Mr.Hankey utworzono 24 czerwca 2011 utworzono 24 czerwca 2011 (edytowane) Witam, W zasadzie nie wiem jak nazwać mój problem. Mianowicie podczas chodzenia po stronach WWW co jakiś czas występuje problem chwilowego odcięcia od sieci. Po 15-30 sekundach wraca wszystko do normy na kilka minut (czasami i godzinę), aby znowu paść. Tak samo dzieje się w czasie ściągania zarówno poprzez strony internetowe jak i FTP. Podczas ściągania przez FTP zaobserwowałem: -ściąganie normalne (ok. 2MB/s) -spadek łącza (ok. 500KB/s) -zatrzymanie łącza (z prędkością ok. 100KB/s - ściąganie stoi) -zerwanie połączenia z serwerem -odnowienie połączenia z serwerem po 15-20 sekundach -ściąganie normalne (ok. 2MB/s) Normalnie ściąga się przez około 1-3 minuty i po tym znowu następuje przerwanie łącza. Przy sprawdzaniu wydajności łącza czasami ping wychodzi w okolicach 5-15 (czyli tak jak powinno być w moim przypadku dla serwera w Londynie), a czasami po 500-1000 (mimo, że sieć nadal działa). Tak samo jest z prędkością pobierania i wysyłania - czasami jest to 17-19Mb/1Mb, a czasami 2Mb/100Kb (prędkość łącza powinna dochodzić do 20Mb/1Mb). Zaczęło się to dziać jakieś 4 dni temu (6 dni temu był format wszystkich partycji oraz instalacja WIN XP SP3). Od 4 dni staram się jakoś sam sobie z tym poradzić poprzez skanowania komputera, ale żaden antywirus nic nie znalazł (Dr. Web oraz Avast). Proszę więc o pomoc, bo już nie mam pomysłu, a nie jestem na tyle zaawansowanym technicznie człowiekiem aby grzebać samemu po rejestrach itp. sprawach bez uprzedniego skonsultowania się z kimś kto się na tym zna, a formatowanie dysku już dawno mi się znudziło i wolałbym tego uniknąć. Wykonam każde Wasze polecenie tylko proszę piszcie w miarę zrozumiale dla zwykłego śmiertelnika - jak chcecie jakiś skan to proszę o podanie mi jakim programem i jak go zrobić, a wykonam go bezzwłocznie. Parametry Komputera znajdują się [url="http://ce.computers.toshiba-europe.com/innovation/jsp/SUPPORTSECTION/discontinuedProductPage.do?LNG=20&service=CE&DISC_MODEL=0&ACTION=PRINT_WITH_BACK&com.broadvision.session.new=Yes&PRODUCT_ID=132078"]TUTAJ[/url] - nie chciałem niepotrzebnie kopiować. Obecnie nie używam karty sieciowej, która była w laptopie, ponieważ uległa zniszczeniu, kupiłem bezprzewodowy adaptor WI-FI Realtek USB. Używam go już ponad 6 miesięcy i dopiero teraz zaczęło się to dziać. Procesy uruchomione w czasie występowania awarii: [URL=http://imageshack.us/photo/my-images/849/procesyy.jpg/][IMG]http://img849.imageshack.us/img849/3198/procesyy.th.jpg[/IMG][/URL] Z góry dzięki za pomoc! Pozdrawiam, Kuba. EDIT: Dodam jeszcze, że podczas oglądania filmów na YT ten problem też występuje, ale tylko zacina się buforowanie filmu na jakiś czas i później leci dalej, a nie jak w przypadku zwykłego odcięcia od sieci kiedy to pokazuje, że wideo załadowało się do końca.
MC Jay komentarz 24 czerwca 2011 komentarz 24 czerwca 2011 (edytowane) Widzę że masz duuuużoooo syfu który odpala się naraz (niewiem czy to coś da) i daj logi z HiJackThis (trochę ubyło u nas tych speców od zaawansowanego sprzętu) [color=red]//Twoja wiedza na temat ogranicza się do wiadomości sprzed co najmniej paru lat //Otrzymujesz warna oraz akceptację postów na 30 dni za: spam, chwalenie się niewiedzą oraz wprowadzanie użytkowników błąd, [url="http://www.forumpc.pl/index.php?showtopic=213315"]1.[/url] [url="http://www.forumpc.pl/index.php?showtopic=213238&st=0&p=1285171&#entry1285171"]2.[/url] //Mateusz J.[/color]
Mr.Hankey komentarz 26 czerwca 2011 Autor komentarz 26 czerwca 2011 (edytowane) Zrobiłem Skan tak jak mówiłeś, mam nadzieje, że to to: [log]Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:37:06, on 2011-06-24 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\lxeacoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TDispVol.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe C:\Program Files\Lexmark S300-S400 Series\ezprint.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Program Files\Kadu\kadu.exe C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [lxeamon.exe] "C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark S300-S400 Series\ezprint.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: lxeaCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe O23 - Service: lxea_device - - C:\WINDOWS\system32\lxeacoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5981 bytes [/log] Ktokolwiek jest w stanie pomóc? [color=green]//Logi wstawiamy w tagi log //Mateusz J. [/color]
wirusolog komentarz 27 czerwca 2011 komentarz 27 czerwca 2011 Daj komplet logów: [url=http://www.forumpc.pl/index.php?showtopic=104338][b][color=blue][u]OTL i RSIT[/url][/b][/color][/u] + [url=http://www.forumpc.pl/index.php?showtopic=116175][b][color=blue][u]GMER[/url][/b][/color][/u]. 1
Mr.Hankey komentarz 27 czerwca 2011 Autor komentarz 27 czerwca 2011 OTL.TXT: [log]OTL logfile created on: 2011-06-27 19:31:39 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Kuba\Moje dokumenty\Downloads Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 53,02% Memory free 3,85 Gb Paging File | 3,02 Gb Available in Paging File | 78,49% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 43,42 Gb Total Space | 32,52 Gb Free Space | 74,90% Space Free | Partition Type: NTFS Drive D: | 68,36 Gb Total Space | 51,71 Gb Free Space | 75,64% Space Free | Partition Type: NTFS Drive G: | 3,74 Gb Total Space | 3,61 Gb Free Space | 96,60% Space Free | Partition Type: FAT32 Computer Name: COMPANY | User Name: Kuba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-06-27 19:27:58 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\OTL.exe PRC - [2011-06-24 22:14:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2011-06-14 00:52:23 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2011-06-07 17:51:12 | 000,421,160 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2011-06-07 17:51:02 | 000,820,520 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2011-05-25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011-05-22 18:21:36 | 008,179,200 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla FTP Client\filezilla.exe PRC - [2011-05-10 20:00:04 | 000,328,206 | ---- | M] (Kadu Team) -- C:\Program Files\Kadu\kadu.exe PRC - [2011-05-10 13:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011-05-10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011-04-08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2011-04-06 16:20:16 | 000,349,472 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2010-05-13 10:01:52 | 000,966,656 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe PRC - [2010-05-05 14:18:46 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe PRC - [2010-05-05 14:18:43 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe PRC - [2010-04-14 21:45:21 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxeacoms.exe PRC - [2009-02-09 13:18:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2008-07-24 16:02:06 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe PRC - [2008-04-14 21:51:52 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe PRC - [2008-04-14 21:51:52 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 21:51:50 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-14 21:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 21:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 21:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 21:51:40 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2008-04-14 21:51:32 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2008-04-14 21:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 21:51:12 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-14 21:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 21:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-08-10 14:21:56 | 016,384,000 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2007-07-25 17:19:54 | 000,888,832 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2007-07-25 17:19:54 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe PRC - [2007-06-30 07:18:06 | 000,028,672 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\TCtrlIOHook.exe PRC - [2006-10-27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2006-02-09 12:47:08 | 000,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe PRC - [2005-12-27 12:06:32 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-06-27 19:27:58 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\OTL.exe MOD - [2011-05-10 13:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll MOD - [2008-04-14 21:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 21:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 21:50:58 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 21:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 21:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 21:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 21:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 21:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-14 21:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 21:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2008-04-14 21:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 21:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 21:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2008-04-14 21:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 21:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 21:50:38 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2008-04-14 21:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2008-04-14 21:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-14 21:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 21:50:16 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-14 21:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 21:50:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-14 21:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-04-14 21:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-04-14 21:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008-04-14 21:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2002-03-02 11:40:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011-05-10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-04-14 21:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxeacoms.exe -- (lxea_device) SRV - [2010-04-14 21:45:14 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe -- (lxeaCATSCustConnectService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-06-20 07:35:45 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2011-05-10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011-05-10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011-05-10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011-05-10 13:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011-05-10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011-05-10 12:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011-05-10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-01-25 08:29:50 | 000,605,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2007-08-10 12:52:44 | 004,603,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-07-25 17:07:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2006-06-22 15:27:12 | 000,011,264 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1844237615-1326574676-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1844237615-1326574676-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local O1 HOSTS File: ([2011-06-25 22:01:06 | 000,000,770 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 74.208.10.249 gs.apple.com O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-1844237615-1326574676-1177238915-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe () O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA) O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TFncKy] File not found O4 - HKU\S-1-5-21-1844237615-1326574676-1177238915-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1844237615-1326574676-1177238915-1003..\Run: [Komunikator] File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1844237615-1326574676-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\Kuba\Dane aplikacji\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\Kuba\Dane aplikacji\FlashGetBHO\GetAllUrl.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-06-18 19:00:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3eece206-9dca-11e0-b931-009dda02214c}\Shell\AutoRun\command - "" = J:\Windows\bin\ReaderLibrarySetup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-06-27 02:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\ObviousIdea [2011-06-27 02:19:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ObviousIdea [2011-06-27 02:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\ObviousIdea [2011-06-25 22:24:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2011-06-25 22:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\iTunes [2011-06-25 22:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011-06-25 22:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011-06-25 22:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\QuickTime [2011-06-25 22:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011-06-25 22:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011-06-25 22:07:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011-06-25 21:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Temp [2011-06-25 20:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dane aplikacji\Apple Computer [2011-06-25 20:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Apple Computer [2011-06-25 20:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011-06-25 20:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer [2011-06-25 20:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Apple [2011-06-25 20:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011-06-25 20:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2011-06-25 20:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple [2011-06-25 20:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Apple Computer [2011-06-24 22:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun [2011-06-24 22:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011-06-24 22:14:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2011-06-24 22:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011-06-24 22:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Sun [2011-06-24 19:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011-06-24 19:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Menu Start\Programy\HiJackThis [2011-06-23 18:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Office [2011-06-23 18:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works [2011-06-23 18:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild [2011-06-23 18:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio [2011-06-23 18:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2011-06-23 18:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2011-06-23 18:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2011-06-23 18:49:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW [2011-06-23 18:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft Help [2011-06-23 18:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011-06-23 18:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help [2011-06-23 18:48:19 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011-06-23 01:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\NapiProjekt [2011-06-23 01:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\NAPI-PROJEKT [2011-06-22 22:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\DoctorWeb [2011-06-22 18:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\.ssh [2011-06-22 18:29:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\.nx [2011-06-22 18:28:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\NX Client for Windows [2011-06-22 18:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\NX Client for Windows [2011-06-22 16:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\FileZilla [2011-06-22 16:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\FileZilla FTP Client [2011-06-22 16:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client [2011-06-22 16:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\BITS [2011-06-22 16:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\FlashGet [2011-06-22 16:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\FlashGetBHO [2011-06-22 16:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\FlashGet Network [2011-06-22 03:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Menu Start\Programy\Google Chrome [2011-06-21 20:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Kadu [2011-06-21 20:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Menu Start\Programy\Kadu [2011-06-21 20:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Kadu [2011-06-21 00:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Tlen.pl [2011-06-21 00:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl [2011-06-21 00:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\Tlen.pl [2011-06-20 14:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\SimAquarium [2011-06-20 14:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\OldOpera [2011-06-20 14:40:55 | 003,463,656 | ---- | C] (Digital Illusions Software) -- C:\WINDOWS\SimAQUARIUM2 Tank-1.scr [2011-06-20 14:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\SimAQUARIUM2 [2011-06-20 14:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\SimAQUARIUM 2 Screensaver [2011-06-20 14:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\OldOpera 9 [2011-06-20 08:39:26 | 001,123,840 | ---- | C] (Karol Winnicki) -- C:\Documents and Settings\Kuba\Pulpit\BESTplayer.exe [2011-06-20 08:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\BESTplayer [2011-06-20 08:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\K-Lite Codec Pack [2011-06-20 08:38:49 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm [2011-06-20 08:38:48 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2011-06-20 08:38:48 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2011-06-20 08:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2011-06-20 08:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Spirograph [2011-06-20 07:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade [2011-06-20 07:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Formosoft [2011-06-20 07:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar [2011-06-20 07:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DAEMON Tools Lite [2011-06-20 07:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2011-06-20 07:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\DAEMON Tools [2011-06-20 01:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data [2011-06-20 00:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Pulpit\Programy [2011-06-20 00:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Opera [2011-06-20 00:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Opera [2011-06-20 00:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2011-06-19 16:16:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Gadu-Gadu 10 [2011-06-19 16:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2011-06-19 16:14:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2011-06-19 07:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\ARAX Disk Doctor Data Recovery [2011-06-19 06:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Ontrack [2011-06-19 05:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\uTorrent [2011-06-18 22:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Convar [2011-06-18 22:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Lx_cats [2011-06-18 22:24:07 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacoin.dll [2011-06-18 22:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ABBYY FineReader 6.0 Sprint [2011-06-18 22:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Abbyy FineReader 6.0 Sprint [2011-06-18 22:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\avast! Free Antivirus [2011-06-18 22:21:56 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2011-06-18 22:21:56 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2011-06-18 22:21:54 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2011-06-18 22:21:53 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2011-06-18 22:21:53 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2011-06-18 22:21:51 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2011-06-18 22:21:51 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2011-06-18 22:21:50 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2011-06-18 22:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark [2011-06-18 22:21:31 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2011-06-18 22:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar [2011-06-18 22:21:30 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2011-06-18 22:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Lexmark [2011-06-18 22:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2011-06-18 22:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2011-06-18 22:20:55 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeausb1.dll [2011-06-18 22:20:55 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeainpa.dll [2011-06-18 22:20:55 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEAhcp.dll [2011-06-18 22:20:55 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaiesc.dll [2011-06-18 22:20:54 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaserv.dll [2011-06-18 22:20:54 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeapmui.dll [2011-06-18 22:20:54 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxealmpm.dll [2011-06-18 22:20:53 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeahbn3.dll [2011-06-18 22:20:53 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaih.exe [2011-06-18 22:20:52 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomc.dll [2011-06-18 22:20:52 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacoms.exe [2011-06-18 22:20:52 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacfg.exe [2011-06-18 22:20:52 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomm.dll [2011-06-18 22:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark S300-S400 Series [2011-06-18 22:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\XP [2011-06-18 22:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Vista64 [2011-06-18 22:14:41 | 000,000,000 | ---D | C] -- C:\Temp [2011-06-18 22:14:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TOSHIBA [2011-06-18 22:14:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SDA [2011-06-18 22:14:06 | 000,290,304 | ---- | C] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys [2011-06-18 22:14:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2011-06-18 22:14:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\tiinst [2011-06-18 22:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\TOSHIBA [2011-06-18 22:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2011-06-18 22:07:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang [2011-06-18 22:05:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM [2011-06-18 22:04:55 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe [2011-06-18 22:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles [2011-06-18 22:00:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview [2011-06-18 22:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\XTreme-G Drivers [2011-06-18 21:59:59 | 000,000,000 | ---D | C] -- C:\nVidia Forceware [2011-06-18 21:55:28 | 000,000,000 | ---D | C] -- C:\Drivers [2011-06-18 21:18:37 | 000,000,000 | ---D | C] -- C:\NVIDIA [2011-06-18 20:56:48 | 000,000,000 | ---D | C] -- C:\Intel [2011-06-18 20:54:07 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2011-06-18 20:53:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2011-06-18 20:48:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011-06-18 20:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2011-06-18 20:29:04 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer [2011-06-18 20:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC [2011-06-18 20:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines [2011-06-18 20:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared [2011-06-18 20:28:55 | 000,000,000 | R--D | C] -- C:\Program Files [2011-06-18 20:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files [2011-06-18 20:28:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Menu Start [2011-06-18 20:28:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty [2011-06-18 20:28:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart [2011-06-18 20:28:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Szablony [2011-06-18 20:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Ulubione [2011-06-18 20:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Pulpit [2011-06-18 20:28:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2 [2011-06-18 20:28:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot [2011-06-18 20:27:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft [2011-06-18 20:27:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji [2011-06-18 20:27:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings [2011-06-18 20:27:30 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2011-06-18 20:20:51 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts [2011-06-18 20:20:51 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache [2011-06-18 20:20:51 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web [2011-06-18 20:20:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\system [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\security [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl-pl [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\java [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1045 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025 [2011-06-18 19:30:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2011-06-18 19:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2011-06-18 19:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Menu Start\Programy\WinRAR [2011-06-18 19:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\WinRAR [2011-06-18 19:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\WinRAR [2011-06-18 19:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2011-06-18 19:27:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Moje dokumenty\Downloads [2011-06-18 19:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Macromedia [2011-06-18 19:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Adobe [2011-06-18 19:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google [2011-06-18 19:24:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Kuba\UserData [2011-06-18 19:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\REALTEK 11n USB Wireless LAN Utility [2011-06-18 19:21:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS [2011-06-18 19:21:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RtlGina [2011-06-18 19:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK [2011-06-18 19:21:01 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2011-06-18 19:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Identities [2011-06-18 19:11:45 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information [2011-06-18 19:11:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kuba\Moje dokumenty\Moja muzyka [2011-06-18 19:11:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kuba\Moje dokumenty\Moje obrazy [2011-06-18 19:11:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Microsoft [2011-06-18 19:11:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Kuba\Cookies [2011-06-18 19:11:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kuba\SendTo [2011-06-18 19:11:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kuba\Recent [2011-06-18 19:11:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji [2011-06-18 19:11:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kuba\Ulubione [2011-06-18 19:11:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kuba\Moje dokumenty [2011-06-18 19:11:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kuba\Menu Start [2011-06-18 19:11:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kuba\Menu Start\Programy\Autostart [2011-06-18 19:11:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kuba\Menu Start\Programy\Akcesoria [2011-06-18 19:11:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kuba\Szablony [2011-06-18 