IntelVisualDesign.resources.dll 2019-01-04 07:12 - 2019-01-04 07:12 - 000020480 _____ (Jonathan Abbott) [Brak podpisu cyfrowego] C:\Users\Łukasz\AppData\Local\Microsoft\Windows Sidebar\Gadgets\NetworkMeterv2.3.gadget\netlib.dll ==================== Alternate Data Streams (filtrowane) ======== ==================== Tryb awaryjny (filtrowane) ================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Powiązania plików (filtrowane) ================= ==================== Internet Explorer - Witryny zaufane i z ograniczeniami ========== ==================== Hosts - zawartość: ========================= (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-13 22:34 - 2019-11-01 09:44 - 000000031 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Inne obszary =========================== (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-1908724746-673112573-3840648487-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1908724746-673112573-3840648487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11012019094645375\Control Panel\Desktop\\Wallpaper -> C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0) mpsdrv => Usługa "Zapora systemu Windows" nie jest uruchomiona. MpsSvc => Usługa "Zapora systemu Windows" nie jest uruchomiona. ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Załączenie wejścia w fixlist spowoduje jego usunięcie.) MSCONFIG\Services: PassThru Service => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Łukasz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk => C:\Windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk.Startup MSCONFIG\startupreg: AceStream => C:\Users\Łukasz\AppData\Roaming\ACEStream\engine\ace_engine.exe MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTOS MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun MSCONFIG\startupreg: Discord => C:\Users\Łukasz\AppData\Local\Discord\app-0.0.305\Discord.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe ==================== Reguły Zapory systemu Windows (filtrowane) ================ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{6B7FFE33-DC48-4A51-8CCA-9B0E656687A6}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) FirewallRules: [{07A8A6EE-7465-4792-8322-7F4D08C99C35}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{E57D9D07-CD36-415C-86E3-0F819CF35656}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{B3A916E7-6983-442D-B277-72FE551C41AD}] => (Block) %ProgramFiles%\CCleaner\CCleaner.exe Brak pliku FirewallRules: [{D5ABCE8E-E8B0-44A7-A09F-265C19222CE1}] => (Block) %ProgramFiles%\CCleaner\CCleaner64.exe Brak pliku FirewallRules: [{ABBA60FB-A764-40E3-B9CE-F9B3D855563C}] => (Block) %ProgramFiles%\CCleaner\CCleaner.exe Brak pliku FirewallRules: [{EA26430C-3331-438D-8706-C36540ED0C65}] => (Block) %ProgramFiles%\CCleaner\CCleaner64.exe Brak pliku FirewallRules: [{F091ABCE-7BC0-4D5C-97FA-28F055E60A0A}] => (Allow) F:\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{CEEA68DD-8206-4CF8-9E14-E442090924FB}] => (Allow) F:\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{74FB737E-3B81-4618-8270-CBA7B12DBA1F}] => (Allow) F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{1086FC71-A2F8-435A-97EF-5E47F5E69E45}] => (Allow) F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{CED37D57-3720-47B3-94CB-BE6AEC667EA2}] => (Allow) F:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{B45DE5C1-B5D0-4AB6-9300-73337157D1FE}] => (Allow) F:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{3E894E63-EB92-43F2-BAB3-065184D0F16B}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard) FirewallRules: [TCP Query User{B36EFB9F-C3D2-4B8D-871D-D134B616F663}F:\call of duty 4 modern warfare\iw3mp.exe] => (Allow) F:\call of duty 4 modern warfare\iw3mp.exe () [Brak podpisu cyfrowego] FirewallRules: [UDP Query User{D33D023B-B307-49B3-AF44-880F5CA8DCEB}F:\call of duty 4 modern warfare\iw3mp.exe] => (Allow) F:\call of duty 4 modern warfare\iw3mp.exe () [Brak podpisu cyfrowego] FirewallRules: [{742B75A4-0045-4B87-A67D-4556CC8918A8}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe (Nero AG -> ) FirewallRules: [{BB094DE4-E221-465E-9E5E-C6DCD2DEE2C6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{80F2C500-A6BB-4315-B099-CB8A639BE9D8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) ==================== Punkty Przywracania systemu ========================= ==================== Wadliwe urządzenia w Menedżerze urządzeń ============ ==================== Błędy w Dzienniku zdarzeń: ======================== Dziennik Aplikacja: ================== Error: (11/01/2019 09:45:42 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/01/2019 09:34:18 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/01/2019 09:27:55 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/01/2019 09:25:03 AM) (Source: HitmanPro.Alert) (EventID: 911) (User: ) Description: C:\Program Files\Mozilla Firefox\firefox.exeIntruderIntruder Platform 6.1.7601/x64 v849 06_2a PID 5092 Feature 000010000000B0A0 Application C:\Program Files\Mozilla Firefox\firefox.exe Created 2019-11-01T13:09:23 Description Firefox 70.0.1 Detour Report # Address Owner Disassembly -- ------------------ ------------------------ ------------------------ PR_Read * 1 0x000007FEE59EAFC0 nss3.dll JMP QWORD [RIP+0x183f5442] 2 0x000007FEE6E5C0AC rlls64.dll PR_Write * 1 0x000007FEE59EAFD0 nss3.dll JMP QWORD [RIP+0x183f5462] 2 0x000007FEE6E5C0E0 rlls64.dll DecryptMessage * 1 0x000007FEFD0351F4 SspiCli.dll JMP QWORD [RIP+0xdab0be] 2 0x000007FEE6E7C5C8 rlls64.dll EncryptMessage * 1 0x000007FEFD0350A0 SspiCli.dll JMP QWORD [RIP+0xdab1e2] 2 0x000007FEE6E881C4 rlls64.dll closesocket 1 0x000007FEFEEF18E0 WS2_32.dll JMP QWORD [RIP-0x111183e] 2 0x000007FEE6E7BD70 rlls64.dll connect 1 0x000007FEFEEF42F0 WS2_32.dll JMP QWORD [RIP-0x11142ae] 2 0x000007FEE6E7B4AC rlls64.dll recv 1 0x000007FEFEEFD9C0 WS2_32.dll JMP QWORD [RIP-0x111d8be] 2 0x000007FEE6E7CA8C rlls64.dll recvfrom 1 0x000007FEFEEFE630 WS2_32.dll JMP QWORD [RIP-0x111e46e] 2 0x000007FEE6E7D17C rlls64.dll send * 1 0x000007FEFEEF7CD0 WS2_32.dll JMP QWORD [RIP-0x1117bfe] 2 0x000007FEE6E85FE4 rlls64.dll sendto 1 0x000007FEFEEFDB50 WS2_32.dll JMP QWORD [RIP-0x111d95e] 2 0x000007FEE6E7D34C rlls64.dll WSAConnect 1 0x000007FEFEF1E080 WS2_32.dll JMP QWORD [RIP-0x113e00e] 2 0x000007FEE6E7BAB0 rlls64.dll WSAGetOverlappedResult 1 0x000007FEFEF179E0 WS2_32.dll JMP QWORD [RIP-0x113784e] 2 0x000007FEE6E7CC18 rlls64.dll WSARecv 1 0x000007FEFEEF2200 WS2_32.dll JMP QWORD [RIP-0x11120ce] 2 0x000007FEE6E80B54 rlls64.dll WSARecvFrom 1 0x000007FEFEF1E650 WS2_32.dll JMP QWORD [RIP-0x113e42e] 2 0x000007FEE6E80DC8 rlls64.dll WSASend * 1 0x000007FEFEEF13B0 WS2_32.dll JMP QWORD [RIP-0x111124e] 2 0x000007FEE6E88440 rlls64.dll WSASendTo 1 0x000007FEFEEFE7F0 WS2_32.dll JMP QWORD [RIP-0x111e59e] 2 0x000007FEE6E81090 rlls64.dll UnlockUrlCacheEntryFile 1 0x000007FEFF7BB690 WININET.dll JMP QWORD [RIP-0x19db3ae] 2 0x000007FEE6E7E33C rlls64.dll Loaded Modules ----------------------------------------------------------------------------- 000000013F560000-000000013F5F3000 firefox.exe (Mozilla Corporation), version: 70.0.1 00000000777F0000-000000007798F000 ntdll.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 00000000776D0000-00000000777EF000 KERNEL32.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFD190000-000007FEFD2A1000 hmpalert.dll (SurfRight B.V.), version: 3.8.0.849 000007FEFD580000-000007FEFD5E7000 KERNELBASE.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEE6E00000-000007FEE6F16000 rlls64.dll (TMRG, Inc.), version: 4.0.21.11 (Build 21.11) 000007FEFEEF0000-000007FEFEF3D000 WS2_32.dll (Microsoft Corporation), version: 6.1.7601.23451 (win7sp1_ldr.160511-0600) 000007FEFDFD0000-000007FEFE06F000 msvcrt.dll (Microsoft Corporation), version: 7.0.7601.17744 (win7sp1_gdr.111215-1535) 000007FEFF1B0000-000007FEFF2DC000 RPCRT4.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFDC50000-000007FEFDC58000 NSI.dll (Microsoft Corporation), version: 6.1.7601.23889 (win7sp1_ldr.170810-1615) 000007FEE8540000-000007FEE8594000 OLEACC.dll (Microsoft Corporation), version: 7.0.0.0 (win7sp1_gdr.110826-1504) 00000000775D0000-00000000776CA000 USER32.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFF010000-000007FEFF077000 GDI32.dll (Microsoft Corporation), version: 6.1.7601.24513 (win7sp1_ldr_escrow.19081 000007FEFEEE0000-000007FEFEEEE000 LPK.dll (Microsoft Corporation), version: 6.1.7601.24517 (win7sp1_ldr_escrow.19081 000007FEFEF40000-000007FEFF00B000 USP10.dll (Microsoft Corporation), version: 1.0626.7601.24494 (win7sp1_ldr_escrow.19 000007FEFD7E0000-000007FEFD9DF000 ole32.dll (Microsoft Corporation), version: 6.1.7601.24511 (win7sp1_ldr_escrow.19072 000007FEFF630000-000007FEFFADC000 WININET.dll (Microsoft Corporation), version: 11.00.9600.19507 (winblue_ltsb_escrow.19 000007FEFD570000-000007FEFD574000 api-ms-win-downlevel-user32-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFD360000-000007FEFD364000 api-ms-win-downlevel-shlwapi-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFDA60000-000007FEFDAD1000 shlwapi.DLL (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFD6E0000-000007FEFD6E4000 api-ms-win-downlevel-version-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFC300000-000007FEFC30C000 version.DLL (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFD6F0000-000007FEFD6F3000 api-ms-win-downlevel-normaliz-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 00000000779A0000-00000000779A3000 normaliz.DLL (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFF340000-000007FEFF60C000 iertutil.dll (Microsoft Corporation), version: 11.00.9600.19507 (winblue_ltsb_escrow.19 000007FEFD690000-000007FEFD695000 api-ms-win-downlevel-advapi32-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFE070000-000007FEFE14B000 advapi32.DLL (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFF190000-000007FEFF1AF000 sechost.dll (Microsoft Corporation), version: 6.1.7601.18869 (win7sp1_gdr.150525-0603) 000007FEFD370000-000007FEFD38F000 USERENV.dll (Microsoft Corporation), version: 6.1.7601.24453 (win7sp1_ldr.190425-0600) 000007FEFD350000-000007FEFD35F000 profapi.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 0000000077990000-0000000077997000 PSAPI.DLL (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFD700000-000007FEFD7DB000 OLEAUT32.dll (Microsoft Corporation), version: 6.1.7601.24515 000007FEE5E50000-000007FEE5E8B000 mozglue.dll (Mozilla Foundation), version: 70.0.1 000007FEE6CD0000-000007FEE6DF5000 dbghelp.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEE5DB0000-000007FEE5E4B000 MSVCP140.dll (Microsoft Corporation), version: 14.15.26706.0 built by: VCTOOLSREL 000007FEE5D90000-000007FEE5DA6000 VCRUNTIME140.dll (Microsoft Corporation), version: 14.15.26706.0 built by: VCTOOLSREL 000007FEE5D80000-000007FEE5D84000 api-ms-win-crt-runtime-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C80000-000007FEE5D7A000 ucrtbase.DLL (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C70000-000007FEE5C73000 api-ms-win-core-localization-l1-2-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C60000-000007FEE5C63000 api-ms-win-core-processthreads-l1-1-1.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C50000-000007FEE5C53000 api-ms-win-core-file-l1-2-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C40000-000007FEE5C43000 api-ms-win-core-timezone-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C30000-000007FEE5C33000 api-ms-win-core-file-l2-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C20000-000007FEE5C23000 api-ms-win-core-synch-l1-2-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C10000-000007FEE5C14000 api-ms-win-crt-string-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C00000-000007FEE5C03000 api-ms-win-crt-heap-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BF0000-000007FEE5BF4000 api-ms-win-crt-stdio-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BE0000-000007FEE5BE4000 api-ms-win-crt-convert-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BD0000-000007FEE5BD3000 api-ms-win-crt-locale-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BC0000-000007FEE5BC5000 api-ms-win-crt-math-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BB0000-000007FEE5BB3000 api-ms-win-crt-time-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BA0000-000007FEE5BA3000 api-ms-win-crt-filesystem-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5B90000-000007FEE5B93000 api-ms-win-crt-environment-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5B80000-000007FEE5B83000 api-ms-win-crt-utility-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEFDAE0000-000007FEFDB0E000 IMM32.DLL (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFF080000-000007FEFF18B000 MSCTF.dll (Microsoft Corporation), version: 6.1.7601.24520 (win7sp1_ldr_escrow.19082 000007FEFB620000-000007FEFB64D000 ntmarta.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFF2E0000-000007FEFF332000 WLDAP32.dll (Microsoft Corporation), version: 6.1.7601.23889 (win7sp1_ldr.170810-1615) 000007FEFD0C0000-000007FEFD0CF000 cryptbase.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEE58C0000-000007FEE58C5000 api-ms-win-crt-multibyte-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE58D0000-000007FEE5B7D000 nss3.dll (Mozilla Foundation), version: 70.0.1 000007FEFA550000-000007FEFA58B000 WINMM.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFAC30000-000007FEFAC39000 WSOCK32.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEE58B0000-000007FEE58BD000 lgpllibs.dll (Mozilla Foundation), version: 70.0.1 000007FEDEEF0000-000007FEE58A7000 xul.dll (Mozilla Foundation), version: 70.0.1 000007FEFE150000-000007FEFEEDB000 SHELL32.dll (Microsoft Corporation), version: 6.1.7601.24468 (win7sp1_ldr_escrow.19052 000007FEFB5C0000-000007FEFB5C9000 AVRT.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFA0A0000-000007FEFA275000 d3d11.dll (Microsoft Corporation), version: 6.2.9200.16570 (win8_gdr.130327-1526) 000007FEFA280000-000007FEFA2DD000 dxgi.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFC290000-000007FEFC2A8000 dwmapi.dll (Microsoft Corporation), version: 6.1.7601.18917 (win7sp1_gdr.150709-0600) 000007FEFAB90000-000007FEFABB7000 IPHLPAPI.DLL (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFAB80000-000007FEFAB8B000 WINNSI.DLL (Microsoft Corporation), version: 6.1.7601.23889 (win7sp1_ldr.170810-1615) 000007FEFD3F0000-000007FEFD55D000 CRYPT32.dll (Microsoft Corporation), version: 6.1.7601.24499 (win7sp1_ldr.190612-0600) 000007FEFD340000-000007FEFD34F000 MSASN1.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFBBC0000-000007FEFBC16000 UxTheme.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFDDF0000-000007FEFDFC7000 SETUPAPI.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFD3B0000-000007FEFD3E6000 CFGMGR32.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFD390000-000007FEFD3AA000 DEVOBJ.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFD6A0000-000007FEFD6DB000 WINTRUST.dll (Microsoft Corporation), version: 6.1.7601.24499 (win7sp1_ldr.190612-0600) 000007FEFC2E0000-000007FEFC2F1000 WTSAPI32.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFA990000-000007FEFA9A8000 dhcpcsvc.DLL (Microsoft Corporation), version: 6.1.7601.24498 (win7sp1_ldr_escrow.19071 000007FEFC750000-000007FEFC7A8000 Schannel.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFD030000-000007FEFD055000 SspiCli.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEF65C0000-00000FFCF662D000 mfplat.dll (Microsoft Corporation), version: 12.0.7601.24499 (win7sp1_ldr.190612-0600 000007FEDEA80000-00000FFCDEE71000 mf.dll (Microsoft Corporation), version: 12.0.7601.24499 (win7sp1_ldr.190612-0600 000007FEFACF0000-00000FFCFAD09000 ATL.DLL (Microsoft Corporation), version: 3.05.2284 0000000073650000-000007FE73656000 ksuser.dll (Microsoft Corporation), version: 6.1.7601.19091 (win7sp1_gdr.151208-0600) 000007FEDEA50000-00000FFCDEA71000 dxva2.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEDE9B0000-00000FFCDEA4F000 evr.dll (Microsoft Corporation), version: 6.1.7601.24499 (win7sp1_ldr.190612-0600) 000007FEFC2B0000-00000FFCFC2DC000 POWRPROF.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFC960000-00000FFCFC9B5000 mswsock.dll (Microsoft Corporation), version: 6.1.7601.23451 (win7sp1_ldr.160511-0600) 000007FEFC3D0000-00000FFCFC3D7000 wshtcpip.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEF99E0000-00650854F9B42000 aticfx64.dll (Advanced Micro Devices, ), version: 8.17.10.1404 000007FEF9FF0000-00000FFCFA018000 atiuxp64.dll (Advanced Micro Devices, ), version: 8.14.01.6463 000007FEF8120000-00000FFCF8C7A000 atidxx64.dll (Advanced Micro Devices, ), version: 8.17.10.0625 000007FEDE970000-00000FFCDE9AC000 mozavutil.dll (Mozilla Foundation), version: 70.0.1 000007FEDE6F0000-00000FFCDE969000 mozavcodec.dll (Mozilla Foundation), version: 70.0.1 000007FEFDBB0000-00000FFCFDC49000 CLBCatQ.DLL (Microsoft Corporation), version: 2001.12.8530.16385 (win7_rtm.090713-1255 000007FEDE440000-00000FFCDE6E9000 msmpeg2vdec.dll (Microsoft Corporation), version: 12.0.9200.17037 (win8_gdr(wmsebld).14062 000007FEFAC20000-000007FEFAC2B000 slc.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFCBA0000-000007FEFCBC2000 bcrypt.