19:11:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kuba\PrintHood [2011-06-18 19:11:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kuba\NetHood [2011-06-18 19:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Pulpit [2011-06-18 19:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft [2011-06-18 19:11:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne [2011-06-18 19:10:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2011-06-18 19:10:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2011-06-18 19:10:49 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft [2011-06-18 19:10:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2011-06-18 19:10:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2011-06-18 19:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2011-06-18 19:04:40 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2011-06-18 19:03:01 | 000,080,384 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2011-06-18 19:03:01 | 000,080,384 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2011-06-18 19:03:00 | 000,029,184 | ---- | C] (RICOH Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll [2011-06-18 19:01:41 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2011-06-18 19:01:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom [2011-06-18 19:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\xerox [2011-06-18 19:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage [2011-06-18 18:59:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM [2011-06-18 18:59:33 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files [2011-06-18 18:59:33 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages [2011-06-18 18:59:23 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate [2011-06-18 18:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Usługi online [2011-06-18 18:59:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX [2011-06-18 18:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services [2011-06-18 18:58:40 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks [2011-06-18 18:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap [2011-06-18 18:58:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst [2011-06-18 18:58:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed [2011-06-18 18:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker [2011-06-18 18:58:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore [2011-06-18 18:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting [2011-06-18 18:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express [2011-06-18 18:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System [2011-06-18 18:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer [2011-06-18 18:57:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje obrazy [2011-06-18 18:57:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Gry [2011-06-18 18:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications [2011-06-18 18:56:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Narzędzia administracyjne [2011-06-18 18:56:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration [2011-06-18 18:56:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moja muzyka [2011-06-18 18:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player [2011-06-18 18:56:28 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger [2011-06-18 18:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone [2011-06-18 18:56:00 | 000,283,136 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe [2011-06-18 18:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT [2011-06-18 18:55:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc [2011-06-18 18:55:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com [2011-06-18 18:55:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje wideo [2011-06-18 18:54:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Akcesoria [2006-12-12 10:13:20 | 000,032,768 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Documents and Settings\All Users\Dane aplikacji\EBLib.dll [2006-07-28 15:25:26 | 000,019,456 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Documents and Settings\All Users\Dane aplikacji\LPCFilter.sys [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-06-27 19:09:00 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1326574676-1177238915-1003UA.job [2011-06-27 17:21:53 | 000,000,984 | ---- | M] () -- C:\WINDOWS\ssconf2.bin [2011-06-27 17:16:11 | 000,044,239 | ---- | M] () -- C:\sound32.dll [2011-06-27 14:26:47 | 000,000,101 | ---- | M] () -- C:\Documents and Settings\Kuba\.Xauthority [2011-06-27 03:41:53 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-06-27 03:09:01 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1326574676-1177238915-1003Core.job [2011-06-27 02:19:55 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Light Image Resizer 4.lnk [2011-06-26 14:59:46 | 000,210,919 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011-06-26 14:59:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-06-26 14:00:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-06-26 01:00:21 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2011-06-25 22:19:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011-06-25 22:17:20 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\iTunes.lnk [2011-06-25 22:11:59 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\QuickTime Player.lnk [2011-06-25 22:01:06 | 000,000,770 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011-06-24 19:36:55 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\HiJackThis.lnk [2011-06-24 14:13:16 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-06-23 01:01:03 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\NapiProjekt.lnk [2011-06-22 18:29:44 | 000,001,773 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Shell.lnk [2011-06-22 18:28:28 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\NX Client for Windows.lnk [2011-06-22 16:45:48 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\FileZilla.lnk [2011-06-22 16:34:27 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System32\secustat.dat [2011-06-22 16:33:40 | 000,000,025 | ---- | M] () -- C:\WINDOWS\libem.INI [2011-06-22 03:05:37 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Google Chrome.lnk [2011-06-22 00:53:12 | 000,001,243 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Ptasie Mleczko.rtf [2011-06-22 00:51:06 | 000,001,136 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Krem czekoladowy.rtf [2011-06-22 00:50:48 | 000,000,992 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Ciasto Marchewkowe.rtf [2011-06-22 00:32:10 | 000,001,178 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Serniczek.rtf [2011-06-22 00:04:31 | 000,001,410 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Chleb Dukana.rtf [2011-06-21 20:40:57 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Kadu.lnk [2011-06-20 14:55:13 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\OldOpera.lnk [2011-06-20 14:40:54 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\SimAQUARIUM v2.06 Tank-1.lnk [2011-06-20 08:38:14 | 001,123,840 | ---- | M] (Karol Winnicki) -- C:\Documents and Settings\Kuba\Pulpit\BESTplayer.exe [2011-06-20 07:38:25 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2011-06-19 18:21:51 | 000,000,313 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Kuba - Utrata Wagi.html [2011-06-19 16:09:36 | 000,448,586 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-06-19 16:09:36 | 000,392,630 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-06-19 16:09:36 | 000,074,648 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-06-19 16:09:36 | 000,058,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-06-18 22:27:00 | 000,198,605 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf [2011-06-18 22:21:52 | 000,002,644 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011-06-18 22:07:39 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Mój komputer.lnk [2011-06-18 22:07:37 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Moje dokumenty.lnk [2011-06-18 22:07:01 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav [2011-06-18 22:07:01 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav [2011-06-18 20:53:23 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF [2011-06-18 19:22:06 | 000,001,828 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\REALTEK 11n USB Wireless LAN Utility.lnk [2011-06-18 19:22:00 | 000,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2011-06-18 19:04:44 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD [2011-06-18 19:03:35 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2011-06-18 19:00:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011-06-18 19:00:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011-06-18 19:00:40 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011-06-18 19:00:40 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2011-06-18 19:00:37 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2011-06-18 19:00:36 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2011-06-18 19:00:36 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2011-06-18 19:00:25 | 000,004,293 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2011-06-18 18:57:11 | 000,021,856 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2011-06-18 18:54:18 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2011-06-16 09:00:00 | 000,073,216 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-06-16 09:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini [2011-06-02 01:15:52 | 000,243,200 | ---- | M] () -- C:\WINDOWS\System32\xvidvfw.dll [2011-06-02 01:10:30 | 000,644,608 | ---- | M] () -- C:\WINDOWS\System32\xvidcore.dll [2011-05-10 13:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2011-05-10 13:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2011-05-10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2011-05-10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2011-05-10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2011-05-10 13:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2011-05-10 13:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2011-05-10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2011-05-10 12:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2011-05-10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-06-27 02:19:55 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Light Image Resizer 4.lnk [2011-06-26 01:00:22 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Opera.lnk [2011-06-26 01:00:21 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2011-06-25 22:19:08 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011-06-25 22:17:20 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\iTunes.lnk [2011-06-25 22:11:59 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\QuickTime Player.lnk [2011-06-25 20:28:13 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Apple Software Update.lnk [2011-06-24 19:36:12 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\HiJackThis.lnk [2011-06-23 01:01:03 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\NapiProjekt.lnk [2011-06-22 18:30:14 | 000,000,101 | ---- | C] () -- C:\Documents and Settings\Kuba\.Xauthority [2011-06-22 18:29:44 | 000,001,773 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Shell.lnk [2011-06-22 18:28:28 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\NX Client for Windows.lnk [2011-06-22 16:45:48 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\FileZilla.lnk [2011-06-22 16:34:27 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat [2011-06-22 16:33:40 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI [2011-06-22 03:05:37 | 000,002,295 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Google Chrome.lnk [2011-06-22 03:04:49 | 000,001,128 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1326574676-1177238915-1003UA.job [2011-06-22 03:04:48 | 000,001,076 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1326574676-1177238915-1003Core.job [2011-06-22 00:53:12 | 000,001,243 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Ptasie Mleczko.rtf [2011-06-22 00:51:06 | 000,001,136 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Krem czekoladowy.rtf [2011-06-22 00:50:48 | 000,000,992 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Ciasto Marchewkowe.rtf [2011-06-22 00:32:10 | 000,001,178 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Serniczek.rtf [2011-06-22 00:04:31 | 000,001,410 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Chleb Dukana.rtf [2011-06-21 20:40:57 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Kadu.lnk [2011-06-20 14:56:25 | 000,002,070 | ---- | C] () -- C:\Documents and Settings\Kuba\Menu Start\Programy\SimAquarium.lnk [2011-06-20 14:55:19 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\OldOpera.lnk [2011-06-20 14:40:54 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\SimAQUARIUM v2.06 Tank-1.lnk [2011-06-20 14:31:29 | 000,044,239 | ---- | C] () -- C:\sound32.dll [2011-06-20 14:29:25 | 000,000,984 | ---- | C] () -- C:\WINDOWS\ssconf2.bin [2011-06-20 08:40:52 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-06-20 08:38:54 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011-06-20 08:38:54 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2011-06-20 08:38:49 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml [2011-06-20 08:38:48 | 000,644,608 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011-06-20 08:38:48 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011-06-20 08:38:47 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-06-20 08:08:50 | 000,002,092 | ---- | C] () -- C:\Documents and Settings\Kuba\Menu Start\Programy\Spirograph.lnk [2011-06-20 07:38:25 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2011-06-19 18:21:50 | 000,000,313 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Kuba - Utrata Wagi.html [2011-06-19 06:23:17 | 000,000,634 | ---- | C] () -- C:\WINDOWS\System32\MAPISVC.INF [2011-06-18 22:35:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll [2011-06-18 22:24:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxeavs.dll [2011-06-18 22:23:59 | 000,070,133 | ---- | C] () -- C:\WINDOWS\System32\lxeaprpr.chm [2011-06-18 22:23:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxeagcfg.dll [2011-06-18 22:23:57 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeacui.dll [2011-06-18 22:23:57 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeacuir.dll [2011-06-18 22:23:57 | 000,008,694 | ---- | C] () -- C:\WINDOWS\System32\lxeacommuilogo_rtl.bmp [2011-06-18 22:23:57 | 000,008,694 | ---- | C] () -- C:\WINDOWS\System32\lxeacommuilogo.bmp [2011-06-18 22:21:12 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxearwrd.ini [2011-06-18 22:20:56 | 000,198,605 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf [2011-06-18 22:20:55 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEAinst.dll [2011-06-18 22:20:53 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxeains.dll [2011-06-18 22:20:53 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxeainsb.dll [2011-06-18 22:20:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxeagrd.dll [2011-06-18 22:20:53 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeainsr.dll [2011-06-18 22:20:53 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxeajswr.dll [2011-06-18 22:20:52 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeacu.dll [2011-06-18 22:20:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeacub.dll [2011-06-18 22:20:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeacur.dll [2011-06-18 22:20:51 | 000,002,106 | ---- | C] () -- C:\WINDOWS\System32\lxea.loc [2011-06-18 22:20:17 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\LXEAsmr.dll [2011-06-18 22:20:16 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEAsm.dll [2011-06-18 22:15:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL [2011-06-18 22:13:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll [2011-06-18 22:07:39 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Mój komputer.lnk [2011-06-18 22:07:37 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Moje dokumenty.lnk [2011-06-18 22:07:01 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav [2011-06-18 22:07:01 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav [2011-06-18 22:05:38 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011-06-18 22:05:07 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ3.dat [2011-06-18 22:05:07 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ2.dat [2011-06-18 22:05:07 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat [2011-06-18 22:00:26 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2011-06-18 22:00:26 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2011-06-18 22:00:26 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2011-06-18 22:00:26 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2011-06-18 22:00:26 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2011-06-18 22:00:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2011-06-18 22:00:26 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2011-06-18 22:00:26 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2011-06-18 22:00:26 | 000,210,919 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml [2011-06-18 22:00:26 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl [2011-06-18 22:00:26 | 000,018,795 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu [2011-06-18 20:53:23 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF [2011-06-18 20:29:03 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011-06-18 20:29:01 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd [2011-06-18 20:29:00 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa [2011-06-18 20:29:00 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf [2011-06-18 20:28:59 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa [2011-06-18 20:28:38 | 000,001,734 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2011-06-18 20:28:20 | 000,399,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2011-06-18 20:28:20 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat [2011-06-18 20:28:20 | 000,105,628 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat [2011-06-18 20:28:20 | 000,037,509 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2011-06-18 20:28:20 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat [2011-06-18 20:28:20 | 000,033,765 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT [2011-06-18 20:28:20 | 000,016,825 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT [2011-06-18 20:28:20 | 000,013,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2011-06-18 20:28:20 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT [2011-06-18 20:28:20 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT [2011-06-18 20:28:20 | 000,008,599 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2011-06-18 20:28:20 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2011-06-18 20:28:20 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat [2011-06-18 20:28:19 | 002,033,887 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT [2011-06-18 20:28:19 | 001,246,357 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT [2011-06-18 20:28:19 | 000,808,524 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2011-06-18 20:28:19 | 000,634,012 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT [2011-06-18 20:27:30 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-06-18 20:26:27 | 000,000,211 | -HS- | C] () -- C:\boot.ini [2011-06-18 20:26:22 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf [2011-06-18 19:22:06 | 000,001,828 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\REALTEK 11n USB Wireless LAN Utility.lnk [2011-06-18 19:21:56 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2011-06-18 19:21:05 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2011-06-18 19:11:48 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Kuba\Menu Start\Programy\Outlook Express.lnk [2011-06-18 19:11:46 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Kuba\Menu Start\Programy\Internet Explorer.lnk [2011-06-18 19:11:37 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Kuba\Menu Start\Programy\Pomoc zdalna.lnk [2011-06-18 19:11:37 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Kuba\Menu Start\Programy\Windows Media Player.lnk [2011-06-18 19:04:44 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD [2011-06-18 19:03:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011-06-18 19:02:54 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll [2011-06-18 19:02:31 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2011-06-18 19:02:25 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2011-06-18 19:02:23 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2011-06-18 19:02:21 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2011-06-18 19:02:08 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll [2011-06-18 19:02:02 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2011-06-18 19:01:58 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll [2011-06-18 19:01:44 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2011-06-18 19:00:40 | 000,002,644 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT [2011-06-18 19:00:40 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2011-06-18 19:00:40 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2011-06-18 19:00:40 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS [2011-06-18 19:00:40 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT [2011-06-18 19:00:36 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb [2011-06-18 19:00:36 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb [2011-06-18 19:00:35 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx [2011-06-18 18:59:22 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Windows Movie Maker.lnk [2011-06-18 18:59:07 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex [2011-06-18 18:58:51 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp [2011-06-18 18:58:51 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp [2011-06-18 18:58:45 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf [2011-06-18 18:58:04 | 000,380,416 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll [2011-06-18 18:57:13 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Windows Messenger.lnk [2011-06-18 18:57:11 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011-06-18 18:56:11 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Pod mikroskopem.bmp [2011-06-18 18:56:11 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Stiuk z Santa Fe.bmp [2011-06-18 18:56:11 | 000,026,680 | ---- | C] () -- C:\WINDOWS\Wachlarze.bmp [2011-06-18 18:56:11 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Nefryt.bmp [2011-06-18 18:56:11 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rododendron.bmp [2011-06-18 18:56:11 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Na rybkach.bmp [2011-06-18 18:56:11 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Indiański pled.bmp [2011-06-18 18:56:10 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Bąbelki.bmp [2011-06-18 18:56:10 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Kawa.bmp [2011-06-18 18:56:10 | 000,016,730 | ---- | C] () -- C:\WINDOWS\Puch.bmp [2011-06-18 18:56:10 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Niebieska koronka 16.bmp [2011-06-18 18:56:07 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h [2011-06-18 18:56:07 | 000,001,225 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd [2011-06-18 18:56:06 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h [2011-06-18 18:56:01 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc [2008-04-14 22:16:20 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006-12-31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006-01-04 09:59:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2003-01-28 00:09:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\libexpat.dll [2001-10-26 19:15:16 | 000,448,586 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2001-10-26 19:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2001-10-26 19:15:16 | 000,074,648 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2001-10-26 19:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2001-08-23 16:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001-08-23 16:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001-08-18 00:30:24 | 000,392,630 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001-08-18 00:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001-08-18 00:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001-08-18 00:30:22 | 000,058,930 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001-08-18 00:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001-07-22 01:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001-07-22 01:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001-07-22 01:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [color=#E56717]========== LOP Check ==========[/color] [2011-06-18 22:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2011-06-19 16:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2011-06-21 00:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl [2011-06-18 22:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Vista64 [2011-06-18 22:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\XP [2011-06-25 20:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011-06-20 08:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\BESTplayer [2011-06-22 16:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\BITS [2011-06-20 07:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\DAEMON Tools [2011-06-27 17:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\FileZilla [2011-06-22 16:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\FlashGet [2011-06-22 16:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\FlashGetBHO [2011-06-19 19:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Gadu-Gadu 10 [2011-06-27 14:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Kadu [2011-06-27 02:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\ObviousIdea [2011-06-26 01:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Opera [2011-06-21 00:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Tlen.pl [2011-06-22 16:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\uTorrent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2011-06-18 19:00:40 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2011-06-18 18:54:18 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2001-07-22 01:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2011-06-18 19:00:40 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011-06-18 19:00:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011-06-18 19:00:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-04-13 21:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-13 23:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2011-06-26 14:59:15 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2011-06-27 17:16:11 | 000,044,239 | ---- | M] () -- C:\sound32.dll [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-14 22:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-04-14 22:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-18 00:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-18 00:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-04-14 22:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 21:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008-04-14 21:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008-04-13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] Extras.TXT (OTL): [log]OTL Extras logfile created on: 2011-06-27 19:31:39 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Kuba\Moje dokumenty\Downloads Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 53,02% Memory free 3,85 Gb Paging File | 3,02 Gb Available in Paging File | 78,49% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 43,42 Gb Total Space | 32,52 Gb Free Space | 74,90% Space Free | Partition Type: NTFS Drive D: | 68,36 Gb Total Space | 51,71 Gb Free Space | 75,64% Space Free | Partition Type: NTFS Drive G: | 3,74 Gb Total Space | 3,61 Gb Free Space | 96,60% Space Free | Partition Type: FAT32 Computer Name: COMPANY | User Name: Kuba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1844237615-1326574676-1177238915-1003\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot "1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot "53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.) "C:\WINDOWS\system32\lxeacoms.exe" = C:\WINDOWS\system32\lxeacoms.exe:*:Enabled:S300-S400 