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 Code Injection 000000013F5B1000-000000013F5B2000 4KB C:\Program Files\Mozilla Firefox\firefox.exe [4784] 000000013F600000-000000013F601000 4KB 000000013F560000-000000013F561000 4KB 0000000000060000-0000000000061000 4KB 1 C:\Program Files\Mozilla Firefox\firefox.exe [4784] 2019-11-01T13:24:57 2 C:\Windows\explorer.exe [1740] 2019-11-01T13:23:05 3 C:\Windows\System32\userinit.exe [1656] 2019-11-01T13:23:04 26.5s 4 C:\Windows\System32\winlogon.exe [648] 2019-11-01T13:23:02 winlogon.exe Thumbprints 665e30aeb6c48450aff61a25b4fccb27a002392f5c7770d663a3b76c3603d811 Error: (11/01/2019 09:25:02 AM) (Source: HitmanPro.Alert) (EventID: 911) (User: ) Description: C:\Program Files\Mozilla Firefox\firefox.exeIntruderIntruder Platform 6.1.7601/x64 v849 06_2a PID 1276 Feature 00001000000090A0 Application C:\Program Files\Mozilla Firefox\firefox.exe Created 2019-11-01T13:09:23 Description Firefox 70.0.1 Detour Report # Address Owner Disassembly -- ------------------ ------------------------ ------------------------ PR_Read * 1 0x000007FEE59EAFC0 nss3.dll JMP QWORD [RIP+0x185d5442] 2 0x000007FEE6E5C0AC rlls64.dll PR_Write * 1 0x000007FEE59EAFD0 nss3.dll JMP QWORD [RIP+0x185d5462] 2 0x000007FEE6E5C0E0 rlls64.dll DecryptMessage * 1 0x000007FEFD0351F4 SspiCli.dll JMP QWORD [RIP+0xf8b0be] 2 0x000007FEE6E7C5C8 rlls64.dll EncryptMessage * 1 0x000007FEFD0350A0 SspiCli.dll JMP QWORD [RIP+0xf8b1e2] 2 0x000007FEE6E881C4 rlls64.dll closesocket 1 0x000007FEFEEF18E0 WS2_32.dll JMP QWORD [RIP-0xf3183e] 2 0x000007FEE6E7BD70 rlls64.dll connect 1 0x000007FEFEEF42F0 WS2_32.dll JMP QWORD [RIP-0xf342ae] 2 0x000007FEE6E7B4AC rlls64.dll recv 1 0x000007FEFEEFD9C0 WS2_32.dll JMP QWORD [RIP-0xf3d8be] 2 0x000007FEE6E7CA8C rlls64.dll recvfrom 1 0x000007FEFEEFE630 WS2_32.dll JMP QWORD [RIP-0xf3e46e] 2 0x000007FEE6E7D17C rlls64.dll send * 1 0x000007FEFEEF7CD0 WS2_32.dll JMP QWORD [RIP-0xf37bfe] 2 0x000007FEE6E85FE4 rlls64.dll sendto 1 0x000007FEFEEFDB50 WS2_32.dll JMP QWORD [RIP-0xf3d95e] 2 0x000007FEE6E7D34C rlls64.dll WSAConnect 1 0x000007FEFEF1E080 WS2_32.dll JMP QWORD [RIP-0xf5e00e] 2 0x000007FEE6E7BAB0 rlls64.dll WSAGetOverlappedResult 1 0x000007FEFEF179E0 WS2_32.dll JMP QWORD [RIP-0xf5784e] 2 0x000007FEE6E7CC18 rlls64.dll WSARecv 1 0x000007FEFEEF2200 WS2_32.dll JMP QWORD [RIP-0xf320ce] 2 0x000007FEE6E80B54 rlls64.dll WSARecvFrom 1 0x000007FEFEF1E650 WS2_32.dll JMP QWORD [RIP-0xf5e42e] 2 0x000007FEE6E80DC8 rlls64.dll WSASend * 1 0x000007FEFEEF13B0 WS2_32.dll JMP QWORD [RIP-0xf3124e] 2 0x000007FEE6E88440 rlls64.dll WSASendTo 1 0x000007FEFEEFE7F0 WS2_32.dll JMP QWORD [RIP-0xf3e59e] 2 0x000007FEE6E81090 rlls64.dll UnlockUrlCacheEntryFile 1 0x000007FEFF7BB690 WININET.dll JMP QWORD [RIP-0x17fb3ae] 2 0x000007FEE6E7E33C rlls64.dll Loaded Modules ----------------------------------------------------------------------------- 000000013F560000-000000013F5F3000 firefox.exe (Mozilla Corporation), version: 70.0.1 00000000777F0000-000000007798F000 ntdll.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 00000000776D0000-00000000777EF000 KERNEL32.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFD190000-000007FEFD2A1000 hmpalert.dll (SurfRight B.V.), version: 3.8.0.849 000007FEFD580000-000007FEFD5E7000 KERNELBASE.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEE6E00000-000007FEE6F16000 rlls64.dll (TMRG, Inc.), version: 4.0.21.11 (Build 21.11) 000007FEFEEF0000-000007FEFEF3D000 WS2_32.dll (Microsoft Corporation), version: 6.1.7601.23451 (win7sp1_ldr.160511-0600) 000007FEFDFD0000-000007FEFE06F000 msvcrt.dll (Microsoft Corporation), version: 7.0.7601.17744 (win7sp1_gdr.111215-1535) 000007FEFF1B0000-000007FEFF2DC000 RPCRT4.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFDC50000-000007FEFDC58000 NSI.dll (Microsoft Corporation), version: 6.1.7601.23889 (win7sp1_ldr.170810-1615) 000007FEE8540000-000007FEE8594000 OLEACC.dll (Microsoft Corporation), version: 7.0.0.0 (win7sp1_gdr.110826-1504) 00000000775D0000-00000000776CA000 USER32.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFF010000-000007FEFF077000 GDI32.dll (Microsoft Corporation), version: 6.1.7601.24513 (win7sp1_ldr_escrow.19081 000007FEFEEE0000-000007FEFEEEE000 LPK.dll (Microsoft Corporation), version: 6.1.7601.24517 (win7sp1_ldr_escrow.19081 000007FEFEF40000-000007FEFF00B000 USP10.dll (Microsoft Corporation), version: 1.0626.7601.24494 (win7sp1_ldr_escrow.19 000007FEFD7E0000-000007FEFD9DF000 ole32.dll (Microsoft Corporation), version: 6.1.7601.24511 (win7sp1_ldr_escrow.19072 000007FEFF630000-000007FEFFADC000 WININET.dll (Microsoft Corporation), version: 11.00.9600.19507 (winblue_ltsb_escrow.19 000007FEFD570000-000007FEFD574000 api-ms-win-downlevel-user32-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFD360000-000007FEFD364000 api-ms-win-downlevel-shlwapi-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFDA60000-000007FEFDAD1000 shlwapi.DLL (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFD6E0000-000007FEFD6E4000 api-ms-win-downlevel-version-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFC300000-000007FEFC30C000 version.DLL (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFD6F0000-000007FEFD6F3000 api-ms-win-downlevel-normaliz-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 00000000779A0000-00000000779A3000 normaliz.DLL (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFF340000-000007FEFF60C000 iertutil.dll (Microsoft Corporation), version: 11.00.9600.19507 (winblue_ltsb_escrow.19 000007FEFD690000-000007FEFD695000 api-ms-win-downlevel-advapi32-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFE070000-000007FEFE14B000 advapi32.DLL (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFF190000-000007FEFF1AF000 sechost.dll (Microsoft Corporation), version: 6.1.7601.18869 (win7sp1_gdr.150525-0603) 000007FEFD370000-000007FEFD38F000 USERENV.dll (Microsoft Corporation), version: 6.1.7601.24453 (win7sp1_ldr.190425-0600) 000007FEFD350000-000007FEFD35F000 profapi.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 0000000077990000-0000000077997000 PSAPI.DLL (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFD700000-000007FEFD7DB000 OLEAUT32.dll (Microsoft Corporation), version: 6.1.7601.24515 000007FEE5E50000-000007FEE5E8B000 mozglue.dll (Mozilla Foundation), version: 70.0.1 000007FEE6CD0000-000007FEE6DF5000 dbghelp.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEE5DB0000-000007FEE5E4B000 MSVCP140.dll (Microsoft Corporation), version: 14.15.26706.0 built by: VCTOOLSREL 000007FEE5D90000-000007FEE5DA6000 VCRUNTIME140.dll (Microsoft Corporation), version: 14.15.26706.0 built by: VCTOOLSREL 000007FEE5D80000-000007FEE5D84000 api-ms-win-crt-runtime-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C80000-000007FEE5D7A000 ucrtbase.DLL (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C70000-000007FEE5C73000 api-ms-win-core-localization-l1-2-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C60000-000007FEE5C63000 api-ms-win-core-processthreads-l1-1-1.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C50000-000007FEE5C53000 api-ms-win-core-file-l1-2-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C40000-000007FEE5C43000 api-ms-win-core-timezone-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C30000-000007FEE5C33000 api-ms-win-core-file-l2-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C20000-000007FEE5C23000 api-ms-win-core-synch-l1-2-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C10000-000007FEE5C14000 api-ms-win-crt-string-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C00000-000007FEE5C03000 api-ms-win-crt-heap-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BF0000-000007FEE5BF4000 api-ms-win-crt-stdio-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BE0000-000007FEE5BE4000 api-ms-win-crt-convert-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BD0000-000007FEE5BD3000 api-ms-win-crt-locale-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BC0000-000007FEE5BC5000 api-ms-win-crt-math-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BB0000-000007FEE5BB3000 api-ms-win-crt-time-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BA0000-000007FEE5BA3000 api-ms-win-crt-filesystem-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5B90000-000007FEE5B93000 api-ms-win-crt-environment-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5B80000-000007FEE5B83000 api-ms-win-crt-utility-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEFDAE0000-000007FEFDB0E000 IMM32.DLL (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFF080000-000007FEFF18B000 MSCTF.dll (Microsoft Corporation), version: 6.1.7601.24520 (win7sp1_ldr_escrow.19082 000007FEFB620000-000007FEFB64D000 ntmarta.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFF2E0000-000007FEFF332000 WLDAP32.dll (Microsoft Corporation), version: 6.1.7601.23889 (win7sp1_ldr.170810-1615) 000007FEFD0C0000-000007FEFD0CF000 cryptbase.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEE58C0000-000007FEE58C5000 api-ms-win-crt-multibyte-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE58D0000-000007FEE5B7D000 nss3.dll (Mozilla Foundation), version: 70.0.1 000007FEFA550000-000007FEFA58B000 WINMM.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFAC30000-000007FEFAC39000 WSOCK32.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEE58B0000-000007FEE58BD000 lgpllibs.dll (Mozilla Foundation), version: 70.0.1 000007FEFC750000-000007FEFC7A8000 Schannel.