Series Server -- ( ) "C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software)) "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\OldOpera\opera.exe" = C:\Program Files\OldOpera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\Tlen.pl\tlen.exe" = C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 "C:\Program Files\NX Client for Windows\nxclient.exe" = C:\Program Files\NX Client for Windows\nxclient.exe:*:Enabled:nxclient -- () "C:\Program Files\NX Client for Windows\bin\nxssh.exe" = C:\Program Files\NX Client for Windows\bin\nxssh.exe:*:Enabled:nxssh -- () [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls Driver "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C441297F-C9F2-4177-9D5F-1B10F0358E32}" = Opera 10.54 "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI "{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.0.6.8 "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "avast" = avast! Free Antivirus "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "ENTERPRISE" = Microsoft Office Enterprise 2007 "FileZilla Client" = FileZilla Client 3.5.0 "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers. "Kadu" = Kadu 0.9.2 "KLiteCodecPack_is1" = K-Lite Codec Pack 7.2.0 (Full) "Lexmark S300-S400 Series" = Lexmark S300-S400 Series "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "NVIDIA Drivers" = NVIDIA Drivers "nxclient_is1" = NX Client for Windows 3.5.0-5 "Opera 11.11.2109" = Opera 11.11 "SimAQUARIUM2 Tank-1 Screensaver_is1" = SimAQUARIUM2 Tank-1 Screensaver "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.01 (32-bitowy) "XTreme-G Drivers_is1" = XTreme-G 182.06m XP 32bit [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1844237615-1326574676-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "SimAquarium" = SimAquarium "Spirograph" = Spirograph [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-06-22 17:19:44 | Computer Name = COMPANY | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd nxclient.exe, wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00d81e2c. Error - 2011-06-25 17:21:54 | Computer Name = COMPANY | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd kadu.exe, wersja 0.6.6.0, moduł powodujący błąd qtwebkit4.dll, wersja 4.7.3.0, adres błędu 0x006cfce6. [ System Events ] Error - 2011-06-24 09:13:39 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą lxeaCATSCustConnectService. Error - 2011-06-24 09:13:39 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lxeaCATSCustConnectService z powodu następującego błędu: %%1053 Error - 2011-06-25 01:04:08 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą lxeaCATSCustConnectService. Error - 2011-06-25 01:04:08 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lxeaCATSCustConnectService z powodu następującego błędu: %%1053 Error - 2011-06-26 09:00:57 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą lxeaCATSCustConnectService. Error - 2011-06-26 09:00:57 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lxeaCATSCustConnectService z powodu następującego błędu: %%1053 Error - 2011-06-26 09:47:46 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7011 Description = Limit czasu (30000 milisekund) podczas oczekiwania na odpowiedź transakcji z usługi stisvc. Error - 2011-06-26 09:48:16 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7011 Description = Limit czasu (30000 milisekund) podczas oczekiwania na odpowiedź transakcji z usługi stisvc. Error - 2011-06-26 09:59:54 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą lxeaCATSCustConnectService. Error - 2011-06-26 09:59:54 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lxeaCATSCustConnectService z powodu następującego błędu: %%1053 < End of report > [/log] RSIT info.TXT: [log]info.txt logfile of random's system information tool 1.08 2011-06-27 19:41:06 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Apple Application Support-->MsiExec.exe /I{B3575D00-27EF-49C2-B9E0-14B3D954E992} Apple Mobile Device Support-->MsiExec.exe /I{C23CD6DA-1958-43A5-ADD0-59396572E02E} Apple Software Update-->MsiExec.exe /I{C6579A65-9CAE-4B31-8B6B-3306E0630A66} avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup Bonjour-->MsiExec.exe /X{C2E4B5BD-32DB-4817-A060-341AB17C3F90} DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe FileZilla Client 3.5.0-->C:\Program Files\FileZilla FTP Client\uninstall.exe HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} iTunes-->MsiExec.exe /I{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA} Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF} Kadu 0.9.2-->C:\Program Files\Kadu\uninst.exe K-Lite Codec Pack 7.2.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Lexmark S300-S400 Series-->C:\Program Files\Lexmark S300-S400 Series\Install\x86\instgui.exe /u Light Image Resizer 4.0.6.8-->"C:\Program Files\ObviousIdea\Image Resizer 4\unins000.exe" Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Office Access MUI (Polish) 2007-->MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE} Microsoft Office Groove MUI (Polish) 2007-->MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Polish) 2007-->MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE} Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE} Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE} Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE} Microsoft Office Publisher MUI (Polish) 2007-->MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE} Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE} Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} NapiProjekt 1.0.6.9-->"C:\Program Files\NAPI-PROJEKT\unins000.exe" NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NX Client for Windows 3.5.0-5-->"C:\Program Files\NX Client for Windows\unins000.exe" Opera 10.54-->MsiExec.exe /X{C441297F-C9F2-4177-9D5F-1B10F0358E32} Opera 11.11-->"C:\Program Files\Opera\Opera.exe" /uninstall QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C} Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x15 -removeonly REALTEK Wireless LAN Driver and Utility-->C:\Program Files\InstallShield Installation Information\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}\Install.exe -uninst -l0x15 SimAQUARIUM2 Tank-1 Screensaver-->"C:\Program Files\SimAQUARIUM2\unins000.exe" Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0409 TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7} WinRAR 4.01 (32-bitowy)-->C:\Program Files\WinRAR\uninstall.exe XTreme-G 182.06m XP 32bit-->"C:\nVidia Forceware\XTreme-G 182.06m XP 32bit\unins000.exe" ======Hosts File====== 74.208.10.249 gs.apple.com ======System event log====== Computer Name: COMPANY Event Code: 15007 Message: Pomyślnie dodano rezerwację przestrzeni nazw, identyfikowaną przez prefiks adresu URL http://*:2869/. Record Number: 5 Source Name: HTTP Time Written: 20110618185922.000000+060 Event Type: informacje User: Computer Name: COMPANY Event Code: 3260 Message: Ten komputer został pomyślnie przyłączony do workgroup „GRUPA_ROBOCZA”. Record Number: 4 Source Name: Workstation Time Written: 20110618185535.000000+060 Event Type: informacje User: Computer Name: COMPANY Event Code: 6011 Message: Nazwa NetBIOS i nazwa hosta DNS tego komputera uległy zmianie z MACHINENAME na COMPANY. Record Number: 3 Source Name: EventLog Time Written: 20110618185421.000000+060 Event Type: informacje User: Computer Name: MACHINENAME Event Code: 6005 Message: Uruchomiono usługę Dziennik zdarzeń. Record Number: 2 Source Name: EventLog Time Written: 20110618202741.000000+060 Event Type: informacje User: Computer Name: MACHINENAME Event Code: 6009 Message: Microsoft (R) Windows (R) 5.01. 2600 Dodatek Service Pack 3 Multiprocessor Free. Record Number: 1 Source Name: EventLog Time Written: 20110618202741.000000+060 Event Type: informacje User: =====Application event log===== Computer Name: COMPANY Event Code: 1000 Message: Liczniki wydajności dla usługi MSDTC (MSDTC) zostały pomyślnie załadowane. Dane rekordu zawierają nowe wartości indeksu przypisane do tej usługi. Record Number: 5 Source Name: LoadPerf Time Written: 20110618185640.000000+060 Event Type: informacje User: Computer Name: COMPANY Event Code: 1000 Message: Liczniki wydajności dla usługi TermService (Usługi terminalowe) zostały pomyślnie załadowane. Dane rekordu zawierają nowe wartości indeksu przypisane do tej usługi. Record Number: 4 Source Name: LoadPerf Time Written: 20110618185636.000000+060 Event Type: informacje User: Computer Name: COMPANY Event Code: 1000 Message: Liczniki wydajności dla usługi RemoteAccess (Routing i dostęp zdalny) zostały pomyślnie załadowane. Dane rekordu zawierają nowe wartości indeksu przypisane do tej usługi. Record Number: 3 Source Name: LoadPerf Time Written: 20110618185518.000000+060 Event Type: informacje User: Computer Name: COMPANY Event Code: 1000 Message: Liczniki wydajności dla usługi PSched (PSched) zostały pomyślnie załadowane. Dane rekordu zawierają nowe wartości indeksu przypisane do tej usługi. Record Number: 2 Source Name: LoadPerf Time Written: 20110618185438.000000+060 Event Type: informacje User: Computer Name: COMPANY Event Code: 1000 Message: Liczniki wydajności dla usługi RSVP (QoS RSVP) zostały pomyślnie załadowane. Dane rekordu zawierają nowe wartości indeksu przypisane do tej usługi. Record Number: 1 Source Name: LoadPerf Time Written: 20110618185436.000000+060 Event Type: informacje User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel "PROCESSOR_REVISION"=0e0c "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "asl.log"=Destination=file "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- [/log] RSIT log.TXT: [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Kuba at 2011-06-27 19:40:58 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 33 GB (75%) free of 44 GB Total RAM: 2046 MB (51% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:41:03, on 2011-06-27 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxeacoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TDispVol.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe C:\Program Files\Lexmark S300-S400 Series\ezprint.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Kadu\kadu.exe C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Program Files\FileZilla FTP Client\filezilla.exe C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\WINDOWS\notepad.exe C:\WINDOWS\notepad.exe C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\RSIT.exe C:\Program Files\trend micro\Kuba.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 74.208.10.249 gs.apple.com O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [lxeamon.exe] "C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark S300-S400 Series\ezprint.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Usługa Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxeaCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe O23 - Service: lxea_device - - C:\WINDOWS\system32\lxeacoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8100 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1326574676-1177238915-1003Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1326574676-1177238915-1003UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-24 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-06-24 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-04-21 1000768] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-09 13680640] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-02-09 86016] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-08-10 16384000] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-07-25 888832] "TFncKy"=TFncKy.exe [] "TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-12-27 73728] "TCtryIOHook"=C:\WINDOWS\system32\TCtrlIOHook.exe [2007-06-30 28672] "lxeamon.exe"=C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe [2010-05-05 770728] "EzPrint"=C:\Program Files\Lexmark S300-S400 Series\ezprint.exe [2010-05-05 148280] "avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-05-10 3459712] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-04-20 58656] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-06-07 421160] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952] "Komunikator"=C:\Program Files\Tlen.pl\tlen.exe [] "Google Update"=C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-06-22 136176] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart REALTEK 11n USB Wireless LAN Utility.lnk - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe"="C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan" "C:\WINDOWS\system32\lxeacoms.exe"="C:\WINDOWS\system32\lxeacoms.exe:*:Enabled:S300-S400 Series Server" "C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe"="C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10" "C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser" "C:\Program Files\OldOpera\opera.exe"="C:\Program Files\OldOpera\opera.exe:*:Enabled:Opera Internet Browser" "C:\Program Files\Tlen.pl\tlen.exe"="C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl" "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3" "C:\Program Files\NX Client for Windows\nxclient.exe"="C:\Program Files\NX Client for Windows\nxclient.exe:*:Enabled:nxclient" "C:\Program Files\NX Client for Windows\bin\nxssh.exe"="C:\Program Files\NX Client for Windows\bin\nxssh.exe:*:Enabled:nxssh" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Usługa Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2011-06-27 19:40:58 ----D---- C:\rsit 2011-06-27 02:20:17 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\ObviousIdea 2011-06-27 02:19:50 ----D---- C:\Program Files\ObviousIdea 2011-06-25 22:24:51 ----D---- C:\WINDOWS\system32\LogFiles 2011-06-25 22:16:34 ----D---- C:\Program Files\iPod 2011-06-25 22:16:29 ----D---- C:\Program Files\iTunes 2011-06-25 22:11:39 ----D---- C:\Program Files\QuickTime 2011-06-25 22:09:02 ----D---- C:\Program Files\Bonjour 2011-06-25 22:07:30 ----SHD---- C:\Config.Msi 2011-06-25 20:30:43 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\Apple Computer 2011-06-25 20:30:19 ----A---- C:\WINDOWS\system32\GEARAspi.dll 2011-06-25 20:30:19 ----A---- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 2011-06-25 20:29:22 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2011-06-25 20:28:26 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2011-06-25 20:28:11 ----D---- C:\Program Files\Apple Software Update 2011-06-25 20:28:00 ----A---- C:\WINDOWS\system32\usbaaplrc.dll 2011-06-25 20:28:00 ----A---- C:\WINDOWS\system32\drivers\usbaapl.sys 2011-06-25 20:27:13 ----D---- C:\Program Files\Common Files\Apple 2011-06-25 20:27:13 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Apple 2011-06-24 22:14:45 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Sun 2011-06-24 22:14:43 ----D---- C:\Program Files\Common Files\Java 2011-06-24 22:14:37 ----D---- C:\WINDOWS\Sun 2011-06-24 22:14:20 ----A---- C:\WINDOWS\system32\javaws.exe 2011-06-24 22:14:20 ----A---- C:\WINDOWS\system32\javaw.exe 2011-06-24 22:14:20 ----A---- C:\WINDOWS\system32\java.exe 2011-06-24 22:14:20 ----A---- C:\WINDOWS\system32\deployJava1.dll 2011-06-24 22:14:03 ----D---- C:\Program Files\Java 2011-06-24 22:13:26 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\Sun 2011-06-24 19:36:12 ----D---- C:\Program Files\Trend Micro 2011-06-23 18:55:05 ----A---- C:\WINDOWS\system32\msonpmon.dll 2011-06-23 18:54:06 ----D---- C:\Program Files\Microsoft Works 2011-06-23 18:53:51 ----D---- C:\Program Files\MSBuild 2011-06-23 18:53:19 ----D---- C:\Program Files\Microsoft Visual Studio 2011-06-23 18:53:19 ----D---- C:\Program Files\Common Files\DESIGNER 2011-06-23 18:52:18 ----D---- C:\Program Files\Microsoft.NET 2011-06-23 18:50:22 ----D---- C:\Program Files\Microsoft Visual Studio 8 2011-06-23 18:49:17 ----D---- C:\WINDOWS\SHELLNEW 2011-06-23 18:48:48 ----D---- C:\Program Files\Microsoft Office 2011-06-23 18:48:47 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2011-06-23 18:48:19 ----RHD---- C:\MSOCache 2011-06-23 01:01:01 ----D---- C:\Program Files\NAPI-PROJEKT 2011-06-22 23:46:57 ----A---- C:\WINDOWS\system32\ptpusb.dll 2011-06-22 23:46:55 ----A---- C:\WINDOWS\system32\ptpusd.dll 2011-06-22 18:28:26 ----D---- C:\Program Files\NX Client for Windows 2011-06-22 16:46:02 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\FileZilla 2011-06-22 16:45:44 ----D---- C:\Program Files\FileZilla FTP Client 2011-06-22 16:33:40 ----A---- C:\WINDOWS\libem.INI 2011-06-22 16:32:05 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\BITS 2011-06-22 16:32:04 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\FlashGet 2011-06-22 16:31:56 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\FlashGetBHO 2011-06-22 16:31:53 ----D---- C:\Program Files\FlashGet Network 2011-06-21 20:41:08 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\Kadu 2011-06-21 20:40:20 ----D---- C:\Program Files\Kadu 2011-06-21 00:32:32 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\Tlen.pl 2011-06-21 00:32:32 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl 2011-06-21 00:31:13 ----D---- C:\Program Files\Tlen.pl 2011-06-20 14:53:27 ----D---- C:\Program Files\OldOpera 2011-06-20 14:40:54 ----D---- C:\Program Files\SimAQUARIUM2 2011-06-20 14:37:12 ----D---- C:\Program Files\OldOpera 9 2011-06-20 14:31:29 ----A---- C:\sound32.dll 2011-06-20 08:39:15 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\BESTplayer 2011-06-20 08:38:54 ----A---- C:\WINDOWS\system32\unrar.dll 2011-06-20 08:38:54 ----A---- C:\WINDOWS\avisplitter.ini 2011-06-20 08:38:48 ----A---- C:\WINDOWS\system32\yv12vfw.dll 2011-06-20 08:38:48 ----A---- C:\WINDOWS\system32\xvidvfw.dll 2011-06-20 08:38:48 ----A---- C:\WINDOWS\system32\xvidcore.dll 2011-06-20 08:38:47 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest 2011-06-20 08:38:47 ----A---- C:\WINDOWS\system32\ff_vfw.dll 2011-06-20 08:38:44 ----D---- C:\Program Files\K-Lite Codec Pack 2011-06-20 07:59:02 ----D---- C:\Program Files\ReflexiveArcade 2011-06-20 07:42:08 ----D---- C:\Program Files\Formosoft 2011-06-20 07:39:25 ----D---- C:\Program Files\DAEMON Tools Toolbar 2011-06-20 07:38:19 ----D---- C:\Program Files\DAEMON Tools Lite 2011-06-20 07:35:44 ----A---- C:\WINDOWS\system32\drivers\sptd.sys 2011-06-20 07:35:39 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\DAEMON Tools 2011-06-20 00:22:33 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\Opera 2011-06-20 00:22:16 ----D---- C:\Program Files\Opera 2011-06-19 16:16:36 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\Gadu-Gadu 10 2011-06-19 16:16:25 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 2011-06-19 16:14:54 ----D---- C:\WINDOWS\SxsCaPendDel 2011-06-19 07:08:27 ----D---- C:\Program Files\ARAX Disk Doctor Data Recovery 2011-06-19 06:22:47 ----D---- C:\Program Files\Ontrack 2011-06-19 05:52:50 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\uTorrent 2011-06-18 22:50:11 ----D---- C:\Program Files\Convar 2011-06-18 22:35:00 ----A---- C:\WINDOWS\system32\vusetup.dll 2011-06-18 22:35:00 ----A---- C:\WINDOWS\system32\drivers\vulfntr.sys 2011-06-18 22:35:00 ----A---- C:\WINDOWS\system32\drivers\vulfnth.sys 2011-06-18 22:34:49 ----A---- C:\WINDOWS\IsUn0415.exe 2011-06-18 22:24:14 ----A---- C:\WINDOWS\system32\lxeavs.dll 2011-06-18 22:24:07 ----A---- C:\WINDOWS\system32\lxeacoin.dll 2011-06-18 22:23:59 ----A---- C:\WINDOWS\system32\lxk_gf.dll 2011-06-18 22:23:58 ----A---- C:\WINDOWS\system32\lxeagcfg.dll 2011-06-18 22:23:57 ----A---- C:\WINDOWS\system32\lxeacuir.dll 2011-06-18 22:23:57 ----A---- C:\WINDOWS\system32\lxeacui.dll 2011-06-18 22:23:47 ----A---- C:\WINDOWS\system32\wiafbdrv.dll 2011-06-18 22:23:45 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys 2011-06-18 22:22:51 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint 2011-06-18 22:22:31 ----A---- C:\WINDOWS\system32\LXEAwupd.exe 2011-06-18 22:22:31 ----A---- C:\WINDOWS\system32\LXEAwupd.dll 2011-06-18 22:21:56 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys 2011-06-18 22:21:56 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys 2011-06-18 22:21:54 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys 2011-06-18 22:21:53 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys 2011-06-18 22:21:53 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys 2011-06-18 22:21:51 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys 2011-06-18 22:21:51 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys 2011-06-18 22:21:50 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys 2011-06-18 22:21:49 ----D---- C:\Program Files\Lexmark 2011-06-18 22:21:31 ----D---- C:\Program Files\Lexmark Toolbar 2011-06-18 22:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe 2011-06-18 22:21:14 ----D---- C:\Program Files\AVAST Software 2011-06-18 22:21:14 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software 2011-06-18 22:21:12 ----AH---- C:\WINDOWS\system32\lxearwrd.ini 2011-06-18 22:20:55 ----A---- C:\WINDOWS\system32\lxeausb1.dll 2011-06-18 22:20:55 ----A---- C:\WINDOWS\system32\LXEAinst.dll 2011-06-18 22:20:55 ----A---- C:\WINDOWS\system32\lxeainpa.dll 2011-06-18 22:20:55 ----A---- C:\WINDOWS\system32\lxeaiesc.dll 2011-06-18 22:20:55 ----A---- C:\WINDOWS\system32\LXEAhcp.dll 2011-06-18 22:20:54 ----A---- C:\WINDOWS\system32\lxeaserv.dll 2011-06-18 22:20:54 ----A---- C:\WINDOWS\system32\lxeapmui.dll 2011-06-18 22:20:54 ----A---- C:\WINDOWS\system32\lxealmpm.dll 2011-06-18 22:20:53 ----A---- C:\WINDOWS\system32\lxeajswr.dll 2011-06-18 22:20:53 ----A---- C:\WINDOWS\system32\lxeainsr.dll 2011-06-18 22:20:53 ----A---- C:\WINDOWS\system32\lxeainsb.dll 2011-06-18 22:20:53 ----A---- C:\WINDOWS\system32\lxeains.dll 2011-06-18 22:20:53 ----A---- C:\WINDOWS\system32\lxeaih.exe 2011-06-18 22:20:53 ----A---- C:\WINDOWS\system32\lxeahbn3.dll 2011-06-18 22:20:53 ----A---- C:\WINDOWS\system32\lxeagrd.dll 2011-06-18 22:20:52 ----A---- C:\WINDOWS\system32\lxeacur.dll 2011-06-18 22:20:52 ----A---- C:\WINDOWS\system32\lxeacub.dll 2011-06-18 22:20:52 ----A---- C:\WINDOWS\system32\lxeacu.dll 2011-06-18 22:20:52 ----A---- C:\WINDOWS\system32\lxeacoms.exe 2011-06-18 22:20:52 ----A---- C:\WINDOWS\system32\lxeacomm.dll 2011-06-18 22:20:52 ----A---- C:\WINDOWS\system32\lxeacomc.dll 2011-06-18 22:20:52 ----A---- C:\WINDOWS\system32\lxeacfg.exe 2011-06-18 22:20:51 ----A---- C:\WINDOWS\system32\LXEAcfg.dll 2011-06-18 22:20:17 ----D---- C:\Program Files\Lexmark S300-S400 Series 2011-06-18 22:20:17 ----A---- C:\WINDOWS\system32\LXEAsmr.dll 2011-06-18 22:20:16 ----A---- C:\WINDOWS\system32\LXEAsm.dll 2011-06-18 22:15:21 ----A---- C:\WINDOWS\system32\EBLib.DLL 2011-06-18 22:15:21 ----A---- C:\WINDOWS\system32\drivers\TPwSav.sys 2011-06-18 22:15:20 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\XP 2011-06-18 22:15:20 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Vista64 2011-06-18 22:14:41 ----D---- C:\Temp 2011-06-18 22:14:34 ----D---- C:\WINDOWS\system32\SDA 2011-06-18 22:14:06 ----DC---- C:\WINDOWS\system32\DRVSTORE 2011-06-18 22:14:06 ----A---- C:\WINDOWS\system32\drivers\tifm21.sys 2011-06-18 22:14:00 ----D---- C:\WINDOWS\tiinst 2011-06-18 22:13:32 ----D---- C:\Program Files\TOSHIBA 2011-06-18 22:13:32 ----A---- C:\WINDOWS\system32\TDispVol.exe 2011-06-18 22:13:32 ----A---- C:\WINDOWS\system32\TDispVol.dll 2011-06-18 22:13:32 ----A---- C:\WINDOWS\system32\TCtrlCommon.dll 2011-06-18 22:09:00 ----D---- C:\Program Files\Synaptics 2011-06-18 22:09:00 ----A---- C:\WINDOWS\system32\SynTPCo4.dll 2011-06-18 22:09:00 ----A---- C:\WINDOWS\system32\SynTPAPI.dll 2011-06-18 22:09:00 ----A---- C:\WINDOWS\system32\SynCtrl.dll 2011-06-18 22:09:00 ----A---- C:\WINDOWS\system32\SynCOM.dll 2011-06-18 22:09:00 ----A---- C:\WINDOWS\system32\drivers\SynTP.sys 2011-06-18 22:07:00 ----D---- C:\WINDOWS\system32\Lang 2011-06-18 22:05:44 ----A---- C:\WINDOWS\system32\drivers\splitter.sys 2011-06-18 22:05:42 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys 2011-06-18 22:05:38 ----A---- C:\WINDOWS\system32\ChCfg.exe 2011-06-18 22:05:37 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys 2011-06-18 22:05:35 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys 2011-06-18 22:05:33 ----A---- C:\WINDOWS\system32\drivers\aec.sys 2011-06-18 22:05:32 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys 2011-06-18 22:05:30 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys 2011-06-18 22:05:29 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys 2011-06-18 22:05:26 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011-06-18 22:05:25 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys 2011-06-18 22:05:22 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011-06-18 22:05:14 ----D---- C:\WINDOWS\system32\RTCOM 2011-06-18 22:05:12 ----A---- C:\WINDOWS\system32\ksuser.dll 2011-06-18 22:05:12 ----A---- C:\WINDOWS\system32\drivers\portcls.sys 2011-06-18 22:05:12 ----A---- C:\WINDOWS\system32\drivers\drmk.sys 2011-06-18 22:04:59 ----A---- C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011-06-18 22:04:59 ----A---- C:\WINDOWS\SoundMan.exe 2011-06-18 22:04:59 ----A---- C:\WINDOWS\SkyTel.exe 2011-06-18 22:04:59 ----A---- C:\WINDOWS\RtlUpd.exe 2011-06-18 22:04:59 ----A---- C:\WINDOWS\RTLCPL.exe 2011-06-18 22:04:56 ----A---- C:\WINDOWS\RTHDCPL.exe 2011-06-18 22:04:56 ----A---- C:\WINDOWS\MicCal.exe 2011-06-18 22:04:55 ----A---- C:\WINDOWS\alcwzrd.exe 2011-06-18 22:04:55 ----A---- C:\WINDOWS\Alcmtr.exe 2011-06-18 22:04:51 ----A---- C:\WINDOWS\RtlExUpd.dll 2011-06-18 22:04:51 ----A---- C:\WINDOWS\HideWin.exe 2011-06-18 22:01:47 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles 2011-06-18 22:00:26 ----D---- C:\WINDOWS\nview 2011-06-18 22:00:26 ----A---- C:\WINDOWS\system32\nwiz.exe 2011-06-18 22:00:26 ----A---- C:\WINDOWS\system32\nvwimg.dll 2011-06-18 22:00:26 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll 2011-06-18 22:00:26 ----A---- C:\WINDOWS\system32\nvudisp.exe 2011-06-18 22:00:26 ----A---- C:\WINDOWS\system32\nvshell.dll 2011-06-18 22:00:26 ----A---- C:\WINDOWS\system32\nview.dll 2011-06-18 22:00:26 ----A---- C:\WINDOWS\system32\nvdspsch.exe 2011-06-18 22:00:26 ----A---- C:\WINDOWS\system32\nvcplui.exe 2011-06-18 22:00:26 ----A---- C:\WINDOWS\system32\nvcolor.exe 2011-06-18 22:00:26 ----A---- C:\WINDOWS\system32\nvappbar.exe 2011-06-18 22:00:26 ----A---- C:\WINDOWS\system32\keystone.exe 2011-06-18 22:00:05 ----A---- C:\WINDOWS\system32\nvwss.dll 2011-06-18 22:00:05 ----A---- C:\WINDOWS\system32\nvwddi.dll 2011-06-18 22:00:04 ----A---- C:\WINDOWS\system32\nvvitvs.dll 2011-06-18 22:00:04 ----A---- C:\WINDOWS\system32\nvsvc32.exe 2011-06-18 22:00:03 ----A---- C:\WINDOWS\system32\nvoglnt.dll 2011-06-18 22:00:03 ----A---- C:\WINDOWS\system32\nvmobls.dll 2011-06-18 22:00:03 ----A---- C:\WINDOWS\system32\nvmctray.dll 2011-06-18 22:00:03 ----A---- C:\WINDOWS\system32\nvmccss.dll 2011-06-18 22:00:03 ----A---- C:\WINDOWS\system32\nvmccsrs.dll 2011-06-18 22:00:03 ----A---- C:\WINDOWS\system32\nvmccs.dll 2011-06-18 22:00:03 ----A---- C:\WINDOWS\system32\nvgames.dll 2011-06-18 22:00:02 ----A---- C:\WINDOWS\system32\nvdisps.dll 2011-06-18 22:00:02 ----A---- C:\WINDOWS\system32\nvcuvid.dll 2011-06-18 22:00:02 ----A---- C:\WINDOWS\system32\nvcuda.dll 2011-06-18 22:00:01 ----A---- C:\WINDOWS\system32\nvcpl.dll 2011-06-18 22:00:01 ----A---- C:\WINDOWS\system32\nvcodins.dll 2011-06-18 22:00:01 ----A---- C:\WINDOWS\system32\nvcod.dll 2011-06-18 22:00:00 ----A---- C:\WINDOWS\system32\nvapi.dll 2011-06-18 22:00:00 ----A---- C:\WINDOWS\system32\drivers\nv4_mini.sys 2011-06-18 21:59:59 ----D---- C:\nVidia Forceware 2011-06-18 21:59:59 ----A---- C:\WINDOWS\system32\nv4_disp.dll 2011-06-18 21:55:28 ----D---- C:\Drivers 2011-06-18 21:18:37 ----D---- C:\NVIDIA 2011-06-18 20:56:48 ----D---- C:\Intel 2011-06-18 20:54:14 ----A---- C:\WINDOWS\system32\h323log.txt 2011-06-18 20:54:07 ----RSD---- C:\WINDOWS\assembly 2011-06-18 20:53:44 ----D---- C:\WINDOWS\Microsoft.NET 2011-06-18 20:48:08 ----SHD---- C:\RECYCLER 2011-06-18 20:37:57 ----A---- C:\WINDOWS\system32\NVUNINST.EXE 2011-06-18 20:37:48 ----D---- C:\Program Files\Common Files\InstallShield 2011-06-18 20:32:17 ----A---- C:\WINDOWS\system32\drivers\audstub.sys 2011-06-18 20:31:44 ----A---- C:\WINDOWS\system32\drivers\redbook.sys 2011-06-18 20:31:19 ----A---- C:\WINDOWS\system32\drivers\compbatt.sys 2011-06-18 20:31:18 ----A---- C:\WINDOWS\system32\drivers\CmBatt.sys 2011-06-18 20:31:18 ----A---- C:\WINDOWS\system32\drivers\battc.sys 2011-06-18 20:30:56 ----A---- C:\WINDOWS\system32\drivers\enum1394.sys 2011-06-18 20:30:33 ----A---- C:\WINDOWS\system32\usbui.dll 2011-06-18 20:29:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2011-06-18 20:29:04 ----SHD---- C:\WINDOWS\Installer 2011-06-18 20:29:03 ----D---- C:\Program Files\Common Files\ODBC 2011-06-18 20:29:03 ----A---- C:\WINDOWS\ODBCINST.INI 2011-06-18 20:28:59 ----D---- C:\Program Files\Common Files\SpeechEngines 2011-06-18 20:28:56 ----D---- C:\Program Files\Common Files\Microsoft Shared 2011-06-18 20:28:55 ----RD---- C:\Program Files 2011-06-18 20:28:55 ----D---- C:\Program Files\Common Files 2011-06-18 20:28:51 ----RA---- C:\WINDOWS\system32\kbdtuq.dll 2011-06-18 20:28:51 ----RA---- C:\WINDOWS\system32\kbdtuf.dll 2011-06-18 20:28:51 ----RA---- C:\WINDOWS\system32\kbdazel.dll 2011-06-18 20:28:49 ----RA---- C:\WINDOWS\system32\kbdycc.dll 2011-06-18 20:28:49 ----RA---- C:\WINDOWS\system32\kbduzb.dll 2011-06-18 20:28:49 ----RA---- C:\WINDOWS\system32\kbdur.dll 2011-06-18 20:28:49 ----RA---- C:\WINDOWS\system32\kbdtat.dll 2011-06-18 20:28:49 ----RA---- C:\WINDOWS\system32\kbdru1.dll 2011-06-18 20:28:49 ----RA---- C:\WINDOWS\system32\kbdru.dll 2011-06-18 20:28:49 ----RA---- C:\WINDOWS\system32\kbdmon.dll 2011-06-18 20:28:49 ----RA---- C:\WINDOWS\system32\kbdkyr.dll 2011-06-18 20:28:49 ----RA---- C:\WINDOWS\system32\kbdkaz.dll 2011-06-18 20:28:49 ----RA---- C:\WINDOWS\system32\kbdbu.dll 2011-06-18 20:28:49 ----RA---- C:\WINDOWS\system32\kbdblr.dll 2011-06-18 20:28:49 ----RA---- C:\WINDOWS\system32\kbdaze.dll 2011-06-18 20:28:47 ----RA---- C:\WINDOWS\system32\kbdhept.dll 2011-06-18 20:28:47 ----RA---- C:\WINDOWS\system32\kbdhela3.dll 2011-06-18 20:28:47 ----RA---- C:\WINDOWS\system32\kbdhela2.dll 2011-06-18 20:28:47 ----RA---- C:\WINDOWS\system32\kbdhe319.dll 2011-06-18 20:28:47 ----RA---- C:\WINDOWS\system32\kbdhe220.dll 2011-06-18 20:28:47 ----RA---- C:\WINDOWS\system32\kbdhe.dll 2011-06-18 20:28:47 ----RA---- C:\WINDOWS\system32\kbdgkl.dll 2011-06-18 20:28:46 ----RA---- C:\WINDOWS\system32\kbdlv1.dll 2011-06-18 20:28:46 ----RA---- C:\WINDOWS\system32\kbdlv.dll 2011-06-18 20:28:46 ----RA---- C:\WINDOWS\system32\kbdlt1.dll 2011-06-18 20:28:46 ----RA---- C:\WINDOWS\system32\kbdlt.dll 2011-06-18 20:28:46 ----RA---- C:\WINDOWS\system32\kbdest.dll 2011-06-18 20:28:42 ----A---- C:\WINDOWS\system32\kbdycl.dll 2011-06-18 20:28:42 ----A---- C:\WINDOWS\system32\kbdsl1.dll 2011-06-18 20:28:42 ----A---- C:\WINDOWS\system32\kbdsl.dll 2011-06-18 20:28:42 ----A---- C:\WINDOWS\system32\kbdro.dll 2011-06-18 20:28:42 ----A---- C:\WINDOWS\system32\kbdhu1.dll 2011-06-18 20:28:42 ----A---- C:\WINDOWS\system32\kbdhu.dll 2011-06-18 20:28:42 ----A---- C:\WINDOWS\system32\kbdcz2.dll 2011-06-18 20:28:42 ----A---- C:\WINDOWS\system32\kbdcz1.dll 2011-06-18 20:28:42 ----A---- C:\WINDOWS\system32\kbdcz.dll 2011-06-18 20:28:42 ----A---- C:\WINDOWS\system32\kbdcr.dll 2011-06-18 20:28:42 ----A---- C:\WINDOWS\system32\KBDAL.DLL 2011-06-18 20:28:41 ----A---- C:\WINDOWS\system32\irclass.dll 2011-06-18 20:28:41 ----A---- C:\WINDOWS\system32\dgsetup.dll 2011-06-18 20:28:41 ----A---- C:\WINDOWS\system32\dgrpsetu.dll 2011-06-18 20:28:40 ----A---- C:\WINDOWS\system32\spxcoins.dll 2011-06-18 20:28:40 ----A---- C:\WINDOWS\system32\EqnClass.Dll 2011-06-18 20:28:38 ----N---- C:\WINDOWS\system32\CONFIG.TMP 2011-06-18 20:28:38 ----A---- C:\WINDOWS\TASKMAN.EXE 2011-06-18 20:28:38 ----A---- C:\WINDOWS\system32\drivers\irenum.sys 2011-06-18 20:28:37 ----A---- C:\WINDOWS\system32\batt.dll 2011-06-18 20:28:37 ----A---- C:\WINDOWS\NOTEPAD.EXE 2011-06-18 20:28:33 ----A---- C:\WINDOWS\system32\storprop.dll 2011-06-18 20:28:22 ----ASH---- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini 2011-06-18 20:28:17 ----RA---- C:\WINDOWS\SET8.tmp 2011-06-18 20:28:13 ----RA---- C:\WINDOWS\SET4.tmp 2011-06-18 20:28:11 ----RA---- C:\WINDOWS\SET3.tmp 2011-06-18 20:28:03 ----D---- C:\WINDOWS\system32\CatRoot2 2011-06-18 20:28:03 ----D---- C:\WINDOWS\system32\CatRoot 2011-06-18 20:27:57 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft 2011-06-18 20:27:34 ----A---- C:\WINDOWS\setuplog.txt 2011-06-18 20:27:31 ----D---- C:\Documents and Settings 2011-06-18 20:27:30 ----SHD---- C:\System Volume Information 2011-06-18 20:26:27 ----SH---- C:\boot.ini 2011-06-18 20:20:51 ----RSHDC---- C:\WINDOWS\system32\dllcache 2011-06-18 20:20:51 ----RSD---- C:\WINDOWS\Fonts 2011-06-18 20:20:51 ----RD---- C:\WINDOWS\Web 2011-06-18 20:20:51 ----HD---- C:\WINDOWS\inf 2011-06-18 20:20:51 ----D---- C:\WINDOWS\WinSxS 2011-06-18 20:20:51 ----D---- C:\WINDOWS\twain_32 2011-06-18 20:20:51 ----D---- C:\WINDOWS\Temp 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\wins 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\wbem 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\usmt 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\spool 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\ShellExt 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\Setup 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\ras 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\pl-pl 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\pl 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\oobe 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\npp 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\mui 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\inetsrv 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\IME 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\icsxml 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\ias 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\export 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\drivers\etc 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\drivers\disdn 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\drivers 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\dhcp 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\config 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\3com_dmi 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\3076 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\2052 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\1054 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\1045 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\1042 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\1041 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\1037 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\1033 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\1031 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\1028 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32\1025 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system32 2011-06-18 20:20:51 ----D---- C:\WINDOWS\system 2011-06-18 20:20:51 ----D---- C:\WINDOWS\security 2011-06-18 20:20:51 ----D---- C:\WINDOWS\Resources 2011-06-18 20:20:51 ----D---- C:\WINDOWS\repair 2011-06-18 20:20:51 ----D---- C:\WINDOWS\Provisioning 2011-06-18 20:20:51 ----D---- C:\WINDOWS\PeerNet 2011-06-18 20:20:51 ----D---- C:\WINDOWS\pchealth 2011-06-18 20:20:51 ----D---- C:\WINDOWS\Network Diagnostic 2011-06-18 20:20:51 ----D---- C:\WINDOWS\mui 2011-06-18 20:20:51 ----D---- C:\WINDOWS\msapps 2011-06-18 20:20:51 ----D---- C:\WINDOWS\msagent 2011-06-18 20:20:51 ----D---- C:\WINDOWS\Media 2011-06-18 20:20:51 ----D---- C:\WINDOWS\L2Schemas 2011-06-18 20:20:51 ----D---- C:\WINDOWS\java 2011-06-18 20:20:51 ----D---- C:\WINDOWS\ime 2011-06-18 20:20:51 ----D---- C:\WINDOWS\Help 2011-06-18 20:20:51 ----D---- C:\WINDOWS\ehome 2011-06-18 20:20:51 ----D---- C:\WINDOWS\Driver Cache 2011-06-18 20:20:51 ----D---- C:\WINDOWS\Debug 2011-06-18 20:20:51 ----D---- C:\WINDOWS\Cursors 2011-06-18 20:20:51 ----D---- C:\WINDOWS\Connection Wizard 2011-06-18 20:20:51 ----D---- C:\WINDOWS\Config 2011-06-18 20:20:51 ----D---- C:\WINDOWS\AppPatch 2011-06-18 20:20:51 ----D---- C:\WINDOWS\addins 2011-06-18 20:20:51 ----D---- C:\WINDOWS 2011-06-18 20:20:50 ----ASH---- C:\pagefile.sys 2011-06-18 19:30:55 ----D---- C:\WINDOWS\system32\ReinstallBackups 2011-06-18 19:30:53 ----D---- C:\Program Files\Intel 2011-06-18 19:27:50 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\WinRAR 2011-06-18 19:27:47 ----D---- C:\Program Files\WinRAR 2011-06-18 19:25:38 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\Macromedia 2011-06-18 19:25:38 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\Adobe 2011-06-18 19:23:30 ----A---- C:\WINDOWS\RTacDbg.txt 2011-06-18 19:22:00 ----A---- C:\WINDOWS\system32\drivers\AegisP.sys 2011-06-18 19:21:56 ----A---- C:\WINDOWS\system32\AegisI5Installer.exe 2011-06-18 19:21:16 ----RA---- C:\WINDOWS\system32\drivers\RTL8192su.sys 2011-06-18 19:21:16 ----D---- C:\WINDOWS\OPTIONS 2011-06-18 19:21:06 ----D---- C:\WINDOWS\system32\RtlGina 2011-06-18 19:21:05 ----D---- C:\Program Files\REALTEK 2011-06-18 19:21:05 ----A---- C:\WINDOWS\system32\ISSRemoveSP.exe 2011-06-18 19:21:01 ----HD---- C:\Program Files\InstallShield Installation Information 2011-06-18 19:13:01 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS 2011-06-18 19:11:47 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\Identities 2011-06-18 19:11:45 ----HD---- C:\Program Files\Uninstall Information 2011-06-18 19:11:37 ----ASH---- C:\Documents and Settings\Kuba\Dane aplikacji\desktop.ini 2011-06-18 19:11:36 ----SD---- C:\Documents and Settings\Kuba\Dane aplikacji\Microsoft 2011-06-18 19:10:52 ----D---- C:\WINDOWS\SoftwareDistribution 2011-06-18 19:10:50 ----D---- C:\WINDOWS\Prefetch 2011-06-18 19:10:49 ----SD---- C:\WINDOWS\system32\Microsoft 2011-06-18 19:10:49 ----A---- C:\WINDOWS\SchedLgU.Txt 2011-06-18 19:01:00 ----D---- C:\WINDOWS\system32\xircom 2011-06-18 19:01:00 ----D---- C:\Program Files\xerox 2011-06-18 19:01:00 ----D---- C:\Program Files\microsoft frontpage 2011-06-18 19:00:40 ----RASH---- C:\MSDOS.SYS 2011-06-18 19:00:40 ----RASH---- C:\IO.SYS 2011-06-18 19:00:40 ----A---- C:\WINDOWS\control.ini 2011-06-18 19:00:40 ----A---- C:\CONFIG.SYS 2011-06-18 19:00:40 ----A---- C:\AUTOEXEC.BAT 2011-06-18 19:00:29 ----A---- C:\WINDOWS\OEWABLog.txt 2011-06-18 19:00:25 ----A---- C:\WINDOWS\system32\mapi32.dll 2011-06-18 18:59:33 ----SD---- C:\WINDOWS\Downloaded Program Files 2011-06-18 18:59:33 ----RD---- C:\WINDOWS\Offline Web Pages 2011-06-18 18:59:33 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2011-06-18 18:59:28 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2011-06-18 18:59:23 ----HD---- C:\Program Files\WindowsUpdate 2011-06-18 18:59:18 ----D---- C:\Program Files\Usługi online 2011-06-18 18:59:01 ----D---- C:\WINDOWS\system32\DirectX 2011-06-18 18:58:54 ----A---- C:\WINDOWS\system32\atrace.dll 2011-06-18 18:58:51 ----A---- C:\WINDOWS\system32\desktop.ini 2011-06-18 18:58:51 ----A---- C:\WINDOWS\desktop.ini 2011-06-18 18:58:44 ----A---- C:\WINDOWS\system32\nmevtmsg.dll 2011-06-18 18:58:43 ----A---- C:\WINDOWS\system32\acctres.dll 2011-06-18 18:58:42 ----D---- C:\Program Files\Common Files\Services 2011-06-18 18:58:40 ----SD---- C:\WINDOWS\Tasks 2011-06-18 18:58:40 ----A---- C:\WINDOWS\system32\icfgnt5.dll 2011-06-18 18:58:39 ----D---- C:\Program Files\Common Files\MSSoap 2011-06-18 18:58:34 ----D---- C:\WINDOWS\srchasst 2011-06-18 18:58:33 ----D---- C:\WINDOWS\system32\Macromed 2011-06-18 18:58:30 ----A---- C:\WINDOWS\system32\wuweb.dll 2011-06-18 18:58:30 ----A---- C:\WINDOWS\system32\wups.dll 2011-06-18 18:58:30 ----A---- C:\WINDOWS\system32\wucltui.dll 2011-06-18 18:58:30 ----A---- C:\WINDOWS\system32\wuauserv.dll 2011-06-18 18:58:30 ----A---- C:\WINDOWS\system32\wuaueng1.dll 2011-06-18 18:58:30 ----A---- C:\WINDOWS\system32\wuaueng.dll 2011-06-18 18:58:30 ----A---- C:\WINDOWS\system32\wuauclt1.exe 2011-06-18 18:58:29 ----A---- C:\WINDOWS\system32\wuauclt.exe 2011-06-18 18:58:29 ----A---- C:\WINDOWS\system32\wuapi.dll 2011-06-18 18:58:29 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2011-06-18 18:58:29 ----A---- C:\WINDOWS\system32\qmgr.dll 2011-06-18 18:58:29 ----A---- C:\WINDOWS\system32\bitsprx4.dll 2011-06-18 18:58:29 ----A---- C:\WINDOWS\system32\bitsprx3.dll 2011-06-18 18:58:29 ----A---- C:\WINDOWS\system32\bitsprx2.dll 2011-06-18 18:58:24 ----D---- C:\Program Files\Movie Maker 2011-06-18 18:58:07 ----A---- C:\WINDOWS\system32\safrslv.dll 2011-06-18 18:58:07 ----A---- C:\WINDOWS\system32\safrdm.dll 2011-06-18 18:58:07 ----A---- C:\WINDOWS\system32\safrcdlg.dll 2011-06-18 18:58:07 ----A---- C:\WINDOWS\system32\racpldlg.dll 2011-06-18 18:58:03 ----A---- C:\WINDOWS\system32\fltMc.exe 2011-06-18 18:58:03 ----A---- C:\WINDOWS\system32\fltlib.dll 2011-06-18 18:58:03 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys 2011-06-18 18:58:02 ----D---- C:\WINDOWS\system32\Restore 2011-06-18 18:58:02 ----A---- C:\WINDOWS\system32\srsvc.dll 2011-06-18 18:58:02 ----A---- C:\WINDOWS\system32\srrstr.dll 2011-06-18 18:58:02 ----A---- C:\WINDOWS\system32\srclient.dll 2011-06-18 18:58:02 ----A---- C:\WINDOWS\system32\drivers\sr.sys 2011-06-18 18:58:01 ----A---- C:\WINDOWS\system32\nmmkcert.dll 2011-06-18 18:58:01 ----A---- C:\WINDOWS\system32\msconf.dll 2011-06-18 18:58:01 ----A---- C:\WINDOWS\system32\mnmsrvc.exe 2011-06-18 18:58:01 ----A---- C:\WINDOWS\system32\mnmdd.dll 2011-06-18 18:58:01 ----A---- C:\WINDOWS\system32\isrdbg32.dll 2011-06-18 18:58:01 ----A---- C:\WINDOWS\system32\ils.dll 2011-06-18 18:57:58 ----D---- C:\Program Files\NetMeeting 2011-06-18 18:57:58 ----A---- C:\WINDOWS\system32\msoert2.dll 2011-06-18 18:57:58 ----A---- C:\WINDOWS\system32\msoeacct.dll 2011-06-18 18:57:57 ----A---- C:\WINDOWS\system32\inetres.dll 2011-06-18 18:57:56 ----A---- C:\WINDOWS\system32\inetcomm.dll 2011-06-18 18:57:54 ----D---- C:\Program Files\Outlook Express 2011-06-18 18:57:54 ----A---- C:\WINDOWS\system32\schedsvc.dll 2011-06-18 18:57:54 ----A---- C:\WINDOWS\system32\mstinit.exe 2011-06-18 18:57:54 ----A---- C:\WINDOWS\system32\mstask.dll 2011-06-18 18:57:53 ----A---- C:\WINDOWS\system32\isign32.dll 2011-06-18 18:57:53 ----A---- C:\WINDOWS\system32\inetcfg.dll 2011-06-18 18:57:53 ----A---- C:\WINDOWS\system32\icwphbk.dll 2011-06-18 18:57:53 ----A---- C:\WINDOWS\system32\icwdial.dll 2011-06-18 18:57:48 ----D---- C:\Program Files\Common Files\System 2011-06-18 18:57:42 ----D---- C:\Program Files\Internet Explorer 2011-06-18 18:56:56 ----D---- C:\Program Files\ComPlus Applications 2011-06-18 18:56:53 ----A---- C:\WINDOWS\vbaddin.ini 2011-06-18 18:56:53 ----A---- C:\WINDOWS\vb.ini 2011-06-18 18:56:47 ----D---- C:\WINDOWS\Registration 2011-06-18 18:56:36 ----D---- C:\Program Files\Windows Media Player 2011-06-18 18:56:28 ----D---- C:\Program Files\Messenger 2011-06-18 18:56:24 ----D---- C:\Program Files\MSN Gaming Zone 2011-06-18 18:56:24 ----A---- C:\WINDOWS\system32\write.exe 2011-06-18 18:56:16 ----A---- C:\WINDOWS\system32\sndvol32.exe 2011-06-18 18:56:16 ----A---- C:\WINDOWS\system32\hticons.dll 2011-06-18 18:56:16 ----A---- C:\WINDOWS\system32\avwav.dll 2011-06-18 18:56:16 ----A---- C:\WINDOWS\system32\avtapi.dll 2011-06-18 18:56:16 ----A---- C:\WINDOWS\system32\avmeter.dll 2011-06-18 18:56:15 ----A---- C:\WINDOWS\system32\winchat.exe 2011-06-18 18:56:09 ----A---- C:\WINDOWS\system32\getuname.dll 2011-06-18 18:56:09 ----A---- C:\WINDOWS\system32\charmap.exe 2011-06-18 18:56:09 ----A---- C:\WINDOWS\system32\calc.exe 2011-06-18 18:56:08 ----A---- C:\WINDOWS\system32\winmine.exe 2011-06-18 18:56:08 ----A---- C:\WINDOWS\system32\sol.exe 2011-06-18 18:56:08 ----A---- C:\WINDOWS\system32\reset.exe 2011-06-18 18:56:08 ----A---- C:\WINDOWS\system32\mshearts.exe 2011-06-18 18:56:08 ----A---- C:\WINDOWS\system32\freecell.exe 2011-06-18 18:56:07 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2011-06-18 18:56:07 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2011-06-18 18:56:07 ----A---- C:\WINDOWS\system32\tslabels.ini 2011-06-18 18:56:07 ----A---- C:\WINDOWS\system32\tskill.exe 2011-06-18 18:56:07 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2011-06-18 18:56:07 ----A---- C:\WINDOWS\system32\tscon.exe 2011-06-18 18:56:07 ----A---- C:\WINDOWS\system32\shadow.exe 2011-06-18 18:56:07 ----A---- C:\WINDOWS\system32\rwinsta.exe 2011-06-18 18:56:07 ----A---- C:\WINDOWS\system32\regini.exe 2011-06-18 18:56:07 ----A---- C:\WINDOWS\system32\rdpcfgex.dll 2011-06-18 18:56:07 ----A---- C:\WINDOWS\system32\qwinsta.exe 2011-06-18 18:56:07 ----A---- C:\WINDOWS\system32\qappsrv.exe 2011-06-18 18:56:07 ----A---- C:\WINDOWS\system32\msg.exe 2011-06-18 18:56:07 ----A---- C:\WINDOWS\system32\logoff.exe 2011-06-18 18:56:06 ----A---- C:\WINDOWS\system32\msdtcprf.ini 2011-06-18 18:56:06 ----A---- C:\WINDOWS\system32\cdmodem.dll 2011-06-18 18:56:01 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2011-06-18 18:56:00 ----A---- C:\WINDOWS\system32\accwiz.exe 2011-06-18 18:55:59 ----A---- C:\WINDOWS\system32\sndrec32.exe 2011-06-18 18:55:59 ----A---- C:\WINDOWS\system32\mplay32.exe 2011-06-18 18:55:59 ----A---- C:\WINDOWS\system32\hypertrm.dll 2011-06-18 18:55:58 ----D---- C:\Program Files\Windows NT 2011-06-18 18:55:58 ----A---- C:\WINDOWS\system32\mspaint.exe 2011-06-18 18:55:58 ----A---- C:\WINDOWS\system32\clipbrd.exe 2011-06-18 18:55:57 ----A---- C:\WINDOWS\system32\spider.exe 2011-06-18 18:55:57 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys 2011-06-18 18:55:57 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys 2011-06-18 18:55:57 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys 2011-06-18 18:55:56 ----A---- C:\WINDOWS\system32\tsgqec.dll 2011-06-18 18:55:56 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2011-06-18 18:55:56 ----A---- C:\WINDOWS\system32\rhttpaa.dll 2011-06-18 18:55:56 ----A---- C:\WINDOWS\system32\aaclient.dll 2011-06-18 18:55:55 ----A---- C:\WINDOWS\system32\remotepg.dll 2011-06-18 18:55:55 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2011-06-18 18:55:55 ----A---- C:\WINDOWS\system32\mstscax.dll 2011-06-18 18:55:55 ----A---- C:\WINDOWS\system32\mstsc.exe 2011-06-18 18:55:54 ----A---- C:\WINDOWS\system32\termsrv.dll 2011-06-18 18:55:54 ----A---- C:\WINDOWS\system32\sessmgr.exe 2011-06-18 18:55:54 ----A---- C:\WINDOWS\system32\rdshost.exe 2011-06-18 18:55:54 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2011-06-18 18:55:54 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2011-06-18 18:55:54 ----A---- C:\WINDOWS\system32\rdpclip.exe 2011-06-18 18:55:54 ----A---- C:\WINDOWS\system32\rdchost.dll 2011-06-18 18:55:54 ----A---- C:\WINDOWS\system32\qprocess.exe 2011-06-18 18:55:53 ----D---- C:\WINDOWS\system32\MsDtc 2011-06-18 18:55:53 ----A---- C:\WINDOWS\system32\mtxoci.dll 2011-06-18 18:55:53 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2011-06-18 18:55:53 ----A---- C:\WINDOWS\system32\msdtctm.dll 2011-06-18 18:55:53 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2011-06-18 18:55:53 ----A---- C:\WINDOWS\system32\icaapi.dll 2011-06-18 18:55:53 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2011-06-18 18:55:52 ----A---- C:\WINDOWS\system32\xolehlp.dll 2011-06-18 18:55:52 ----A---- C:\WINDOWS\system32\msdtclog.dll 2011-06-18 18:55:52 ----A---- C:\WINDOWS\system32\msdtc.exe 2011-06-18 18:55:51 ----D---- C:\WINDOWS\system32\Com 2011-06-18 18:55:51 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2011-06-18 18:55:51 ----A---- C:\WINDOWS\system32\mtxex.dll 2011-06-18 18:55:51 ----A---- C:\WINDOWS\system32\mtxdm.dll 2011-06-18 18:55:51 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2011-06-18 18:55:51 ----A---- C:\WINDOWS\system32\comrepl.dll 2011-06-18 18:55:51 ----A---- C:\WINDOWS\system32\comaddin.dll 2011-06-18 18:55:51 ----A---- C:\WINDOWS\system32\colbact.dll 2011-06-18 18:55:50 ----A---- C:\WINDOWS\system32\stclient.dll 2011-06-18 18:55:50 ----A---- C:\WINDOWS\system32\clbcatex.dll 2011-06-18 18:55:50 ----A---- C:\WINDOWS\system32\catsrvut.dll 2011-06-18 18:55:50 ----A---- C:\WINDOWS\system32\catsrvps.dll 2011-06-18 18:55:50 ----A---- C:\WINDOWS\system32\catsrv.dll 2011-06-18 18:55:49 ----A---- C:\WINDOWS\system32\comuid.dll 2011-06-18 18:55:49 ----A---- C:\WINDOWS\system32\comsvcs.dll 2011-06-18 18:55:49 ----A---- C:\WINDOWS\system32\comsnap.dll 2011-06-18 18:55:48 ----A---- C:\WINDOWS\system32\clbcatq.dll 2011-06-18 18:55:42 ----A---- C:\WINDOWS\system32\servdeps.dll 2011-06-18 18:55:42 ----A---- C:\WINDOWS\system32\mmfutil.dll 2011-06-18 18:55:42 ----A---- C:\WINDOWS\system32\licwmi.dll 2011-06-18 18:55:42 ----A---- C:\WINDOWS\system32\cmprops.dll 2011-06-18 18:55:36 ----A---- C:\WINDOWS\system32\drivers\termdd.sys 2011-06-18 18:55:36 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys ======List of files/folders modified in the last 1 months====== 2011-06-23 18:49:46 ----A---- C:\WINDOWS\win.ini 2011-06-18 20:28:53 ----A---- C:\WINDOWS\system.ini 2011-06-18 19:00:12 ----ASH---- C:\WINDOWS\fonts\desktop.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 ohci1394;Kontroler hosta Texas Instruments IEEE 1394 zgodny z OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-06-20 717296] R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-05-10 30808] R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-05-10 25432] R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-05-10 441176] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-05-10 307928] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-05-10 49240] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 TPwSav;TPwSav; \??\C:\WINDOWS\system32\drivers\TPwSav.sys [] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2011-06-18 21361] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-05-10 19544] R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-05-10 102616] R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-08-10 4603904] R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-09 6307328] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8192su.sys [2010-01-25 605856] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 sffdisk;Sterownik SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904] R3 sffp_sd;Sterownik SFF Storage Protocol Driver dla SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-07-25 209312] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-07-25 290304] R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 a4mapn2l;a4mapn2l; C:\WINDOWS\system32\drivers\a4mapn2l.sys [] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912] S3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-05-25 37664] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-05-10 42184] R2 Bonjour Service;Usługa Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2011-04-06 349472] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-06-24 153376] R2 lxea_device;lxea_device; C:\WINDOWS\system32\lxeacoms.exe [2010-04-14 598696] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-09 163908] R3 iPod Service;Usługa iPod; C:\Program Files\iPod\bin\iPodService.exe [2011-06-07 820520] S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe [2010-04-14 193192] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- [/log] GMER: [log]GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-06-27 19:58:13 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS541612J9SA00 rev.SBDOC7DP Running: 2eelon1n.exe; Driver: C:\DOCUME~1\Kuba\USTAWI~1\Temp\uxldqpoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB7068202] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB70F6CB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB708C6C1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB706A81C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB706A874] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB706A98A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB708C075] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB706A772] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB706A8C4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB706A7C6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB706A938] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB7068226] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB708CD87] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB708D03D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB706AC0E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB708CBF2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB708CA5D] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB70F6D62] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB7067FF0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB706824A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB706AD82] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB7068CDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB706A84C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB706A89C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB706A9B4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB708C3D1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB706A79E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB706AA46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB706A904] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB706A7F4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB706AB2A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB706A962] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB70F6DFA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB708C8D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB7068BA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB708C72A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB70FFE48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB708B6E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB706826E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB7068292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB706804A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB7068186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB708CE8E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB7068162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB70681AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB70682B6] INT 0x62 ? 89BA1BF8 INT 0x63 ? 899A9BF8 INT 0x82 ? 89BA1BF8 INT 0x83 ? 899A9BF8 INT 0x94 ? 899A9BF8 INT 0xA4 ? 899A9BF8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB710C902] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwYieldExecution + 3A6 804E4BD0 4 Bytes CALL AB05548B PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP B7109D5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80575B10 4 Bytes CALL B7069335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B7CD 7 Bytes JMP B710C906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E6A62 5 Bytes JMP B71082BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? spxb.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9BD6360, 0x35483F, 0xE8000020] .text USBPORT.SYS!DllUnload B9B8E8AC 5 Bytes JMP 899A91D8 .text a4mapn2l.SYS B9A88386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text a4mapn2l.SYS B9A883AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text a4mapn2l.SYS B9A883C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text a4mapn2l.SYS B9A883C9 1 Byte [2E] .text a4mapn2l.SYS B9A883C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...] .text ... .text win32k.sys!EngFreeUserMem + 674 BF809FDF 5 Bytes JMP B706BCCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8138FE 5 Bytes JMP B706BBDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E743 5 Bytes JMP B706AE9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 7657 BF82868B 5 Bytes JMP B706AF60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 698 BF838560 5 Bytes JMP B706BE38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + BB6 BF838A7E 5 Bytes JMP B706BB4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 3605 BF83B4CD 5 Bytes JMP B706C040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + D9AB BF845873 5 Bytes JMP B706AFD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 2F20 BF8527E0 5 Bytes JMP B706AE84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 84B4 BF857D74 5 Bytes JMP B706BF9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 23AD BF873983 5 Bytes JMP B706BD80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 37BB BF87882D 5 Bytes JMP B706BC04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 413A BF890AD9 5 Bytes JMP B706B32A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 4B52 BF8B3770 5 Bytes JMP B706B1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 4BDD BF8B37FB 5 Bytes JMP B706B352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP B706B06A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8ED991 5 Bytes JMP B706ADB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + D4C6 BF8F9489 5 Bytes JMP B706B0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + D746 BF8F9709 5 Bytes JMP B706B114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1994 BF912612 5 Bytes JMP B706AF1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2568 BF9131E6 5 Bytes JMP B706B034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F29 BF915BA7 5 Bytes JMP B706B46C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1931 BF9438F8 5 Bytes JMP B706BEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001701F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001703FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00550804 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00550600 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005503FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00561014 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00560804 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00560A08 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00560C0C .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00560E10 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 005601F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 005603FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[132] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00560600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[220] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[220] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[220] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[220] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[220] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[220] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[220] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[220] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[220] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[220] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[220] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[220] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[220] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[220] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[220] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[220] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[220] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001701F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001703FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00550804 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00550600 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005503FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00561014 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00560804 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00560A08 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00560C0C .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00560E10 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 005601F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 005603FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[484] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00560600 .text C:\Program Files\Bonjour\mDNSResponder.exe[500] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[500] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[500] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\Bonjour\mDNSResponder.exe[500] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[500] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\Bonjour\mDNSResponder.exe[500] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\Bonjour\mDNSResponder.exe[500] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[500] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\Bonjour\mDNSResponder.exe[500] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\Bonjour\mDNSResponder.exe[500] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[500] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\Bonjour\mDNSResponder.exe[500] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\Bonjour\mDNSResponder.exe[500] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Bonjour\mDNSResponder.exe[500] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[500] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Bonjour\mDNSResponder.exe[500] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[500] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\System32\smss.exe[572] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[620] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[620] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[620] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\Java\jre6\bin\jqs.exe[620] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[620] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\Java\jre6\bin\jqs.exe[620] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\Java\jre6\bin\jqs.exe[620] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[620] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\Java\jre6\bin\jqs.exe[620] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\Java\jre6\bin\jqs.exe[620] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[620] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\Java\jre6\bin\jqs.exe[620] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[620] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Java\jre6\bin\jqs.exe[620] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[620] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[620] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[620] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\lxeacoms.exe[696] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\lxeacoms.exe[696] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\lxeacoms.exe[696] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\lxeacoms.exe[696] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\lxeacoms.exe[696] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\lxeacoms.exe[696] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\lxeacoms.exe[696] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\lxeacoms.exe[696] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\lxeacoms.exe[696] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\lxeacoms.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003F1014 .text C:\WINDOWS\system32\lxeacoms.exe[696] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\lxeacoms.exe[696] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\lxeacoms.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003F0C0C .text C:\WINDOWS\system32\lxeacoms.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003F0E10 .text C:\WINDOWS\system32\lxeacoms.exe[696] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\lxeacoms.exe[696] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\lxeacoms.exe[696] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003F0600 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[712] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[712] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[712] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[712] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[712] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[712] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[712] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[712] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003F1014 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[712] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003F0804 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[712] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003F0C0C .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003F0E10 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[712] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[712] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003F03FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[712] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\nvsvc32.exe[752] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\nvsvc32.exe[752] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[752] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\nvsvc32.exe[752] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[752] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\nvsvc32.exe[752] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\nvsvc32.exe[752] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\nvsvc32.exe[752] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\nvsvc32.exe[752] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\nvsvc32.exe[752] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\nvsvc32.exe[752] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\nvsvc32.exe[752] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\nvsvc32.exe[752] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\nvsvc32.exe[752] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\nvsvc32.exe[752] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\nvsvc32.exe[752] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\nvsvc32.exe[752] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\csrss.exe[792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[792] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[824] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[824] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[824] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[824] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\winlogon.exe[824] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\winlogon.exe[824] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\winlogon.exe[824] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\winlogon.exe[824] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\winlogon.exe[824] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\winlogon.exe[824] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\winlogon.exe[824] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\winlogon.exe[824] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\winlogon.exe[824] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\winlogon.exe[824] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\winlogon.exe[824] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\winlogon.exe[824] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001701F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001703FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00550804 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00550600 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005503FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00561014 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00560804 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00560A08 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00560C0C .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00560E10 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 005601F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 005603FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00560600 .text C:\WINDOWS\system32\services.exe[868] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[868] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[868] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[868] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\services.exe[868] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\services.exe[868] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\services.exe[868] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\services.exe[868] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\lsass.exe[880] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[880] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[880] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[880] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\lsass.exe[880] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\lsass.exe[880] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\lsass.exe[880] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\lsass.exe[880] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1004] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8 .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1004] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1004] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1004] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1004] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1004] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1004] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1004] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1004] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1004] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1004] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[1136] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[1136] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[1136] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[1136] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[1136] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1552] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1552] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1552] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00310600 .text C:\WINDOWS\RTHDCPL.EXE[1632] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8 .text C:\WINDOWS\RTHDCPL.EXE[1632] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[1632] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC .text C:\WINDOWS\RTHDCPL.EXE[1632] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[1632] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003D1014 .text C:\WINDOWS\RTHDCPL.EXE[1632] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003D0804 .text C:\WINDOWS\RTHDCPL.EXE[1632] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003D0A08 .text C:\WINDOWS\RTHDCPL.EXE[1632] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003D0C0C .text C:\WINDOWS\RTHDCPL.EXE[1632] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003D0E10 .text C:\WINDOWS\RTHDCPL.EXE[1632] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003D01F8 .text C:\WINDOWS\RTHDCPL.EXE[1632] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003D03FC .text C:\WINDOWS\RTHDCPL.EXE[1632] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003D0600 .text C:\WINDOWS\RTHDCPL.EXE[1632] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\RTHDCPL.EXE[1632] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\RTHDCPL.EXE[1632] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\RTHDCPL.EXE[1632] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\RTHDCPL.EXE[1632] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\Explorer.EXE[1636] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[1636] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1636] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[1636] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1636] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00311014 .text C:\WINDOWS\Explorer.EXE[1636] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00310804 .text C:\WINDOWS\Explorer.EXE[1636] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310A08 .text C:\WINDOWS\Explorer.EXE[1636] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00310C0C .text C:\WINDOWS\Explorer.EXE[1636] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310E10 .text C:\WINDOWS\Explorer.EXE[1636] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003101F8 .text C:\WINDOWS\Explorer.EXE[1636] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003103FC .text C:\WINDOWS\Explorer.EXE[1636] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00310600 .text C:\WINDOWS\Explorer.EXE[1636] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\Explorer.EXE[1636] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\Explorer.EXE[1636] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\Explorer.EXE[1636] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\Explorer.EXE[1636] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003D1014 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003D0804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003D0A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003D0C0C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003D0E10 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003D01F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003D03FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003D0600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1684] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1684] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1684] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1684] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1684] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1684] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1684] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1684] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1684] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003F1014 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1684] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003F0804 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1684] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1684] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003F0C0C .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1684] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003F0E10 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1684] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1684] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003F03FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1684] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\TDispVol.exe[1728] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\TDispVol.exe[1728] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\TDispVol.exe[1728] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\TDispVol.exe[1728] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\TDispVol.exe[1728] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003D1014 .text C:\WINDOWS\system32\TDispVol.exe[1728] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\TDispVol.exe[1728] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\TDispVol.exe[1728] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003D0C0C .text C:\WINDOWS\system32\TDispVol.exe[1728] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003D0E10 .text C:\WINDOWS\system32\TDispVol.exe[1728] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\TDispVol.exe[1728] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\TDispVol.exe[1728] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\TDispVol.exe[1728] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\TDispVol.exe[1728] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\TDispVol.exe[1728] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\TDispVol.exe[1728] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\TDispVol.exe[1728] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\TCtrlIOHook.exe[1756] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\TCtrlIOHook.exe[1756] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\TCtrlIOHook.exe[1756] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\TCtrlIOHook.exe[1756] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\TCtrlIOHook.exe[1756] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003D1014 .text C:\WINDOWS\system32\TCtrlIOHook.exe[1756] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\TCtrlIOHook.exe[1756] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\TCtrlIOHook.exe[1756] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003D0C0C .text C:\WINDOWS\system32\TCtrlIOHook.exe[1756] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003D0E10 .text C:\WINDOWS\system32\TCtrlIOHook.exe[1756] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\TCtrlIOHook.exe[1756] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\TCtrlIOHook.exe[1756] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\TCtrlIOHook.exe[1756] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\TCtrlIOHook.exe[1756] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\TCtrlIOHook.exe[1756] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\TCtrlIOHook.exe[1756] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\TCtrlIOHook.exe[1756] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\spoolsv.exe[2024] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[2024] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[2024] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[2024] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe[2052] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe[2052] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe[2052] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe[2052] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe[2052] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe[2052] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe[2052] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe[2052] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe[2052] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe[2052] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe[2052] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe[2052] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe[2052] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe[2052] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe[2052] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe[2052] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe[2052] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Lexmark S300-S400 Series\ezprint.exe[2060] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\Lexmark S300-S400 Series\ezprint.exe[2060] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Lexmark S300-S400 Series\ezprint.exe[2060] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\Lexmark S300-S400 Series\ezprint.exe[2060] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Lexmark S300-S400 Series\ezprint.exe[2060] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00881014 .text C:\Program Files\Lexmark S300-S400 Series\ezprint.exe[2060] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00880804 .text C:\Program Files\Lexmark S300-S400 Series\ezprint.exe[2060] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00880A08 .text C:\Program Files\Lexmark S300-S400 Series\ezprint.exe[2060] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00880C0C .text C:\Program Files\Lexmark S300-S400 Series\ezprint.exe[2060] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00880E10 .text C:\Program Files\Lexmark S300-S400 Series\ezprint.exe[2060] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 008801F8 .text C:\Program Files\Lexmark S300-S400 Series\ezprint.exe[2060] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 008803FC .text C:\Program Files\Lexmark S300-S400 Series\ezprint.exe[2060] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00880600 .text C:\Program Files\Lexmark S300-S400 Series\ezprint.exe[2060] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00890804 .text C:\Program Files\Lexmark S300-S400 Series\ezprint.exe[2060] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00890A08 .text C:\Program Files\Lexmark S300-S400 Series\ezprint.exe[2060] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00890600 .text C:\Program Files\Lexmark S300-S400 Series\ezprint.exe[2060] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 008901F8 .text C:\Program Files\Lexmark S300-S400 Series\ezprint.exe[2060] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 008903FC .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2068] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2068] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2076] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2076] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2076] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2076] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2076] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2076] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2076] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2076] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2076] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2076] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003F1014 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2076] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003F0804 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2076] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003F0A08 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2076] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003F0C0C .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2076] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003F0E10 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2076] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003F01F8 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2076] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003F03FC .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2076] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003F0600 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2084] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2084] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2084] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2084] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2084] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00410804 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2084] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00410A08 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2084] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00410600 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2084] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004101F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2084] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004103FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2084] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00421014 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2084] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00420804 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2084] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00420A08 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2084] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00420C0C .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2084] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00420E10 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2084] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 004201F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2084] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 004203FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2084] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00420600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\iTunes\iTunesHelper.exe[2172] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\iTunes\iTunesHelper.exe[2172] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\iTunes\iTunesHelper.exe[2172] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\iTunes\iTunesHelper.exe[2172] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\iTunes\iTunesHelper.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\iTunes\iTunesHelper.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\iTunes\iTunesHelper.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\iTunes\iTunesHelper.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\iTunes\iTunesHelper.