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFD030000-000007FEFD055000 SspiCli.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFD3F0000-000007FEFD55D000 CRYPT32.dll (Microsoft Corporation), version: 6.1.7601.24499 (win7sp1_ldr.190612-0600) 000007FEFD340000-000007FEFD34F000 MSASN1.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFE150000-000007FEFEEDB000 Shell32.dll (Microsoft Corporation), version: 6.1.7601.24468 (win7sp1_ldr_escrow.19052 000007FEFC960000-000007FEFC9B5000 mswsock.dll (Microsoft Corporation), version: 6.1.7601.23451 (win7sp1_ldr.160511-0600) 000007FEFC3D0000-000007FEFC3D7000 wshtcpip.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEDEEF0000-00650854E58A7000 xul.dll (Mozilla Foundation), version: 70.0.1 000007FEFB5C0000-000007FEFB5C9000 AVRT.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFA0A0000-000007FEFA275000 d3d11.dll (Microsoft Corporation), version: 6.2.9200.16570 (win8_gdr.130327-1526) 000007FEFA280000-000007FEFA2DD000 dxgi.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFC290000-000007FEFC2A8000 dwmapi.dll (Microsoft Corporation), version: 6.1.7601.18917 (win7sp1_gdr.150709-0600) 000007FEFAB90000-000007FEFABB7000 IPHLPAPI.DLL (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFAB80000-000007FEFAB8B000 WINNSI.DLL (Microsoft Corporation), version: 6.1.7601.23889 (win7sp1_ldr.170810-1615) 000007FEFBBC0000-000007FEFBC16000 UxTheme.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 0000000004150000-0000000004327000 SETUPAPI.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFD3B0000-000007FEFD3E6000 CFGMGR32.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFD390000-000007FEFD3AA000 DEVOBJ.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFD6A0000-000007FEFD6DB000 WINTRUST.dll (Microsoft Corporation), version: 6.1.7601.24499 (win7sp1_ldr.190612-0600) 000007FEFC2E0000-00000FFCFC2F1000 WTSAPI32.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFA990000-00000FFCFA9A8000 dhcpcsvc.DLL (Microsoft Corporation), version: 6.1.7601.24498 (win7sp1_ldr_escrow.19071 000007FEFAEF0000-00000FFCFB088000 dwrite.dll (Microsoft Corporation), version: 6.2.9200.22852 (win8_ldr.190811-0600) Code Injection 000000013F5B1000-000000013F5B2000 4KB C:\Windows\explorer.exe [1740] 000000013F600000-000000013F601000 4KB 000000013F560000-000000013F561000 4KB 0000000000060000-0000000000061000 4KB 1 C:\Windows\explorer.exe [1740] 2019-11-01T13:23:05 2 C:\Windows\System32\userinit.exe [1656] 2019-11-01T13:23:04 26.5s 3 C:\Windows\System32\winlogon.exe [648] 2019-11-01T13:23:02 winlogon.exe Thumbprints 665e30aeb6c48450aff61a25b4fccb27a002392f5c7770d663a3b76c3603d811 Error: (11/01/2019 09:25:01 AM) (Source: HitmanPro.Alert) (EventID: 911) (User: ) Description: C:\Program Files\Mozilla Firefox\firefox.exeIntruderIntruder Platform 6.1.7601/x64 v849 06_2a PID 5008 Feature 000010000000B0A0 Application C:\Program Files\Mozilla Firefox\firefox.exe Created 2019-11-01T13:09:23 Description Firefox 70.0.1 Detour Report # Address Owner Disassembly -- ------------------ ------------------------ ------------------------ PR_Read * 1 0x000007FEE59EAFC0 nss3.dll JMP QWORD [RIP+0x183f5442] 2 0x000007FEE6E5C0AC rlls64.dll PR_Write * 1 0x000007FEE59EAFD0 nss3.dll JMP QWORD [RIP+0x183f5462] 2 0x000007FEE6E5C0E0 rlls64.dll DecryptMessage * 1 0x000007FEFD0351F4 SspiCli.dll JMP QWORD [RIP+0xdab0be] 2 0x000007FEE6E7C5C8 rlls64.dll EncryptMessage * 1 0x000007FEFD0350A0 SspiCli.dll JMP QWORD [RIP+0xdab1e2] 2 0x000007FEE6E881C4 rlls64.dll closesocket 1 0x000007FEFEEF18E0 WS2_32.dll JMP QWORD [RIP-0x111183e] 2 0x000007FEE6E7BD70 rlls64.dll connect 1 0x000007FEFEEF42F0 WS2_32.dll JMP QWORD [RIP-0x11142ae] 2 0x000007FEE6E7B4AC rlls64.dll recv 1 0x000007FEFEEFD9C0 WS2_32.dll JMP QWORD [RIP-0x111d8be] 2 0x000007FEE6E7CA8C rlls64.dll recvfrom 1 0x000007FEFEEFE630 WS2_32.dll JMP QWORD [RIP-0x111e46e] 2 0x000007FEE6E7D17C rlls64.dll send * 1 0x000007FEFEEF7CD0 WS2_32.dll JMP QWORD [RIP-0x1117bfe] 2 0x000007FEE6E85FE4 rlls64.dll sendto 1 0x000007FEFEEFDB50 WS2_32.dll JMP QWORD [RIP-0x111d95e] 2 0x000007FEE6E7D34C rlls64.dll WSAConnect 1 0x000007FEFEF1E080 WS2_32.dll JMP QWORD [RIP-0x113e00e] 2 0x000007FEE6E7BAB0 rlls64.dll WSAGetOverlappedResult 1 0x000007FEFEF179E0 WS2_32.dll JMP QWORD [RIP-0x113784e] 2 0x000007FEE6E7CC18 rlls64.dll WSARecv 1 0x000007FEFEEF2200 WS2_32.dll JMP QWORD [RIP-0x11120ce] 2 0x000007FEE6E80B54 rlls64.dll WSARecvFrom 1 0x000007FEFEF1E650 WS2_32.dll JMP QWORD [RIP-0x113e42e] 2 0x000007FEE6E80DC8 rlls64.dll WSASend * 1 0x000007FEFEEF13B0 WS2_32.dll JMP QWORD [RIP-0x111124e] 2 0x000007FEE6E88440 rlls64.dll WSASendTo 1 0x000007FEFEEFE7F0 WS2_32.dll JMP QWORD [RIP-0x111e59e] 2 0x000007FEE6E81090 rlls64.dll UnlockUrlCacheEntryFile 1 0x000007FEFF7BB690 WININET.dll JMP QWORD [RIP-0x19db3ae] 2 0x000007FEE6E7E33C rlls64.dll Loaded Modules ----------------------------------------------------------------------------- 000000013F560000-000000013F5F3000 firefox.exe (Mozilla Corporation), version: 70.0.1 00000000777F0000-000000007798F000 ntdll.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 00000000776D0000-00000000777EF000 KERNEL32.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFD190000-000007FEFD2A1000 hmpalert.dll (SurfRight B.V.), version: 3.8.0.849 000007FEFD580000-000007FEFD5E7000 KERNELBASE.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEE5E50000-000007FEE5E8B000 mozglue.dll (Mozilla Foundation), version: 70.0.1 000007FEFE070000-000007FEFE14B000 ADVAPI32.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFDFD0000-000007FEFE06F000 msvcrt.dll (Microsoft Corporation), version: 7.0.7601.17744 (win7sp1_gdr.111215-1535) 000007FEFF190000-000007FEFF1AF000 sechost.dll (Microsoft Corporation), version: 6.1.7601.18869 (win7sp1_gdr.150525-0603) 000007FEFF1B0000-000007FEFF2DC000 RPCRT4.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEE6CD0000-000007FEE6DF5000 dbghelp.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFC300000-000007FEFC30C000 VERSION.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEE5DB0000-000007FEE5E4B000 MSVCP140.dll (Microsoft Corporation), version: 14.15.26706.0 built by: VCTOOLSREL 000007FEE5D90000-000007FEE5DA6000 VCRUNTIME140.dll (Microsoft Corporation), version: 14.15.26706.0 built by: VCTOOLSREL 000007FEE5D80000-000007FEE5D84000 api-ms-win-crt-runtime-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C80000-000007FEE5D7A000 ucrtbase.DLL (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C70000-000007FEE5C73000 api-ms-win-core-localization-l1-2-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C60000-000007FEE5C63000 api-ms-win-core-processthreads-l1-1-1.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C50000-000007FEE5C53000 api-ms-win-core-file-l1-2-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C40000-000007FEE5C43000 api-ms-win-core-timezone-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C30000-000007FEE5C33000 api-ms-win-core-file-l2-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C20000-000007FEE5C23000 api-ms-win-core-synch-l1-2-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C10000-000007FEE5C14000 api-ms-win-crt-string-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C00000-000007FEE5C03000 api-ms-win-crt-heap-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BF0000-000007FEE5BF4000 api-ms-win-crt-stdio-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BE0000-000007FEE5BE4000 api-ms-win-crt-convert-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BD0000-000007FEE5BD3000 api-ms-win-crt-locale-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BC0000-000007FEE5BC5000 api-ms-win-crt-math-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BB0000-000007FEE5BB3000 api-ms-win-crt-time-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BA0000-000007FEE5BA3000 api-ms-win-crt-filesystem-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5B90000-000007FEE5B93000 api-ms-win-crt-environment-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5B80000-000007FEE5B83000 api-ms-win-crt-utility-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEFD0C0000-000007FEFD0CF000 cryptbase.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 00000000775D0000-00000000776CA000 user32.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFF010000-000007FEFF077000 GDI32.dll (Microsoft Corporation), version: 6.1.7601.24513 (win7sp1_ldr_escrow.19081 000007FEFEEE0000-000007FEFEEEE000 LPK.dll (Microsoft Corporation), version: 6.1.7601.24517 (win7sp1_ldr_escrow.19081 000007FEFEF40000-000007FEFF00B000 USP10.dll (Microsoft Corporation), version: 1.0626.7601.24494 (win7sp1_ldr_escrow.19 000007FEFDAE0000-000007FEFDB0E000 IMM32.DLL (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFF080000-000007FEFF18B000 MSCTF.dll (Microsoft Corporation), version: 6.1.7601.24520 (win7sp1_ldr_escrow.19082 000007FEE58C0000-000007FEE58C5000 api-ms-win-crt-multibyte-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE58D0000-000007FEE5B7D000 nss3.dll (Mozilla Foundation), version: 70.0.1 000007FEFA550000-000007FEFA58B000 WINMM.