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\iTunes\iTunesHelper.exe[2172] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\iTunes\iTunesHelper.exe[2172] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\iTunes\iTunesHelper.exe[2172] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\iTunes\iTunesHelper.exe[2172] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\iTunes\iTunesHelper.exe[2172] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\iTunes\iTunesHelper.exe[2172] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\iTunes\iTunesHelper.exe[2172] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\iTunes\iTunesHelper.exe[2172] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\ctfmon.exe[2192] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[2192] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2192] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[2192] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2192] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\ctfmon.exe[2192] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\ctfmon.exe[2192] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\ctfmon.exe[2192] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\ctfmon.exe[2192] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\ctfmon.exe[2192] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\ctfmon.exe[2192] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\ctfmon.exe[2192] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\ctfmon.exe[2192] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\ctfmon.exe[2192] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\ctfmon.exe[2192] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\ctfmon.exe[2192] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\ctfmon.exe[2192] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\ctfmon.exe[2192] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2200] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2200] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2200] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2200] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2200] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2200] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2200] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2200] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2200] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003F1014 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003F0804 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003F0A08 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003F0C0C .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003F0E10 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2200] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003F01F8 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2200] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003F03FC .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2200] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003F0600 .text C:\Program Files\Messenger\msmsgs.exe[2224] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\Program Files\Messenger\msmsgs.exe[2224] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[2224] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\Program Files\Messenger\msmsgs.exe[2224] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[2224] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00321014 .text C:\Program Files\Messenger\msmsgs.exe[2224] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00320804 .text C:\Program Files\Messenger\msmsgs.exe[2224] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00320A08 .text C:\Program Files\Messenger\msmsgs.exe[2224] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00320C0C .text C:\Program Files\Messenger\msmsgs.exe[2224] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00320E10 .text C:\Program Files\Messenger\msmsgs.exe[2224] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003201F8 .text C:\Program Files\Messenger\msmsgs.exe[2224] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003203FC .text C:\Program Files\Messenger\msmsgs.exe[2224] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00320600 .text C:\Program Files\Messenger\msmsgs.exe[2224] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00330804 .text C:\Program Files\Messenger\msmsgs.exe[2224] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00330A08 .text C:\Program Files\Messenger\msmsgs.exe[2224] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00330600 .text C:\Program Files\Messenger\msmsgs.exe[2224] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003301F8 .text C:\Program Files\Messenger\msmsgs.exe[2224] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003303FC .text C:\WINDOWS\system32\wuauclt.exe[2592] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\wuauclt.exe[2592] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[2592] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\wuauclt.exe[2592] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[2592] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\wuauclt.exe[2592] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\wuauclt.exe[2592] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\wuauclt.exe[2592] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\wuauclt.exe[2592] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\wuauclt.exe[2592] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\system32\wuauclt.exe[2592] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003A1014 .text C:\WINDOWS\system32\wuauclt.exe[2592] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003A0804 .text C:\WINDOWS\system32\wuauclt.exe[2592] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003A0A08 .text C:\WINDOWS\system32\wuauclt.exe[2592] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003A0C0C .text C:\WINDOWS\system32\wuauclt.exe[2592] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003A0E10 .text C:\WINDOWS\system32\wuauclt.exe[2592] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003A01F8 .text C:\WINDOWS\system32\wuauclt.exe[2592] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003A03FC .text C:\WINDOWS\system32\wuauclt.exe[2592] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003A0600 .text C:\WINDOWS\system32\wscntfy.exe[2624] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wscntfy.exe[2624] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[2624] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wscntfy.exe[2624] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[2624] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\wscntfy.exe[2624] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\wscntfy.exe[2624] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\wscntfy.exe[2624] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\wscntfy.exe[2624] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\wscntfy.exe[2624] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00331014 .text C:\WINDOWS\system32\wscntfy.exe[2624] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00330804 .text C:\WINDOWS\system32\wscntfy.exe[2624] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00330A08 .text C:\WINDOWS\system32\wscntfy.exe[2624] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 3 Bytes JMP 00330C0C .text C:\WINDOWS\system32\wscntfy.exe[2624] ADVAPI32.dll!ChangeServiceConfig2A + 4 77E270DD 1 Byte [88] .text C:\WINDOWS\system32\wscntfy.exe[2624] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00330E10 .text C:\WINDOWS\system32\wscntfy.exe[2624] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003301F8 .text C:\WINDOWS\system32\wscntfy.exe[2624] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003303FC .text C:\WINDOWS\system32\wscntfy.exe[2624] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00330600 .text C:\WINDOWS\System32\alg.exe[2804] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[2804] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2804] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[2804] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2804] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[2804] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[2804] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\alg.exe[2804] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[2804] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[2804] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00311014 .text C:\WINDOWS\System32\alg.exe[2804] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\alg.exe[2804] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\alg.exe[2804] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00310C0C .text C:\WINDOWS\System32\alg.exe[2804] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310E10 .text C:\WINDOWS\System32\alg.exe[2804] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[2804] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[2804] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00310600 .text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe[2888] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe[2888] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe[2888] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe[2888] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe[2888] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00850804 .text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe[2888] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00850A08 .text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe[2888] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00850600 .text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe[2888] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 008501F8 .text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe[2888] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 008503FC .text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe[2888] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00861014 .text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe[2888] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00860804 .text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe[2888] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00860A08 .text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe[2888] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00860C0C .text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe[2888] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00860E10 .text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe[2888] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 008601F8 .text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe[2888] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 008603FC .text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe[2888] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00860600 .text C:\Program Files\iPod\bin\iPodService.exe[2944] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\iPod\bin\iPodService.exe[2944] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[2944] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\iPod\bin\iPodService.exe[2944] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[2944] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\iPod\bin\iPodService.exe[2944] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\iPod\bin\iPodService.exe[2944] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\iPod\bin\iPodService.exe[2944] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\iPod\bin\iPodService.exe[2944] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\iPod\bin\iPodService.exe[2944] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\iPod\bin\iPodService.exe[2944] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\iPod\bin\iPodService.exe[2944] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\iPod\bin\iPodService.exe[2944] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\iPod\bin\iPodService.exe[2944] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\iPod\bin\iPodService.exe[2944] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\iPod\bin\iPodService.exe[2944] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\iPod\bin\iPodService.exe[2944] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\2eelon1n.exe[3212] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\2eelon1n.exe[3212] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\2eelon1n.exe[3212] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\2eelon1n.exe[3212] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\2eelon1n.exe[3212] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 009C1014 .text C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\2eelon1n.exe[3212] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 009C0804 .text C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\2eelon1n.exe[3212] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 009C0A08 .text C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\2eelon1n.exe[3212] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 009C0C0C .text C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\2eelon1n.exe[3212] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 009C0E10 .text C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\2eelon1n.exe[3212] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 009C01F8 .text C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\2eelon1n.exe[3212] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 009C03FC .text C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\2eelon1n.exe[3212] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 009C0600 .text C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\2eelon1n.exe[3212] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804 .text C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\2eelon1n.exe[3212] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08 .text C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\2eelon1n.exe[3212] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600 .text C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\2eelon1n.exe[3212] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8 .text C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\2eelon1n.exe[3212] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001701F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001703FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00550804 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00550600 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005503FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00561014 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00560804 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00560A08 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00560C0C .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00560E10 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 005601F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 005603FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3316] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00560600 .text C:\Program Files\FileZilla FTP Client\filezilla.exe[3588] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 002501F8 .text C:\Program Files\FileZilla FTP Client\filezilla.exe[3588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\FileZilla FTP Client\filezilla.exe[3588] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 002503FC .text C:\Program Files\FileZilla FTP Client\filezilla.exe[3588] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\FileZilla FTP Client\filezilla.exe[3588] ADVAPI32.DLL!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00CF1014 .text C:\Program Files\FileZilla FTP Client\filezilla.exe[3588] ADVAPI32.DLL!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00CF0804 .text C:\Program Files\FileZilla FTP Client\filezilla.exe[3588] ADVAPI32.DLL!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00CF0A08 .text C:\Program Files\FileZilla FTP Client\filezilla.exe[3588] ADVAPI32.DLL!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00CF0C0C .text C:\Program Files\FileZilla FTP Client\filezilla.exe[3588] ADVAPI32.DLL!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00CF0E10 .text C:\Program Files\FileZilla FTP Client\filezilla.exe[3588] ADVAPI32.DLL!CreateServiceA 77E271E9 5 Bytes JMP 00CF01F8 .text C:\Program Files\FileZilla FTP Client\filezilla.exe[3588] ADVAPI32.DLL!CreateServiceW 77E27381 5 Bytes JMP 00CF03FC .text C:\Program Files\FileZilla FTP Client\filezilla.exe[3588] ADVAPI32.DLL!DeleteService 77E27489 5 Bytes JMP 00CF0600 .text C:\Program Files\FileZilla FTP Client\filezilla.exe[3588] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00D00804 .text C:\Program Files\FileZilla FTP Client\filezilla.exe[3588] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00D00A08 .text C:\Program Files\FileZilla FTP Client\filezilla.exe[3588] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00D00600 .text C:\Program Files\FileZilla FTP Client\filezilla.exe[3588] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00D001F8 .text C:\Program Files\FileZilla FTP Client\filezilla.exe[3588] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00D003FC .text C:\Program Files\Kadu\kadu.exe[3608] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 002401F8 .text C:\Program Files\Kadu\kadu.exe[3608] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Kadu\kadu.exe[3608] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 002403FC .text C:\Program Files\Kadu\kadu.exe[3608] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Kadu\kadu.exe[3608] ADVAPI32.DLL!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 015B1014 .text C:\Program Files\Kadu\kadu.exe[3608] ADVAPI32.DLL!ChangeServiceConfigA 77E26E41 5 Bytes JMP 015B0804 .text C:\Program Files\Kadu\kadu.exe[3608] ADVAPI32.DLL!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 015B0A08 .text C:\Program Files\Kadu\kadu.exe[3608] ADVAPI32.DLL!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 015B0C0C .text C:\Program Files\Kadu\kadu.exe[3608] ADVAPI32.DLL!ChangeServiceConfig2W 77E27161 5 Bytes JMP 015B0E10 .text C:\Program Files\Kadu\kadu.exe[3608] ADVAPI32.DLL!CreateServiceA 77E271E9 5 Bytes JMP 015B01F8 .text C:\Program Files\Kadu\kadu.exe[3608] ADVAPI32.DLL!CreateServiceW 77E27381 3 Bytes JMP 015B03FC .text C:\Program Files\Kadu\kadu.exe[3608] ADVAPI32.DLL!CreateServiceW + 4 77E27385 1 Byte [89] .text C:\Program Files\Kadu\kadu.exe[3608] ADVAPI32.DLL!DeleteService 77E27489 5 Bytes JMP 015B0600 .text C:\Program Files\Kadu\kadu.exe[3608] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 015C0804 .text C:\Program Files\Kadu\kadu.exe[3608] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 015C0A08 .text C:\Program Files\Kadu\kadu.exe[3608] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 015C0600 .text C:\Program Files\Kadu\kadu.exe[3608] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 015C01F8 .text C:\Program Files\Kadu\kadu.exe[3608] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 015C03FC .text C:\WINDOWS\System32\svchost.exe[3680] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[3680] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3680] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[3680] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3680] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[3680] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[3680] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[3680] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[3680] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[3680] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[3680] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[3680] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[3680] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[3680] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[3680] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[3680] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[3680] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3692] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3692] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3692] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3692] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3692] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3692] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3692] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3692] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3692] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3692] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3692] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3692] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3692] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3692] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3692] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3692] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3692] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001701F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001703FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00550804 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00550600 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005503FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00561014 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00560804 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00560A08 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00560C0C .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00560E10 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 005601F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 005603FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3792] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00560600 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001701F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001703FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00550804 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00550600 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005503FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00561014 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00560804 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00560A08 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00560C0C .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00560E10 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 005601F8 .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 005603FC .text C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00560600 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89BA45E0 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spxb.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spxb.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spxb.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spxb.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spxb.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spxb.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spxb.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 899A92D8 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E8048] spxb.sys IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!RtlInitUnicodeString] F44D8B48 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!swprintf] C1815753 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!KeSetEvent] 00002590 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 467C8D51 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 76F6E84A IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] D88BFFFF IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8504C483 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 5F0A75DB IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 5B08438D IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!MmUnmapIoSpace] 5DE58B5E IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 259068C3 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IofCompleteRequest] 006A0000 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 88F0E853 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IofCallDriver] 558DFFFF IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 90838DF8 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 52000025 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoConnectInterrupt] 03895750 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoDetachDevice] FFF363E8 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!KeWaitForSingleObject] 0C458AFF IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!KeInitializeEvent] 8B104D8B IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!KeCancelTimer] 43881855 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 1C458B08 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!RtlInitAnsiString] 0F544389 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 89FF45B6 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoQueueWorkItem] 4D8B0C4B IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!MmMapIoSpace] 50538920 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 8924558B IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoReportDetectedDevice] 5389584B IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0A43885C IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0646B60F IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!NlsMbCodePageTag] A818C483 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8D7F743F IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001A8C8B IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0835100 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!sprintf] 7E8D503F IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] [B9E85728] \SystemRoot\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 182.06 /NVIDIA Corporation) IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!ObfDereferenceObject] 0F0000D1 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 8D0646B6 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001B8093 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!ZwClose] E0835200 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E857503F IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 0000EBB4 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 026B938D IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!PoStartNextPowerIrp] C6830000 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoCreateDevice] 0008B908 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!RtlCopyUnicodeString] FA8B0000 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 758BA5F3 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 064E8A08 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!ZwOpenKey] 883FE180 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 0002688B IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoStartTimer] 06468A00 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!KeInitializeTimer] 8306E8C0 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoInitializeTimer] 023C18C4 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!KeInitializeDpc] 02698388 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!KeInitializeSpinLock] 19750000 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoInitializeIrp] 028C838D IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!ZwCreateKey] 52500000 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 00C143E8 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 08C48300 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!ZwSetValueKey] 0575C085 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!KeInsertQueueDpc] EB08708D IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 074E8A54 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoStartPacket] 026A8B88 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 83660000 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 7601487E IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoFreeMdl] 4AC68305 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!MmUnlockPages] F63302EB IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5614558B IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 75E85352 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 8BFFFFF4 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 0CC483F0 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!KeSynchronizeExecution] 2075F685 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoStartNextPacket] 050C7D80 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!KeBugCheckEx] 0092850F IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 458B0000 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!KeSetTimer] E85350F8 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!_allmul] FFFFF848 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!MmProbeAndLockPages] 8408C483 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!_except_handler3] BE7875C0 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!PoSetPowerState] 00000008 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] F346E853 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!RtlWriteRegistryValue] C483FFFF IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00F46804 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!_aulldiv] 838D0000 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!strstr] 00001A8C IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!