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFAC30000-000007FEFAC39000 WSOCK32.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFEEF0000-000007FEFEF3D000 WS2_32.dll (Microsoft Corporation), version: 6.1.7601.23451 (win7sp1_ldr.160511-0600) 000007FEFDC50000-000007FEFDC58000 NSI.dll (Microsoft Corporation), version: 6.1.7601.23889 (win7sp1_ldr.170810-1615) 000007FEE58B0000-000007FEE58BD000 lgpllibs.dll (Mozilla Foundation), version: 70.0.1 000007FEDEEF0000-000007FEE58A7000 xul.dll (Mozilla Foundation), version: 70.0.1 000007FEFE150000-000007FEFEEDB000 SHELL32.dll (Microsoft Corporation), version: 6.1.7601.24468 (win7sp1_ldr_escrow.19052 000007FEFDA60000-000007FEFDAD1000 SHLWAPI.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFB5C0000-000007FEFB5C9000 AVRT.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFD7E0000-00000FFCFD9DF000 ole32.dll (Microsoft Corporation), version: 6.1.7601.24511 (win7sp1_ldr_escrow.19072 000007FEFA0A0000-00000FFCFA275000 d3d11.dll (Microsoft Corporation), version: 6.2.9200.16570 (win8_gdr.130327-1526) 000007FEFA280000-00000FFCFA2DD000 dxgi.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFC290000-00000FFCFC2A8000 dwmapi.dll (Microsoft Corporation), version: 6.1.7601.18917 (win7sp1_gdr.150709-0600) 000007FEFAB90000-00000FFCFABB7000 IPHLPAPI.DLL (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFAB80000-00000FFCFAB8B000 WINNSI.DLL (Microsoft Corporation), version: 6.1.7601.23889 (win7sp1_ldr.170810-1615) 000007FEFD3F0000-00000FFCFD55D000 CRYPT32.dll (Microsoft Corporation), version: 6.1.7601.24499 (win7sp1_ldr.190612-0600) 000007FEFD340000-00000FFCFD34F000 MSASN1.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFBBC0000-00000FFCFBC16000 UxTheme.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFDDF0000-00000FFCFDFC7000 SETUPAPI.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFD3B0000-00000FFCFD3E6000 CFGMGR32.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFD700000-00000FFCFD7DB000 OLEAUT32.dll (Microsoft Corporation), version: 6.1.7601.24515 000007FEFD390000-00000FFCFD3AA000 DEVOBJ.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFD6A0000-00000FFCFD6DB000 WINTRUST.dll (Microsoft Corporation), version: 6.1.7601.24499 (win7sp1_ldr.190612-0600) 000007FEFC2E0000-00000FFCFC2F1000 WTSAPI32.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFA990000-00000FFCFA9A8000 dhcpcsvc.DLL (Microsoft Corporation), version: 6.1.7601.24498 (win7sp1_ldr_escrow.19071 000007FEFD370000-00000FFCFD38F000 USERENV.dll (Microsoft Corporation), version: 6.1.7601.24453 (win7sp1_ldr.190425-0600) 000007FEFD350000-00000FFCFD35F000 profapi.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFB620000-00000FFCFB64D000 ntmarta.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFF2E0000-00000FFCFF332000 WLDAP32.dll (Microsoft Corporation), version: 6.1.7601.23889 (win7sp1_ldr.170810-1615) 000007FEE6E00000-00000FFCE6F16000 rlls64.dll (TMRG, Inc.), version: 4.0.21.11 (Build 21.11) 000007FEE8540000-00000FFCE8594000 OLEACC.dll (Microsoft Corporation), version: 7.0.0.0 (win7sp1_gdr.110826-1504) 000007FEFF630000-00000FFCFFADC000 WININET.dll (Microsoft Corporation), version: 11.00.9600.19507 (winblue_ltsb_escrow.19 000007FEFD570000-00000FFCFD574000 api-ms-win-downlevel-user32-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFD360000-00000FFCFD364000 api-ms-win-downlevel-shlwapi-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFD6E0000-00000FFCFD6E4000 api-ms-win-downlevel-version-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFD6F0000-00000FFCFD6F3000 api-ms-win-downlevel-normaliz-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 00000000779A0000-000007FE779A3000 normaliz.DLL (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFF340000-00000FFCFF60C000 iertutil.dll (Microsoft Corporation), version: 11.00.9600.19507 (winblue_ltsb_escrow.19 000007FEFD690000-00000FFCFD695000 api-ms-win-downlevel-advapi32-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 0000000077990000-000007FE77997000 PSAPI.DLL (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFC960000-00000FFCFC9B5000 mswsock.dll (Microsoft Corporation), version: 6.1.7601.23451 (win7sp1_ldr.160511-0600) 000007FEFC3D0000-00000FFCFC3D7000 wshtcpip.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFC750000-00000FFCFC7A8000 Schannel.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFD030000-00000FFCFD055000 SspiCli.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFAEF0000-00650854FB088000 dwrite.dll (Microsoft Corporation), version: 6.2.9200.22852 (win8_ldr.190811-0600) Thumbprints 665e30aeb6c48450aff61a25b4fccb27a002392f5c7770d663a3b76c3603d811 Error: (11/01/2019 09:25:01 AM) (Source: HitmanPro.Alert) (EventID: 911) (User: ) Description: C:\Program Files\Mozilla Firefox\firefox.exeIntruderIntruder Platform 6.1.7601/x64 v849 06_2a PID 716 Feature 00001000000090A0 Application C:\Program Files\Mozilla Firefox\firefox.exe Created 2019-11-01T13:09:23 Description Firefox 70.0.1 Detour Report # Address Owner Disassembly -- ------------------ ------------------------ ------------------------ PR_Read * 1 0x000007FEE59EAFC0 nss3.dll JMP QWORD [RIP+0x185d5442] 2 0x000007FEE6E5C0AC rlls64.dll PR_Write * 1 0x000007FEE59EAFD0 nss3.dll JMP QWORD [RIP+0x185d5462] 2 0x000007FEE6E5C0E0 rlls64.dll DecryptMessage * 1 0x000007FEFD0351F4 SspiCli.dll JMP QWORD [RIP+0xf8b0be] 2 0x000007FEE6E7C5C8 rlls64.dll EncryptMessage * 1 0x000007FEFD0350A0 SspiCli.dll JMP QWORD [RIP+0xf8b1e2] 2 0x000007FEE6E881C4 rlls64.dll closesocket 1 0x000007FEFEEF18E0 WS2_32.dll JMP QWORD [RIP-0xf3183e] 2 0x000007FEE6E7BD70 rlls64.dll connect 1 0x000007FEFEEF42F0 WS2_32.dll JMP QWORD [RIP-0xf342ae] 2 0x000007FEE6E7B4AC rlls64.dll recv 1 0x000007FEFEEFD9C0 WS2_32.dll JMP QWORD [RIP-0xf3d8be] 2 0x000007FEE6E7CA8C rlls64.dll recvfrom 1 0x000007FEFEEFE630 WS2_32.dll JMP QWORD [RIP-0xf3e46e] 2 0x000007FEE6E7D17C rlls64.dll send * 1 0x000007FEFEEF7CD0 WS2_32.dll JMP QWORD [RIP-0xf37bfe] 2 0x000007FEE6E85FE4 rlls64.dll sendto 1 0x000007FEFEEFDB50 WS2_32.dll JMP QWORD [RIP-0xf3d95e] 2 0x000007FEE6E7D34C rlls64.dll WSAConnect 1 0x000007FEFEF1E080 WS2_32.dll JMP QWORD [RIP-0xf5e00e] 2 0x000007FEE6E7BAB0 rlls64.dll WSAGetOverlappedResult 1 0x000007FEFEF179E0 WS2_32.dll JMP QWORD [RIP-0xf5784e] 2 0x000007FEE6E7CC18 rlls64.dll WSARecv 1 0x000007FEFEEF2200 WS2_32.dll JMP QWORD [RIP-0xf320ce] 2 0x000007FEE6E80B54 rlls64.dll WSARecvFrom 1 0x000007FEFEF1E650 WS2_32.dll JMP QWORD [RIP-0xf5e42e] 2 0x000007FEE6E80DC8 rlls64.dll WSASend * 1 0x000007FEFEEF13B0 WS2_32.dll JMP QWORD [RIP-0xf3124e] 2 0x000007FEE6E88440 rlls64.dll WSASendTo 1 0x000007FEFEEFE7F0 WS2_32.dll JMP QWORD [RIP-0xf3e59e] 2 0x000007FEE6E81090 rlls64.dll UnlockUrlCacheEntryFile 1 0x000007FEFF7BB690 WININET.dll JMP QWORD [RIP-0x17fb3ae] 2 0x000007FEE6E7E33C rlls64.dll Loaded Modules ----------------------------------------------------------------------------- 000000013F560000-000000013F5F3000 firefox.exe (Mozilla Corporation), version: 70.0.1 00000000777F0000-000000007798F000 ntdll.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 00000000776D0000-00000000777EF000 KERNEL32.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFD190000-000007FEFD2A1000 hmpalert.dll (SurfRight B.V.), version: 3.8.0.849 000007FEFD580000-000007FEFD5E7000 KERNELBASE.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEE6E00000-000007FEE6F16000 rlls64.dll (TMRG, Inc.), version: 4.0.21.11 (Build 21.11) 000007FEFEEF0000-000007FEFEF3D000 WS2_32.dll (Microsoft Corporation), version: 6.1.7601.23451 (win7sp1_ldr.160511-0600) 000007FEFDFD0000-000007FEFE06F000 msvcrt.dll (Microsoft Corporation), version: 7.0.7601.17744 (win7sp1_gdr.111215-1535) 000007FEFF1B0000-000007FEFF2DC000 RPCRT4.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFDC50000-000007FEFDC58000 NSI.dll (Microsoft Corporation), version: 6.1.7601.23889 (win7sp1_ldr.170810-1615) 000007FEE8540000-000007FEE8594000 OLEACC.dll (Microsoft Corporation), version: 7.0.0.0 (win7sp1_gdr.110826-1504) 00000000775D0000-00000000776CA000 USER32.