_strupr] E850006A IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!KeQuerySystemTime] FFFF87CA IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 0000F468 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!KeTickCount] 808B8D00 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 6A00001B IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoDeleteDevice] B7E85100 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 33FFFF87 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoAllocateWorkItem] 6B8389C0 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoAllocateIrp] 89000002 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoAllocateMdl] 00026F83 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 73838900 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!MmLockPagableDataSection] 89000002 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 00027783 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 7B838900 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!ExFreePoolWithTag] 89000002 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoFreeIrp] 00027F83 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!IoFreeWorkItem] 83838900 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!InitSafeBootMode] 53000002 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!RtlCompareMemory] 02878389 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!PoCallDriver] 7FE80000 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!memmove] 83FFFF68 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[ntoskrnl.exe!MmHighestUserAddress] 8B5F1CC4 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[HAL.dll!KeGetCurrentIrql] 57B80974 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[HAL.dll!KfRaiseIrql] 8B000000 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[HAL.dll!KfLowerIrql] 56C35DE5 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[HAL.dll!HalGetInterruptVector] 8D08758B IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520 IAT \SystemRoot\System32\Drivers\a4mapn2l.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[868] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002 IAT C:\WINDOWS\system32\services.exe[868] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 89BA01F8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \FileSystem\Fastfat \FatCdrom 878491F8 AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\PCI_PNP8224 \Device\00000043 spxb.sys Device \Driver\PCI_PNP8224 \Device\00000043 spxb.sys Device \Driver\usbuhci \Device\USBPDO-0 899A81F8 Device \Driver\usbuhci \Device\USBPDO-1 899A81F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C121F8 Device \Driver\dmio \Device\DmControl\DmConfig 89C121F8 Device \Driver\dmio \Device\DmControl\DmPnP 89C121F8 Device \Driver\dmio \Device\DmControl\DmInfo 89C121F8 Device \Driver\usbuhci \Device\USBPDO-2 899A81F8 Device \Driver\usbuhci \Device\USBPDO-3 899A81F8 Device \Driver\usbehci \Device\USBPDO-4 899FC500 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Ftdisk \Device\HarddiskVolume1 89BA21F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{AD511722-3332-43A8-83D6-532F70A21B7A} 894F91F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 89BA21F8 Device \Driver\Cdrom \Device\CdRom0 898E3368 Device \Driver\atapi \Device\Ide\IdePort0 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Cdrom \Device\CdRom1 898E3368 Device \Driver\NetBT \Device\NetBt_Wins_Export 894F91F8 Device \Driver\NetBT \Device\NetbiosSmb 894F91F8 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBFDO-0 899A81F8 Device \Driver\usbuhci \Device\USBFDO-1 899A81F8 Device \Driver\sptd \Device\792029474 spxb.sys Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8947F1F8 Device \Driver\usbuhci \Device\USBFDO-2 899A81F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8947F1F8 Device \Driver\usbuhci \Device\USBFDO-3 899A81F8 Device \Driver\usbehci \Device\USBFDO-4 899FC500 Device \Driver\Ftdisk \Device\FtControl 89BA21F8 Device \Driver\a4mapn2l \Device\Scsi\a4mapn2l1 8999F1F8 Device \Driver\a4mapn2l \Device\Scsi\a4mapn2l1Port2Path0Target0Lun0 8999F1F8 Device \FileSystem\Fastfat \Fat 878491F8 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \FileSystem\Cdfs \Cdfs 8991A500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x76 0x43 0xB7 0x22 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0E 0x52 0x74 0x66 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD0 0x30 0xF3 0xDF ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x76 0x43 0xB7 0x22 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0E 0x52 0x74 0x66 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD0 0x30 0xF3 0xDF ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 MBR read error Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0 ---- EOF - GMER 1.0.15 ---- [/log] GMER scan 2: [log]GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-06-27 19:59:19 Windows 5.1.2600 Dodatek Service Pack 3 Running: 2eelon1n.exe; Driver: C:\DOCUME~1\Kuba\USTAWI~1\Temp\uxldqpoc.sys ---- Services - GMER 1.0.15 ---- Service .NET CLR Data Service .NET CLR Networking Service .NET Data Provider for Oracle Service .NET Data Provider for SqlServer Service .NETFramework Service (avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP/AVAST Software) [SYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys (Sterownik ACPI dla systemu NT/Microsoft Corporation) [BOOT] ACPI Service C:\WINDOWS\system32\DRIVERS\ACPIEC.sys (Sterownik kontrolera osadzonego interfejsu ACPI/Microsoft Corporation) [BOOT] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec Service C:\WINDOWS\system32\DRIVERS\AegisP.sys (IEEE 802.1X Protocol Driver/Cisco Systems, Inc.) [AUTO] AegisP Service C:\WINDOWS\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) [AUTO] Apple Mobile Device Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt Service C:\WINDOWS\system32\DRIVERS\arp1394.sys (IP/1394 Arp Client/Microsoft Corporation) [MANUAL] Arp1394 Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_2.0.50727 Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft ASP.NET State Server/Microsoft Corporation) [MANUAL] aspnet_state Service (avast! File System Access Blocking Driver/AVAST Software) [AUTO] aswFsBlk Service (avast! File System Filter Driver for Windows XP/AVAST Software) [AUTO] aswMon2 Service (avast! TDI RDR Driver/AVAST Software) [SYSTEM] aswRdr Service (avast! Virtualization Driver/AVAST Software) [SYSTEM] aswSnx Service (avast! self protection module/AVAST Software) [SYSTEM] aswSP Service (avast! TDI Filter Driver/AVAST Software) [SYSTEM] aswTdi Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [BOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (avast! Service/AVAST Software) [AUTO] avast! Antivirus Service (Battery Class Driver/Microsoft Corporation) BattC Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] BITS Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [SYSTEM] Cdaudio Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs Service C:\WINDOWS\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] Cdrom Service [SYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe (Content Index service/Microsoft Corporation) [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [DISABLED] ClipSrv Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32 Service C:\WINDOWS\system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) [MANUAL] CmBatt Service [DISABLED] CmdIde Service C:\WINDOWS\system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [BOOT] Compbatt Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe (Proces usługi Menedżera dysków logicznych/Microsoft Corp., Veritas Software) [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys (Sterownik uruchamiania Menedżera dysków NT/Microsoft Corp., Veritas Software) [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys (Sterownik We/Wy menedżera dysków NT/Microsoft Corp., Veritas Software) [BOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [BOOT] dmload Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Dot3svc Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EapHost Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe (Usługi i aplikacja Kontroler/Microsoft Corporation) [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility Service (Floppy Disk Controller Driver/Microsoft Corporation) [SYSTEM] Fdc Service (Sterownik kryptografii FIPS/Microsoft Corporation) [SYSTEM] Fips Service (Floppy Driver/Microsoft Corporation) [SYSTEM] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys (Sterownik dysku FT/Microsoft Corporation) [BOOT] Ftdisk Service C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM Service C:\WINDOWS\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) [MANUAL] HDAudBus Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] HidServ Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] hkmsvc Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter Service [SYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys (Sterownik portu i8042/Microsoft Corporation) [SYSTEM] i8042prt Service C:\WINDOWS\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [SYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe (Image Mastering API/Microsoft Corporation) [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService Service [DISABLED] IntelIde Service C:\WINDOWS\system32\DRIVERS\intelppm.sys (Sterownik urządzenia procesora/Microsoft Corporation) [SYSTEM] intelppm Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service Service C:\WINDOWS\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) [SYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys (Sterownik magistrali ISA PNP/Microsoft Corporation) [BOOT] isapnp Service C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys (Sterownik klasy klawiatury/Microsoft Corporation) [SYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer Service (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LanmanServer Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation Service [SYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts Service C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeaserv.exe (Lexmark Connect Service Executable/Lexmark International, Inc.) [AUTO] lxeaCATSCustConnectService Service C:\WINDOWS\system32\lxeacoms.exe (Printer Communication System/ ) [AUTO] lxea_device Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Messenger Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Groove Audit Service/Microsoft Corporation) [MANUAL] Microsoft Office Groove Audit Service Service (Frame buffer simulator/Microsoft Corporation) [SYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe (Zdalne udostępnianie pulpitu NetMeeting/Microsoft Corporation) [MANUAL] mnmsrvc Service (Sterownik modemu/Microsoft Corporation) [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys (Sterownik klasy myszy/Microsoft Corporation) [SYSTEM] Mouclass Service (Mount Manager/Microsoft Corporation) [BOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [SYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe (MS DTC console program/Microsoft Corporation) [MANUAL] MSDTC Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs Service C:\WINDOWS\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios Service (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] napagent Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [BOOT] NDIS Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe (DDE sieci - komunikacja DDE/Microsoft Corporation) [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe (DDE sieci - komunikacja DDE/Microsoft Corporation) [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman Service C:\WINDOWS\system32\DRIVERS\nic1394.sys (IEEE1394 Ndis Miniport and Call Manager/Microsoft Corporation) [MANUAL] NIC1394 Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] NtmsSvc Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 182.06 /NVIDIA Corporation) [MANUAL] nv Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 182.06/NVIDIA Corporation) [AUTO] NVSvc Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd Service C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Office Diagnostics/Microsoft Corporation) [MANUAL] odserv Service C:\WINDOWS\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [BOOT] ohci1394 Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose Service Outlook Service (Sterownik portu równoległego/Microsoft Corporation) [MANUAL] Parport Service (Partition Manager/Microsoft Corporation) [BOOT] PartMgr Service (VDM Parallel Driver/Microsoft Corporation) [AUTO] ParVdm Service C:\WINDOWS\system32\DRIVERS\pci.sys (Licznik NT Plug and Play PCI/Microsoft Corporation) [BOOT] PCI Service [SYSTEM] PCIDump Service C:\WINDOWS\system32\DRIVERS\pciide.sys (Rodzajowy sterownik magistrali PCI IDE/Microsoft Corporation) [BOOT] PCIIde Service C:\WINDOWS\system32\DRIVERS\pcmcia.sys (Sterownik magistrali PCMCIA/Microsoft Corporation) [BOOT] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe (Usługi i aplikacja Kontroler/Microsoft Corporation) [AUTO] PlugPlay Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) [MANUAL] PSched Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe Service C:\WINDOWS\system32\DRIVERS\raspti.sys (PTI DirectParallel(R) mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti Service C:\WINDOWS\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr Service RDPNP Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe (Menedżer sesji pomocy pulpitu zdalnego Microsoft®/Microsoft Corporation) [MANUAL] RDSessMgr Service C:\WINDOWS\system32\DRIVERS\redbook.sys (Sterownik filtru audio Redbook/Microsoft Corporation) [SYSTEM] redbook Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RemoteRegistry Service C:\WINDOWS\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs Service C:\WINDOWS\system32\rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP Service C:\WINDOWS\system32\DRIVERS\RTL8192su.sys (Realtek RTL8192S USB NDIS Driver/Realtek Semiconductor Corporation ) [MANUAL] RTL8192su Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe (Smart Card Resource Management Server/Microsoft Corporation) [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Schedule Service C:\WINDOWS\system32\DRIVERS\sdbus.sys (SecureDigital Bus Driver/Microsoft Corporation) [MANUAL] sdbus Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS Service (Sterownik urządzenia szeregowego/Microsoft Corporation) [AUTO] Serial Service C:\WINDOWS\system32\DRIVERS\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation) [MANUAL] sffdisk Service C:\WINDOWS\system32\DRIVERS\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd Service (SCSI Floppy Driver/Microsoft Corporation) [SYSTEM] Sfloppy Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection Service [DISABLED] Simbad Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [BOOT] sptd Service C:\WINDOWS\system32\DRIVERS\sr.sys (Sterownik filtru systemu plików Przywracania systemu/Microsoft Corporation) [BOOT] sr Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice Service C:\WINDOWS\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] SSDPSRV Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] stisvc Service C:\WINDOWS\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) [MANUAL] SynTP Service C:\WINDOWS\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe (Usługa dzienników wydajności i alertów/Microsoft Corporation) [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv Service C:\WINDOWS\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [SYSTEM] Tcpip Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP Service C:\WINDOWS\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes Service C:\WINDOWS\system32\drivers\tifm21.sys (tifm21.sys/Texas Instruments) [MANUAL] tifm21 Service C:\WINDOWS\system32\tlntsvr.exe (Usługa Telnet/Microsoft Corporation) [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\drivers\TPwSav.sys (IO Driver/TOSHIBA ) [SYSTEM] TPwSav Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks Service TSDDD Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) [MANUAL] Update Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS Service C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL Service C:\WINDOWS\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci Service C:\WINDOWS\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\usbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci Service C:\WINDOWS\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave Service [DISABLED] ViaIde Service (Sterownik kopiowania woluminów w tle/Microsoft Corporation) [BOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe (Usługa kopiowania woluminów w tle Microsoft®/Microsoft Corporation) [MANUAL] VSS Service C:\WINDOWS\System32\Drivers\vulfnth.sys (VIA USB Host Controller Lower Filter Driver/VIA Technologies, Inc.) [MANUAL] vulfnths Service C:\WINDOWS\System32\Drivers\vulfntr.sys (VIA USB Roothub Lower Filter Driver/VIA Technologies, Inc.) [MANUAL] vulfntrs Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] W32Time Service W3SVC Service C:\WINDOWS\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\system32\wbem\wmiapsrv.exe (Usługa karty wydajności WMI/Microsoft Corporation) [MANUAL] WmiApSrv Service (Winsock2 IFS Layer/Microsoft Corporation) [SYSTEM] WS2IFSL Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wscsvc Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov Service {988B7785-62B2-49EF-9559-5E1E63EA5778} Service {AD511722-3332-43A8-83D6-532F70A21B7A} ---- EOF - GMER 1.0.15 ---- [/log] To wszystko o co prosiłeś. Pozdrawiam.
wirusolog komentarz 28 czerwca 2011 komentarz 28 czerwca 2011 [b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst: [code]:OTL O4 - HKU\S-1-5-21-1844237615-1326574676-1177238915-1003..\Run: [Komunikator] File not found O4 - HKLM..\Run: [TFncKy] File not found :Files C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1326574676-1177238915-1003UA.job C:\WINDOWS\ssconf2.bin C:\sound32.dll C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1326574676-1177238915-1003Core.job :Reg [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2] :Commands [emptyflash] [emptytemp][/code] Kliknij w [b]Wykonaj skrypt[/b]. Zatwierdź restart komputera. [b]2.[/b] Do odinstalowania w panelu sterowania (dodaj lub usuń programy): [b]DAEMON Tools Toolbar[/b] [b]3.[/b] Ściągnij [url=http://www.teamxscript.org/too/AD-R.exe][b][color=blue][u]Ad-Remover.exe[/url][/b][/color][/u] i wciśnij w nim opcję czyszczenie ([size="3"][b]Clean[/b][/size]) Po chwili wyświetli się raport - wklej go. [b]4.[/b] Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję [b]Skanuj[/b]. Pokazujesz nowe logi z OTL + raport z usuwania. 1
Mr.Hankey komentarz 28 czerwca 2011 Autor komentarz 28 czerwca 2011 Raport po restarcie kompa: [log]All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-1844237615-1326574676-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Komunikator deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TFncKy deleted successfully. ========== FILES ========== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1326574676-1177238915-1003UA.job moved successfully. C:\WINDOWS\ssconf2.bin moved successfully. C:\sound32.dll moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1326574676-1177238915-1003Core.job moved successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User User: Kuba ->Flash cache emptied: 27694 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Kuba ->Temp folder emptied: 53142611 bytes ->Temporary Internet Files folder emptied: 109213154 bytes ->Java cache emptied: 1426623 bytes ->Google Chrome cache emptied: 378072166 bytes ->Opera cache emptied: 33105771 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2352022 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5411922 bytes RecycleBin emptied: 1026915488 bytes Total Files Cleaned = 1 535,00 mb OTL by OldTimer - Version 3.2.24.1 log created on 06282011_162831 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... [/log] AD-Remover raport: [log]======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 16:34:34 on 28/06/2011, Normal boot Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Kuba@COMPANY ( ) ============== ACTION(S) ============== (!) -- Temporary files deleted. ============== ADDITIONNAL SCAN ============== **** Google Chrome Version [12.0.742.100] **** Extension\icmlaeflemplmjndnaapfdbbnpncnbda (C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx) (?) -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Enabled: true) (?) Preferences - homepage: hxxp://www.google.com/ Preferences - homepage_is_newtabpage: false Plugin - Chrome NaCl (Enabled: false) (C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll) Plugin - "Chrome NaCl" (Enabled: false) ======================================== **** Internet Explorer Version [6.0.2900.5512] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (x) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 13 File(s) C:\Ad-Report-CLEAN[1].txt - 28/06/2011 16:34:39 (1177 Byte(s)) End at: 16:35:53, 28/06/2011 ============== E.O.F ============== [/log] OTL.TXT: [log]OTL logfile created on: 2011-06-28 16:41:50 - Run 2 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\Wczesniej Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 73,56% Memory free 3,85 Gb Paging File | 3,44 Gb Available in Paging File | 89,38% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 43,42 Gb Total Space | 32,77 Gb Free Space | 75,47% Space Free | Partition Type: NTFS Drive D: | 68,36 Gb Total Space | 51,66 Gb Free Space | 75,57% Space Free | Partition Type: NTFS Computer Name: COMPANY | User Name: Kuba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-06-27 19:27:58 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\Wczesniej\OTL.exe PRC - [2011-06-24 22:14:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2011-06-22 03:04:44 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe PRC - [2011-06-14 00:52:23 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2011-06-07 17:51:12 | 000,421,160 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2011-06-07 17:51:02 | 000,820,520 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2011-05-25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011-05-10 13:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011-05-10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011-04-08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2011-04-06 16:20:16 | 000,349,472 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2010-05-13 10:01:52 | 000,966,656 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe PRC - [2010-05-05 14:18:46 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe PRC - [2010-05-05 14:18:43 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe PRC - [2010-04-14 21:45:21 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxeacoms.exe PRC - [2009-02-09 13:18:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2008-07-24 16:02:06 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe PRC - [2008-04-14 21:51:52 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2008-04-14 21:51:52 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe PRC - [2008-04-14 21:51:52 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 21:51:50 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-14 21:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 21:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 21:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 21:51:40 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2008-04-14 21:51:32 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2008-04-14 21:51:32 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe PRC - [2008-04-14 21:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 21:51:12 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-14 21:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 21:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-08-10 14:21:56 | 016,384,000 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2007-07-25 17:19:54 | 000,888,832 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2007-07-25 17:19:54 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe PRC - [2007-06-30 07:18:06 | 000,028,672 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\TCtrlIOHook.exe PRC - [2006-10-27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2006-02-09 12:47:08 | 000,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe PRC - [2005-12-27 12:06:32 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-06-27 19:27:58 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\Wczesniej\OTL.exe MOD - [2011-05-10 13:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll MOD - [2008-04-14 21:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 21:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 21:50:58 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 21:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 21:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 21:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 21:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 21:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-14 21:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 21:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2008-04-14 21:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 21:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 21:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2008-04-14 21:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 21:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 21:50:38 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2008-04-14 21:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2008-04-14 21:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-14 21:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 21:50:16 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-14 21:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 21:50:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-14 21:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-04-14 21:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-04-14 21:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008-04-14 21:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2002-03-02 11:40:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011-05-10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-04-14 21:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxeacoms.exe -- (lxea_device) SRV - [2010-04-14 21:45:14 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe -- (lxeaCATSCustConnectService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-06-20 07:35:45 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2011-05-10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011-05-10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011-05-10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011-05-10 13:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011-05-10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011-05-10 12:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011-05-10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-01-25 08:29:50 | 000,605,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2007-08-10 12:52:44 | 004,603,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-07-25 17:07:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2006-06-22 15:27:12 | 000,011,264 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local O1 HOSTS File: ([2011-06-25 22:01:06 | 000,000,770 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 74.208.10.249 gs.apple.com O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe () O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA) O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\Kuba\Dane aplikacji\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\Kuba\Dane aplikacji\FlashGetBHO\GetAllUrl.