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFF010000-000007FEFF077000 GDI32.dll (Microsoft Corporation), version: 6.1.7601.24513 (win7sp1_ldr_escrow.19081 000007FEFEEE0000-000007FEFEEEE000 LPK.dll (Microsoft Corporation), version: 6.1.7601.24517 (win7sp1_ldr_escrow.19081 000007FEFEF40000-000007FEFF00B000 USP10.dll (Microsoft Corporation), version: 1.0626.7601.24494 (win7sp1_ldr_escrow.19 000007FEFD7E0000-000007FEFD9DF000 ole32.dll (Microsoft Corporation), version: 6.1.7601.24511 (win7sp1_ldr_escrow.19072 000007FEFF630000-000007FEFFADC000 WININET.dll (Microsoft Corporation), version: 11.00.9600.19507 (winblue_ltsb_escrow.19 000007FEFD570000-000007FEFD574000 api-ms-win-downlevel-user32-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFD360000-000007FEFD364000 api-ms-win-downlevel-shlwapi-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFDA60000-000007FEFDAD1000 shlwapi.DLL (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFD6E0000-000007FEFD6E4000 api-ms-win-downlevel-version-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFC300000-000007FEFC30C000 version.DLL (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFD6F0000-000007FEFD6F3000 api-ms-win-downlevel-normaliz-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 00000000779A0000-00000000779A3000 normaliz.DLL (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFF340000-000007FEFF60C000 iertutil.dll (Microsoft Corporation), version: 11.00.9600.19507 (winblue_ltsb_escrow.19 000007FEFD690000-000007FEFD695000 api-ms-win-downlevel-advapi32-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFE070000-000007FEFE14B000 advapi32.DLL (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFF190000-000007FEFF1AF000 sechost.dll (Microsoft Corporation), version: 6.1.7601.18869 (win7sp1_gdr.150525-0603) 000007FEFD370000-000007FEFD38F000 USERENV.dll (Microsoft Corporation), version: 6.1.7601.24453 (win7sp1_ldr.190425-0600) 000007FEFD350000-000007FEFD35F000 profapi.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 0000000077990000-0000000077997000 PSAPI.DLL (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFD700000-000007FEFD7DB000 OLEAUT32.dll (Microsoft Corporation), version: 6.1.7601.24515 000007FEE5E50000-000007FEE5E8B000 mozglue.dll (Mozilla Foundation), version: 70.0.1 000007FEE6CD0000-000007FEE6DF5000 dbghelp.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEE5DB0000-000007FEE5E4B000 MSVCP140.dll (Microsoft Corporation), version: 14.15.26706.0 built by: VCTOOLSREL 000007FEE5D90000-000007FEE5DA6000 VCRUNTIME140.dll (Microsoft Corporation), version: 14.15.26706.0 built by: VCTOOLSREL 000007FEE5D80000-000007FEE5D84000 api-ms-win-crt-runtime-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C80000-000007FEE5D7A000 ucrtbase.DLL (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C70000-000007FEE5C73000 api-ms-win-core-localization-l1-2-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C60000-000007FEE5C63000 api-ms-win-core-processthreads-l1-1-1.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C50000-000007FEE5C53000 api-ms-win-core-file-l1-2-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C40000-000007FEE5C43000 api-ms-win-core-timezone-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C30000-000007FEE5C33000 api-ms-win-core-file-l2-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C20000-000007FEE5C23000 api-ms-win-core-synch-l1-2-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C10000-000007FEE5C14000 api-ms-win-crt-string-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C00000-000007FEE5C03000 api-ms-win-crt-heap-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BF0000-000007FEE5BF4000 api-ms-win-crt-stdio-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BE0000-000007FEE5BE4000 api-ms-win-crt-convert-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BD0000-000007FEE5BD3000 api-ms-win-crt-locale-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BC0000-000007FEE5BC5000 api-ms-win-crt-math-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BB0000-000007FEE5BB3000 api-ms-win-crt-time-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BA0000-000007FEE5BA3000 api-ms-win-crt-filesystem-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5B90000-000007FEE5B93000 api-ms-win-crt-environment-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5B80000-000007FEE5B83000 api-ms-win-crt-utility-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEFDAE0000-000007FEFDB0E000 IMM32.DLL (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFF080000-000007FEFF18B000 MSCTF.dll (Microsoft Corporation), version: 6.1.7601.24520 (win7sp1_ldr_escrow.19082 000007FEFB620000-000007FEFB64D000 ntmarta.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFF2E0000-000007FEFF332000 WLDAP32.dll (Microsoft Corporation), version: 6.1.7601.23889 (win7sp1_ldr.170810-1615) 000007FEFD060000-000007FEFD0B7000 apphelp.dll (Microsoft Corporation), version: 6.1.7601.19050 (win7sp1_gdr.151029-0600) 000007FEFD0C0000-000007FEFD0CF000 cryptbase.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEE58C0000-00740864E58C5000 api-ms-win-crt-multibyte-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEFD6A0000-000007FEFD6DB000 WINTRUST.dll (Microsoft Corporation), version: 6.1.7601.24499 (win7sp1_ldr.190612-0600) 000007FEFD3F0000-000007FEFD55D000 CRYPT32.dll (Microsoft Corporation), version: 6.1.7601.24499 (win7sp1_ldr.190612-0600) 000007FEFD340000-000007FEFD34F000 MSASN1.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEE58D0000-000007FEE5B7D000 nss3.dll (Mozilla Foundation), version: 70.0.1 000007FEFA550000-000007FEFA58B000 WINMM.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFAC30000-000007FEFAC39000 WSOCK32.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFC9C0000-000007FEFC9D8000 CRYPTSP.dll (Microsoft Corporation), version: 6.1.7601.24499 (win7sp1_ldr.190612-0600) 000007FEE58B0000-000007FEE58BD000 lgpllibs.dll (Mozilla Foundation), version: 70.0.1 000007FEFC6C0000-000007FEFC707000 rsaenh.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFF610000-0073085AFF629000 imagehlp.dll (Microsoft Corporation), version: 6.1.7601.18288 (win7sp1_gdr.131018-1533) 000007FEFC750000-000007FEFC7A8000 Schannel.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFD030000-000007FEFD055000 SspiCli.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFE150000-000007FEFEEDB000 Shell32.dll (Microsoft Corporation), version: 6.1.7601.24468 (win7sp1_ldr_escrow.19052 000007FEFC960000-000007FEFC9B5000 mswsock.dll (Microsoft Corporation), version: 6.1.7601.23451 (win7sp1_ldr.160511-0600) 000007FEFC3D0000-000007FEFC3D7000 wshtcpip.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFCBD0000-000007FEFCC20000 ncrypt.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFCBA0000-000007FEFCBC2000 bcrypt.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFCAD0000-000007FEFCB1C000 bcryptprimitives.dll (Microsoft Corporation), version: 6.1.7601.23451 (win7sp1_ldr.160511-0600) 000007FEFC4C0000-000007FEFC4DB000 GPAPI.dll (Microsoft Corporation), version: 6.1.7601.23452 (win7sp1_ldr.160512-0600) 000007FEDEEF0000-05010E29E58A7000 xul.dll (Mozilla Foundation), version: 70.0.1 000007FEFB5C0000-038238B8FB5C9000 AVRT.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFA0A0000-07050CFFFA275000 d3d11.dll (Microsoft Corporation), version: 6.2.9200.16570 (win8_gdr.130327-1526) 000007FEFA280000-DB136B95FA2DD000 dxgi.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFC290000-1E9A6879FC2A8000 dwmapi.dll (Microsoft Corporation), version: 6.1.7601.18917 (win7sp1_gdr.150709-0600) 000007FEFAB90000-DEC0B6EFFABB7000 IPHLPAPI.DLL (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFAB80000-6C87A73AFAB8B000 WINNSI.DLL (Microsoft Corporation), version: 6.1.7601.23889 (win7sp1_ldr.170810-1615) 000007FEFBBC0000-C9B8F1AFFBC16000 UxTheme.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 0000000005DF0000-0000000005FC7000 SETUPAPI.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFD3B0000-000007FEFD3E6000 CFGMGR32.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFD390000-000007FEFD3AA000 DEVOBJ.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFC2E0000-000007FEFC2F1000 WTSAPI32.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFA990000-000007FEFA9A8000 dhcpcsvc.DLL (Microsoft Corporation), version: 6.1.7601.24498 (win7sp1_ldr_escrow.19071 000007FEFAEF0000-000007FEFB088000 dwrite.dll (Microsoft Corporation), version: 6.2.9200.22852 (win8_ldr.190811-0600) 000007FEF9E90000-000007FEF9EB7000 cryptnet.dll (Microsoft Corporation), version: 6.1.7601.24499 (win7sp1_ldr.190612-0600) Code Injection 000000013F5B1000-000000013F5B2000 4KB C:\Windows\explorer.exe [1740] 000000013F600000-000000013F601000 4KB 000000013F560000-000000013F561000 4KB 0000000000060000-0000000000061000 4KB 1 C:\Windows\explorer.exe [1740] 2019-11-01T13:23:05 2 C:\Windows\System32\userinit.exe [1656] 2019-11-01T13:23:04 26.5s 3 C:\Windows\System32\winlogon.exe [648] 2019-11-01T13:23:02 winlogon.exe Thumbprints 665e30aeb6c48450aff61a25b4fccb27a002392f5c7770d663a3b76c3603d811 Error: (11/01/2019 09:25:00 AM) (Source: HitmanPro.Alert) (EventID: 911) (User: ) Description: C:\Program Files\Mozilla Firefox\firefox.exeIntruderIntruder Platform 6.1.7601/x64 v849 06_2a PID 4784 Feature 00001000000090A0 Application C:\Program Files\Mozilla Firefox\firefox.exe Created 2019-11-01T13:09:23 Description Firefox 70.0.1 Detour Report # Address Owner Disassembly -- ------------------ ------------------------ ------------------------ PR_Read * 1 0x000007FEE59EAFC0 nss3.dll JMP QWORD [RIP+0x185d5442] 2 0x000007FEE6E5C0AC rlls64.dll PR_Write * 1 0x000007FEE59EAFD0 nss3.dll JMP QWORD [RIP+0x185d5462] 2 0x000007FEE6E5C0E0 rlls64.dll DecryptMessage * 1 0x000007FEFD0351F4 SspiCli.dll JMP QWORD [RIP+0xf8b0be] 2 0x000007FEE6E7C5C8 rlls64.dll EncryptMessage * 1 0x000007FEFD0350A0 SspiCli.dll JMP QWORD [RIP+0xf8b1e2] 2 0x000007FEE6E881C4 rlls64.dll closesocket 1 0x000007FEFEEF18E0 WS2_32.dll JMP QWORD [RIP-0xf3183e] 2 0x000007FEE6E7BD70 rlls64.dll connect 1 0x000007FEFEEF42F0 WS2_32.dll JMP QWORD [RIP-0xf342ae] 2 0x000007FEE6E7B4AC rlls64.dll recv 1 0x000007FEFEEFD9C0 WS2_32.dll JMP QWORD [RIP-0xf3d8be] 2 0x000007FEE6E7CA8C rlls64.dll recvfrom 1 0x000007FEFEEFE630 WS2_32.dll JMP QWORD [RIP-0xf3e46e] 2 0x000007FEE6E7D17C rlls64.dll send * 1 0x000007FEFEEF7CD0 WS2_32.dll JMP QWORD [RIP-0xf37bfe] 2 0x000007FEE6E85FE4 rlls64.dll sendto 1 0x000007FEFEEFDB50 WS2_32.dll JMP QWORD [RIP-0xf3d95e] 2 0x000007FEE6E7D34C rlls64.dll WSAConnect 1 0x000007FEFEF1E080 WS2_32.dll JMP QWORD [RIP-0xf5e00e] 2 0x000007FEE6E7BAB0 rlls64.dll WSAGetOverlappedResult 1 0x000007FEFEF179E0 WS2_32.dll JMP QWORD [RIP-0xf5784e] 2 0x000007FEE6E7CC18 rlls64.dll WSARecv 1 0x000007FEFEEF2200 WS2_32.dll JMP QWORD [RIP-0xf320ce] 2 0x000007FEE6E80B54 rlls64.dll WSARecvFrom 1 0x000007FEFEF1E650 WS2_32.dll JMP QWORD [RIP-0xf5e42e] 2 0x000007FEE6E80DC8 rlls64.dll WSASend * 1 0x000007FEFEEF13B0 WS2_32.dll JMP QWORD [RIP-0xf3124e] 2 0x000007FEE6E88440 rlls64.dll WSASendTo 1 0x000007FEFEEFE7F0 WS2_32.dll JMP QWORD [RIP-0xf3e59e] 2 0x000007FEE6E81090 rlls64.dll UnlockUrlCacheEntryFile 1 0x000007FEFF7BB690 WININET.dll JMP QWORD [RIP-0x17fb3ae] 2 0x000007FEE6E7E33C rlls64.dll Loaded Modules ----------------------------------------------------------------------------- 000000013F560000-000000013F5F3000 firefox.exe (Mozilla Corporation), version: 70.0.1 00000000777F0000-000000007798F000 ntdll.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 00000000776D0000-00000000777EF000 KERNEL32.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFD190000-000007FEFD2A1000 hmpalert.dll (SurfRight B.V.), version: 3.8.0.849 000007FEFD580000-000007FEFD5E7000 KERNELBASE.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEE6E00000-000007FEE6F16000 rlls64.dll (TMRG, Inc.), version: 4.0.21.11 (Build 21.11) 000007FEFEEF0000-000007FEFEF3D000 WS2_32.dll (Microsoft Corporation), version: 6.1.7601.23451 (win7sp1_ldr.160511-0600) 000007FEFDFD0000-000007FEFE06F000 msvcrt.dll (Microsoft Corporation), version: 7.0.7601.17744 (win7sp1_gdr.111215-1535) 000007FEFF1B0000-000007FEFF2DC000 RPCRT4.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFDC50000-000007FEFDC58000 NSI.dll (Microsoft Corporation), version: 6.1.7601.23889 (win7sp1_ldr.170810-1615) 000007FEE8540000-000007FEE8594000 OLEACC.dll (Microsoft Corporation), version: 7.0.0.0 (win7sp1_gdr.110826-1504) 00000000775D0000-00000000776CA000 USER32.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFF010000-000007FEFF077000 GDI32.dll (Microsoft Corporation), version: 6.1.7601.24513 (win7sp1_ldr_escrow.19081 000007FEFEEE0000-000007FEFEEEE000 LPK.dll (Microsoft Corporation), version: 6.1.7601.24517 (win7sp1_ldr_escrow.19081 000007FEFEF40000-000007FEFF00B000 USP10.dll (Microsoft Corporation), version: 1.0626.7601.24494 (win7sp1_ldr_escrow.19 000007FEFD7E0000-000007FEFD9DF000 ole32.dll (Microsoft Corporation), version: 6.1.7601.24511 (win7sp1_ldr_escrow.19072 000007FEFF630000-000007FEFFADC000 WININET.dll (Microsoft Corporation), version: 11.00.9600.19507 (winblue_ltsb_escrow.19 000007FEFD570000-000007FEFD574000 api-ms-win-downlevel-user32-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFD360000-000007FEFD364000 api-ms-win-downlevel-shlwapi-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFDA60000-000007FEFDAD1000 shlwapi.DLL (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFD6E0000-000007FEFD6E4000 api-ms-win-downlevel-version-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFC300000-000007FEFC30C000 version.DLL (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFD6F0000-000007FEFD6F3000 api-ms-win-downlevel-normaliz-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 00000000779A0000-00000000779A3000 normaliz.DLL (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFF340000-000007FEFF60C000 iertutil.dll (Microsoft Corporation), version: 11.00.9600.19507 (winblue_ltsb_escrow.19 000007FEFD690000-000007FEFD695000 api-ms-win-downlevel-advapi32-l1-1-0.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFE070000-000007FEFE14B000 advapi32.DLL (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFF190000-000007FEFF1AF000 sechost.dll (Microsoft Corporation), version: 6.1.7601.18869 (win7sp1_gdr.150525-0603) 000007FEFD370000-000007FEFD38F000 USERENV.dll (Microsoft Corporation), version: 6.1.7601.24453 (win7sp1_ldr.190425-0600) 000007FEFD350000-000007FEFD35F000 profapi.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 0000000077990000-0000000077997000 PSAPI.DLL (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFD700000-000007FEFD7DB000 OLEAUT32.dll (Microsoft Corporation), version: 6.1.7601.24515 000007FEE5E50000-000007FEE5E8B000 mozglue.dll (Mozilla Foundation), version: 70.0.1 000007FEE6CD0000-000007FEE6DF5000 dbghelp.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEE5DB0000-000007FEE5E4B000 MSVCP140.dll (Microsoft Corporation), version: 14.15.26706.0 built by: VCTOOLSREL 000007FEE5D90000-000007FEE5DA6000 VCRUNTIME140.dll (Microsoft Corporation), version: 14.15.26706.0 built by: VCTOOLSREL 000007FEE5D80000-000007FEE5D84000 api-ms-win-crt-runtime-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C80000-000007FEE5D7A000 ucrtbase.DLL (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C70000-000007FEE5C73000 api-ms-win-core-localization-l1-2-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C60000-000007FEE5C63000 api-ms-win-core-processthreads-l1-1-1.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C50000-000007FEE5C53000 api-ms-win-core-file-l1-2-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C40000-000007FEE5C43000 api-ms-win-core-timezone-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C30000-000007FEE5C33000 api-ms-win-core-file-l2-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C20000-000007FEE5C23000 api-ms-win-core-synch-l1-2-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C10000-000007FEE5C14000 api-ms-win-crt-string-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5C00000-000007FEE5C03000 api-ms-win-crt-heap-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BF0000-000007FEE5BF4000 api-ms-win-crt-stdio-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BE0000-000007FEE5BE4000 api-ms-win-crt-convert-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BD0000-000007FEE5BD3000 api-ms-win-crt-locale-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BC0000-000007FEE5BC5000 api-ms-win-crt-math-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BB0000-000007FEE5BB3000 api-ms-win-crt-time-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5BA0000-000007FEE5BA3000 api-ms-win-crt-filesystem-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5B90000-000007FEE5B93000 api-ms-win-crt-environment-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEE5B80000-000007FEE5B83000 api-ms-win-crt-utility-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEFDAE0000-000007FEFDB0E000 IMM32.DLL (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFF080000-000007FEFF18B000 MSCTF.dll (Microsoft Corporation), version: 6.1.7601.24520 (win7sp1_ldr_escrow.19082 000007FEFB620000-000007FEFB64D000 ntmarta.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFF2E0000-000007FEFF332000 WLDAP32.dll (Microsoft Corporation), version: 6.1.7601.23889 (win7sp1_ldr.170810-1615) 000007FEFD060000-000007FEFD0B7000 apphelp.dll (Microsoft Corporation), version: 6.1.7601.19050 (win7sp1_gdr.151029-0600) 000007FEFD0C0000-000007FEFD0CF000 cryptbase.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFC750000-00740864FC7A8000 Schannel.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFD030000-000007FEFD055000 SspiCli.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFD3F0000-000007FEFD55D000 CRYPT32.dll (Microsoft Corporation), version: 6.1.7601.24499 (win7sp1_ldr.190612-0600) 000007FEFD340000-000007FEFD34F000 MSASN1.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFE150000-000007FEFEEDB000 Shell32.dll (Microsoft Corporation), version: 6.1.7601.24468 (win7sp1_ldr_escrow.19052 000007FEFC960000-000007FEFC9B5000 mswsock.dll (Microsoft Corporation), version: 6.1.7601.23451 (win7sp1_ldr.160511-0600) 000007FEFC3D0000-000007FEFC3D7000 wshtcpip.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEE58D0000-00650854E5B7D000 nss3.dll (Mozilla Foundation), version: 70.0.1 000007FEFA550000-000007FEFA58B000 WINMM.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFAC30000-000007FEFAC39000 WSOCK32.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEE58C0000-000007FEE58C5000 api-ms-win-crt-multibyte-l1-1-0.dll (Microsoft Corporation), version: 10.0.17134.12 (WinBuild.160101.0800) 000007FEFD6A0000-000007FEFD6DB000 WINTRUST.dll (Microsoft Corporation), version: 6.1.7601.24499 (win7sp1_ldr.190612-0600) 000007FEFC9C0000-000007FEFC9D8000 CRYPTSP.dll (Microsoft Corporation), version: 6.1.7601.24499 (win7sp1_ldr.190612-0600) 000007FEFC6C0000-00650854FC707000 rsaenh.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFF610000-0073085AFF629000 imagehlp.dll (Microsoft Corporation), version: 6.1.7601.18288 (win7sp1_gdr.131018-1533) 000007FEFCBD0000-000007FEFCC20000 ncrypt.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFCBA0000-000007FEFCBC2000 bcrypt.dll (Microsoft Corporation), version: 6.1.7601.24524 (win7sp1_ldr_escrow.19091 000007FEFCAD0000-000007FEFCB1C000 bcryptprimitives.dll (Microsoft Corporation), version: 6.1.7601.23451 (win7sp1_ldr.160511-0600) 000007FEFC4C0000-000007FEFC4DB000 GPAPI.dll (Microsoft Corporation), version: 6.1.7601.23452 (win7sp1_ldr.160512-0600) 000007FEE58B0000-000007FEE58BD000 lgpllibs.dll (Mozilla Foundation), version: 70.0.1 000007FEF9E90000-000007FEF9EB7000 cryptnet.dll (Microsoft Corporation), version: 6.1.7601.24499 (win7sp1_ldr.190612-0600) 000007FEDEEF0000-000007FEE58A7000 xul.dll (Mozilla Foundation), version: 70.0.1 000007FEFB5C0000-000007FEFB5C9000 AVRT.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFA0A0000-000007FEFA275000 d3d11.dll (Microsoft Corporation), version: 6.2.9200.16570 (win8_gdr.130327-1526) 000007FEFA280000-000007FEFA2DD000 dxgi.dll (Microsoft Corporation), version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0 000007FEFC290000-FD94F83CFC2A8000 dwmapi.dll (Microsoft Corporation), version: 6.1.7601.18917 (win7sp1_gdr.150709-0600) 000007FEFAB90000-0DD7D6CEFABB7000 IPHLPAPI.DLL (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFAB80000-000007FEFAB8B000 WINNSI.DLL (Microsoft Corporation), version: 6.1.7601.23889 (win7sp1_ldr.170810-1615) 000007FEFBBC0000-000007FEFBC16000 UxTheme.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 0000000007900000-0000000007AD7000 SETUPAPI.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFD3B0000-000007FEFD3E6000 CFGMGR32.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFD390000-000007FEFD3AA000 DEVOBJ.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFC2E0000-000007FEFC2F1000 WTSAPI32.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFA990000-000007FEFA9A8000 dhcpcsvc.DLL (Microsoft Corporation), version: 6.1.7601.24498 (win7sp1_ldr_escrow.19071 000007FEFAEF0000-000007FEFB088000 dwrite.dll (Microsoft Corporation), version: 6.2.9200.22852 (win8_ldr.190811-0600) 000007FEFDBB0000-000007FEFDC49000 CLBCatQ.DLL (Microsoft Corporation), version: 2001.12.8530.16385 (win7_rtm.090713-1255 000007FEF3420000-000007FEF3494000 netprofm.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFACD0000-000007FEFACE5000 nlaapi.dll (Microsoft Corporation), version: 6.1.7601.24000 (win7sp1_ldr.171231-1547) 000007FEEBA70000-000007FEEBA85000 napinsp.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEEBA40000-000007FEEBA59000 pnrpnsp.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFC7E0000-000007FEFC83B000 DNSAPI.dll (Microsoft Corporation), version: 6.1.7601.24168 (win7sp1_ldr.180608-0600) 000007FEEBA30000-000007FEEBA3B000 winrnr.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFD170000-000007FEFD184000 RpcRtRemote.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEEBBE0000-000007FEEBBEC000 npmproxy.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEDEE80000-000007FEDEEEF000 Wpc.dll (Microsoft Corporation), version: 1.0.0.1 000007FEFCC70000-000007FEFCCDD000 wevtapi.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFB090000-000007FEFB0A4000 samcli.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEFBD50000-000007FEFBD6D000 SAMLIB.dll (Microsoft Corporation), version: 6.1.7601.23677 (win7sp1_ldr.170209-0600) 000007FEFB0D0000-000007FEFB0DC000 netutils.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEEC450000-04FF1813EC45F000 wbemprox.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEEC720000-E8249AFFEC7A6000 wbemcomn.dll (Microsoft Corporation), version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) 000007FEEC220000-000007FEEC234000 wbemsvc.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEEC5F0000-000007FEEC6D2000 fastprox.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEEC520000-ECD4AE9DEC547000 NTDSAPI.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEF4210000-000007FEF45D4000 d2d1.dll (Microsoft Corporation), version: 6.2.9200.16765 (win8_gdr.131119-1508) 000007FEFB3F0000-000007FEFB424000 XmlLite.dll (Microsoft Corporation), version: 1.3.1001.0 000007FEF3EF0000-000007FEF3F8C000 mscms.dll (Microsoft Corporation), version: 6.1.7601.23971 (win7sp1_ldr.171205-0600) 000007FEE6C10000-04080593E6C52000 icm32.dll (Microsoft Corporation), version: 6.1.7601.23971 (win7sp1_ldr.171205-0600) 000007FEFCB60000-0072085FFCB9D000 WINSTA.dll (Microsoft Corporation), version: 6.1.7601.18540 (win7sp1_gdr.140716-1508) 000007FEFB5D0000-000007FEFB61B000 MMDevApi.dll (Microsoft Corporation), version: 6.1.7600.16385 (win7_rtm.090713-1255) 000007FEFBC20000-04550B04FBD4C000 PROPSYS.dll (Microsoft Corporation), version: 7.00.7601.17514 (win7sp1_rtm.101119-1850 000007FEF6900000-1630202EF694F000 AUDIOSES.DLL (Microsoft Corporation), version: 6.1.7601.24523 (win7sp1_ldr_escrow.19091 Code Injection 000000013F5B1000-000000013F5B2000 4KB C:\Windows\explorer.exe [1740] 000000013F600000-000000013F601000 4KB 000000013F560000-000000013F561000 4KB 0000000000060000-0000000000061000 4KB 1 C:\Windows\explorer.exe [1740] 2019-11-01T13:23:05 2 C:\Windows\System32\userinit.exe [1656] 2019-11-01T13:23:04 26.5s 3 C:\Windows\System32\winlogon.exe [648] 2019-11-01T13:23:02 winlogon.exe Thumbprints 665e30aeb6c48450aff61a25b4fccb27a002392f5c7770d663a3b76c3603d811 Dziennik System: ============= Error: (11/01/2019 09:48:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa HP Network Devices Support zakończyła działanie; wystąpił następujący błąd: Nie można odnaleźć określonego modułu. Error: (11/01/2019 09:45:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Usługa HP CUE DeviceDiscovery zakończyła działanie; wystąpił następujący błąd: Nie można odnaleźć określonego modułu. Error: (11/01/2019 09:36:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa HP Network Devices Support zakończyła działanie; wystąpił następujący błąd: Nie można odnaleźć określonego modułu. Error: (11/01/2019 09:34:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Usługa HP CUE DeviceDiscovery zakończyła działanie; wystąpił następujący błąd: Nie można odnaleźć określonego modułu. Error: (11/01/2019 09:29:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa HP Network Devices Support zakończyła działanie; wystąpił następujący błąd: Nie można odnaleźć określonego modułu. Error: (11/01/2019 09:27:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Usługa HP CUE DeviceDiscovery zakończyła działanie; wystąpił następujący błąd: Nie można odnaleźć określonego modułu. Error: (11/01/2019 09:25:12 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa HP Network Devices Support zakończyła działanie; wystąpił następujący błąd: Nie można odnaleźć określonego modułu. Error: (11/01/2019 09:23:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Usługa HP CUE DeviceDiscovery zakończyła działanie; wystąpił następujący błąd: Nie można odnaleźć określonego modułu. CodeIntegrity: =================================== Date: 2019-10-04 04:50:54.258 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-10-04 04:50:54.086 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-29 19:11:28.983 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-29 19:11:28.981 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== BIOS: American Megatrends Inc. 4105 07/01/2013 Płyta główna: ASUSTeK Computer INC. P8Z68-V LX Procesor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz Procent pamięci w użyciu: 53% Całkowita pamięć fizyczna: 8156.89 MB Dostępna pamięć fizyczna: 3775.85 MB Całkowita pamięć wirtualna: 16311.92 MB Dostępna pamięć wirtualna: 11787.85 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:111.57 GB) (Free:56.16 GB) NTFS Drive d: (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)] Drive e: () (Fixed) (Total:118.01 GB) (Free:117.9 GB) NTFS Drive f: (Nowy) (Fixed) (Total:347.66 GB) (Free:319.11 GB) NTFS ==================== MBR & Tablica partycji ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: A2F6AAA6) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=118 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=347.7 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== Koniec Addition.txt =======================