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-06-18 19:00:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-06-28 16:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover [2011-06-28 16:28:31 | 000,000,000 | ---D | C] -- C:\_OTL [2011-06-27 19:40:58 | 000,000,000 | ---D | C] -- C:\rsit [2011-06-27 02:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\ObviousIdea [2011-06-27 02:19:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ObviousIdea [2011-06-27 02:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\ObviousIdea [2011-06-25 22:24:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2011-06-25 22:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\iTunes [2011-06-25 22:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011-06-25 22:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011-06-25 22:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\QuickTime [2011-06-25 22:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011-06-25 22:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011-06-25 22:07:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011-06-25 21:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Temp [2011-06-25 20:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dane aplikacji\Apple Computer [2011-06-25 20:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Apple Computer [2011-06-25 20:30:19 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll [2011-06-25 20:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011-06-25 20:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer [2011-06-25 20:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Apple [2011-06-25 20:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011-06-25 20:28:00 | 004,517,664 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll [2011-06-25 20:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2011-06-25 20:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple [2011-06-25 20:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Apple Computer [2011-06-24 22:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun [2011-06-24 22:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011-06-24 22:14:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2011-06-24 22:14:20 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011-06-24 22:14:20 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011-06-24 22:14:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011-06-24 22:14:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011-06-24 22:14:20 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2011-06-24 22:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011-06-24 22:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Sun [2011-06-24 19:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011-06-24 19:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Menu Start\Programy\HiJackThis [2011-06-23 18:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Office [2011-06-23 18:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works [2011-06-23 18:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild [2011-06-23 18:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio [2011-06-23 18:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2011-06-23 18:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2011-06-23 18:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2011-06-23 18:49:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW [2011-06-23 18:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft Help [2011-06-23 18:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011-06-23 18:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help [2011-06-23 18:48:19 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011-06-23 01:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\NapiProjekt [2011-06-23 01:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\NAPI-PROJEKT [2011-06-22 22:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\DoctorWeb [2011-06-22 18:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\.ssh [2011-06-22 18:29:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\.nx [2011-06-22 18:28:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\NX Client for Windows [2011-06-22 18:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\NX Client for Windows [2011-06-22 16:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\FileZilla [2011-06-22 16:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\FileZilla FTP Client [2011-06-22 16:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client [2011-06-22 16:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\BITS [2011-06-22 16:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\FlashGet [2011-06-22 16:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\FlashGetBHO [2011-06-22 16:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\FlashGet Network [2011-06-22 03:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Menu Start\Programy\Google Chrome [2011-06-21 20:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Kadu [2011-06-21 20:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Menu Start\Programy\Kadu [2011-06-21 20:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Kadu [2011-06-21 00:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Tlen.pl [2011-06-21 00:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl [2011-06-21 00:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\Tlen.pl [2011-06-20 14:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\SimAquarium [2011-06-20 14:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\OldOpera [2011-06-20 14:40:55 | 003,463,656 | ---- | C] (Digital Illusions Software) -- C:\WINDOWS\SimAQUARIUM2 Tank-1.scr [2011-06-20 14:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\SimAQUARIUM2 [2011-06-20 14:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\SimAQUARIUM 2 Screensaver [2011-06-20 14:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\OldOpera 9 [2011-06-20 08:39:26 | 001,123,840 | ---- | C] (Karol Winnicki) -- C:\Documents and Settings\Kuba\Pulpit\BESTplayer.exe [2011-06-20 08:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\BESTplayer [2011-06-20 08:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\K-Lite Codec Pack [2011-06-20 08:38:49 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm [2011-06-20 08:38:48 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2011-06-20 08:38:48 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2011-06-20 08:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2011-06-20 08:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Spirograph [2011-06-20 07:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade [2011-06-20 07:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Formosoft [2011-06-20 07:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar [2011-06-20 07:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DAEMON Tools Lite [2011-06-20 07:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2011-06-20 07:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\DAEMON Tools [2011-06-20 01:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data [2011-06-20 00:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Pulpit\Programy [2011-06-20 00:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Opera [2011-06-20 00:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Opera [2011-06-20 00:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2011-06-19 16:16:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Gadu-Gadu 10 [2011-06-19 16:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2011-06-19 16:14:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2011-06-19 07:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\ARAX Disk Doctor Data Recovery [2011-06-19 06:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Ontrack [2011-06-19 05:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\uTorrent [2011-06-18 22:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Convar [2011-06-18 22:34:49 | 000,307,200 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUn0415.exe [2011-06-18 22:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Lx_cats [2011-06-18 22:24:07 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacoin.dll [2011-06-18 22:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ABBYY FineReader 6.0 Sprint [2011-06-18 22:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Abbyy FineReader 6.0 Sprint [2011-06-18 22:22:31 | 000,372,736 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LXEAwupd.dll [2011-06-18 22:22:31 | 000,213,672 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LXEAwupd.exe [2011-06-18 22:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\avast! Free Antivirus [2011-06-18 22:21:56 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2011-06-18 22:21:56 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2011-06-18 22:21:54 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2011-06-18 22:21:53 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2011-06-18 22:21:53 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2011-06-18 22:21:51 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2011-06-18 22:21:51 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2011-06-18 22:21:50 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2011-06-18 22:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark [2011-06-18 22:21:31 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2011-06-18 22:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar [2011-06-18 22:21:30 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2011-06-18 22:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Lexmark [2011-06-18 22:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2011-06-18 22:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2011-06-18 22:20:55 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeausb1.dll [2011-06-18 22:20:55 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeainpa.dll [2011-06-18 22:20:55 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEAhcp.dll [2011-06-18 22:20:55 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaiesc.dll [2011-06-18 22:20:54 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaserv.dll [2011-06-18 22:20:54 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeapmui.dll [2011-06-18 22:20:54 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxealmpm.dll [2011-06-18 22:20:53 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeahbn3.dll [2011-06-18 22:20:53 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaih.exe [2011-06-18 22:20:52 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomc.dll [2011-06-18 22:20:52 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacoms.exe [2011-06-18 22:20:52 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacfg.exe [2011-06-18 22:20:52 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomm.dll [2011-06-18 22:20:51 | 000,086,186 | ---- | C] (Lexmark International) -- C:\WINDOWS\System32\LXEAcfg.dll [2011-06-18 22:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark S300-S400 Series [2011-06-18 22:15:21 | 000,011,264 | ---- | C] (TOSHIBA ) -- C:\WINDOWS\System32\drivers\TPwSav.sys [2011-06-18 22:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\XP [2011-06-18 22:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Vista64 [2011-06-18 22:14:41 | 000,000,000 | ---D | C] -- C:\Temp [2011-06-18 22:14:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TOSHIBA [2011-06-18 22:14:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SDA [2011-06-18 22:14:06 | 000,290,304 | ---- | C] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys [2011-06-18 22:14:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2011-06-18 22:14:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\tiinst [2011-06-18 22:13:32 | 000,094,208 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TCtrlCommon.dll [2011-06-18 22:13:32 | 000,073,728 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TDispVol.exe [2011-06-18 22:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\TOSHIBA [2011-06-18 22:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2011-06-18 22:07:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang [2011-06-18 22:05:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM [2011-06-18 22:04:59 | 009,715,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.exe [2011-06-18 22:04:59 | 004,603,904 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys [2011-06-18 22:04:59 | 001,191,936 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe [2011-06-18 22:04:59 | 000,282,624 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.cpl [2011-06-18 22:04:59 | 000,086,016 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe [2011-06-18 22:04:56 | 002,165,760 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe [2011-06-18 22:04:55 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe [2011-06-18 22:04:55 | 000,299,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSndMgr.cpl [2011-06-18 22:04:55 | 000,069,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe [2011-06-18 22:04:51 | 000,520,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll [2011-06-18 22:04:51 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe [2011-06-18 22:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles [2011-06-18 22:00:26 | 000,801,312 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcplui.exe [2011-06-18 22:00:26 | 000,453,152 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe [2011-06-18 22:00:26 | 000,420,384 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.cpl [2011-06-18 22:00:26 | 000,143,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe [2011-06-18 22:00:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview [2011-06-18 22:00:05 | 002,744,320 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwss.dll [2011-06-18 22:00:05 | 000,081,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll [2011-06-18 22:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\XTreme-G Drivers [2011-06-18 22:00:04 | 003,796,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvitvs.dll [2011-06-18 22:00:04 | 001,253,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvPVEnc.ax [2011-06-18 22:00:03 | 009,592,832 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll [2011-06-18 22:00:03 | 003,489,792 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgames.dll [2011-06-18 22:00:03 | 001,273,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmobls.dll [2011-06-18 22:00:03 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll [2011-06-18 22:00:03 | 000,188,416 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccss.dll [2011-06-18 22:00:03 | 000,086,016 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll [2011-06-18 22:00:03 | 000,045,056 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccsrs.dll [2011-06-18 22:00:02 | 004,710,400 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdisps.dll [2011-06-18 22:00:02 | 001,560,576 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll [2011-06-18 22:00:02 | 000,401,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll [2011-06-18 22:00:01 | 013,680,640 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll [2011-06-18 22:00:01 | 000,135,168 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll [2011-06-18 22:00:01 | 000,135,168 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll [2011-06-18 22:00:00 | 000,667,648 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll [2011-06-18 21:59:59 | 006,185,088 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll [2011-06-18 21:59:59 | 000,000,000 | ---D | C] -- C:\nVidia Forceware [2011-06-18 21:55:28 | 000,000,000 | ---D | C] -- C:\Drivers [2011-06-18 21:18:37 | 000,000,000 | ---D | C] -- C:\NVIDIA [2011-06-18 20:56:48 | 000,000,000 | ---D | C] -- C:\Intel [2011-06-18 20:54:07 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2011-06-18 20:53:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2011-06-18 20:48:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011-06-18 20:37:57 | 000,453,152 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUNINST.EXE [2011-06-18 20:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2011-06-18 20:29:04 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer [2011-06-18 20:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC [2011-06-18 20:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines [2011-06-18 20:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared [2011-06-18 20:28:55 | 000,000,000 | R--D | C] -- C:\Program Files [2011-06-18 20:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files [2011-06-18 20:28:41 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll [2011-06-18 20:28:41 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll [2011-06-18 20:28:41 | 000,085,532 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll [2011-06-18 20:28:41 | 000,085,532 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll [2011-06-18 20:28:40 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll [2011-06-18 20:28:40 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll [2011-06-18 20:28:40 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll [2011-06-18 20:28:40 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll [2011-06-18 20:28:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Menu Start [2011-06-18 20:28:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty [2011-06-18 20:28:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart [2011-06-18 20:28:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Szablony [2011-06-18 20:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Ulubione [2011-06-18 20:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Pulpit [2011-06-18 20:28:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2 [2011-06-18 20:28:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot [2011-06-18 20:27:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft [2011-06-18 20:27:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji [2011-06-18 20:27:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings [2011-06-18 20:27:30 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2011-06-18 20:20:51 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts [2011-06-18 20:20:51 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache [2011-06-18 20:20:51 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web [2011-06-18 20:20:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\system [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\security [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl-pl [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\java [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1045 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028 [2011-06-18 20:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025 [2011-06-18 19:30:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2011-06-18 19:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2011-06-18 19:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Menu Start\Programy\WinRAR [2011-06-18 19:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\WinRAR [2011-06-18 19:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\WinRAR [2011-06-18 19:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2011-06-18 19:27:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Moje dokumenty\Downloads [2011-06-18 19:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Macromedia [2011-06-18 19:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Adobe [2011-06-18 19:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google [2011-06-18 19:24:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Kuba\UserData [2011-06-18 19:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\REALTEK 11n USB Wireless LAN Utility [2011-06-18 19:21:16 | 000,605,856 | R--- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\RTL8192su.sys [2011-06-18 19:21:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS [2011-06-18 19:21:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RtlGina [2011-06-18 19:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK [2011-06-18 19:21:01 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2011-06-18 19:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Identities [2011-06-18 19:11:45 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information [2011-06-18 19:11:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kuba\Moje dokumenty\Moja muzyka [2011-06-18 19:11:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kuba\Moje dokumenty\Moje obrazy [2011-06-18 19:11:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Microsoft [2011-06-18 19:11:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Kuba\Cookies [2011-06-18 19:11:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kuba\SendTo [2011-06-18 19:11:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kuba\Recent [2011-06-18 19:11:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji [2011-06-18 19:11:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kuba\Ulubione [2011-06-18 19:11:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kuba\Moje dokumenty [2011-06-18 19:11:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kuba\Menu Start [2011-06-18 19:11:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kuba\Menu Start\Programy\Autostart [2011-06-18 19:11:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kuba\Menu Start\Programy\Akcesoria [2011-06-18 19:11:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kuba\Szablony [2011-06-18 19:11:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kuba\PrintHood [2011-06-18 19:11:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kuba\NetHood [2011-06-18 19:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Pulpit [2011-06-18 19:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft [2011-06-18 19:11:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne [2011-06-18 19:10:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2011-06-18 19:10:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2011-06-18 19:10:49 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft [2011-06-18 19:10:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2011-06-18 19:10:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2011-06-18 19:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2011-06-18 19:04:40 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2011-06-18 19:03:01 | 000,080,384 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2011-06-18 19:03:01 | 000,080,384 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2011-06-18 19:03:00 | 000,029,184 | ---- | C] (RICOH Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll [2011-06-18 19:01:55 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll [2011-06-18 19:01:55 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll [2011-06-18 19:01:55 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll [2011-06-18 19:01:41 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2011-06-18 19:01:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom [2011-06-18 19:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\xerox [2011-06-18 19:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage [2011-06-18 18:59:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM [2011-06-18 18:59:33 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files [2011-06-18 18:59:33 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages [2011-06-18 18:59:23 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate [2011-06-18 18:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Usługi online [2011-06-18 18:59:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX [2011-06-18 18:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services [2011-06-18 18:58:40 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks [2011-06-18 18:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap [2011-06-18 18:58:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst [2011-06-18 18:58:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed [2011-06-18 18:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker [2011-06-18 18:58:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore [2011-06-18 18:58:01 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll [2011-06-18 18:58:01 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\isrdbg32.dll [2011-06-18 18:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting [2011-06-18 18:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express [2011-06-18 18:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System [2011-06-18 18:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer [2011-06-18 18:57:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje obrazy [2011-06-18 18:57:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Gry [2011-06-18 18:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications [2011-06-18 18:56:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Narzędzia administracyjne [2011-06-18 18:56:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration [2011-06-18 18:56:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moja muzyka [2011-06-18 18:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player [2011-06-18 18:56:28 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger [2011-06-18 18:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone [2011-06-18 18:56:16 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll [2011-06-18 18:56:16 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll [2011-06-18 18:56:00 | 000,283,136 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe [2011-06-18 18:55:59 | 000,351,744 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll [2011-06-18 18:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT [2011-06-18 18:55:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc [2011-06-18 18:55:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com [2011-06-18 18:55:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje wideo [2011-06-18 18:54:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Akcesoria [2006-12-12 10:13:20 | 000,032,768 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Documents and Settings\All Users\Dane aplikacji\EBLib.dll [2006-07-28 15:25:26 | 000,019,456 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Documents and Settings\All Users\Dane aplikacji\LPCFilter.sys [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-06-28 16:37:37 | 000,210,919 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011-06-28 16:37:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-06-28 16:34:31 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\AD-R.lnk [2011-06-28 16:30:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-06-27 14:26:47 | 000,000,101 | ---- | M] () -- C:\Documents and Settings\Kuba\.Xauthority [2011-06-27 03:41:53 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-06-27 02:19:55 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Light Image Resizer 4.lnk [2011-06-26 01:00:21 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2011-06-25 22:19:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011-06-25 22:17:20 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\iTunes.lnk [2011-06-25 22:11:59 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\QuickTime Player.lnk [2011-06-25 22:01:06 | 000,000,770 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011-06-24 22:14:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011-06-24 22:14:08 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011-06-24 22:14:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011-06-24 22:14:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011-06-24 22:14:08 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2011-06-24 19:36:55 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\HiJackThis.lnk [2011-06-24 14:13:16 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-06-23 01:01:03 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\NapiProjekt.lnk [2011-06-22 18:29:44 | 000,001,773 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Shell.lnk [2011-06-22 18:28:28 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\NX Client for Windows.lnk [2011-06-22 16:45:48 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\FileZilla.lnk [2011-06-22 16:34:27 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System32\secustat.dat [2011-06-22 16:33:40 | 000,000,025 | ---- | M] () -- C:\WINDOWS\libem.INI [2011-06-22 03:05:37 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Google Chrome.lnk [2011-06-22 00:53:12 | 000,001,243 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Ptasie Mleczko.rtf [2011-06-22 00:51:06 | 000,001,136 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Krem czekoladowy.rtf [2011-06-22 00:50:48 | 000,000,992 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Ciasto Marchewkowe.rtf [2011-06-22 00:32:10 | 000,001,178 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Serniczek.rtf [2011-06-22 00:04:31 | 000,001,410 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Chleb Dukana.rtf [2011-06-21 20:40:57 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Kadu.lnk [2011-06-20 14:55:13 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\OldOpera.lnk [2011-06-20 14:40:54 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\SimAQUARIUM v2.06 Tank-1.lnk [2011-06-20 08:38:14 | 001,123,840 | ---- | M] (Karol Winnicki) -- C:\Documents and Settings\Kuba\Pulpit\BESTplayer.exe [2011-06-20 07:38:25 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2011-06-19 18:21:51 | 000,000,313 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Kuba - Utrata Wagi.html [2011-06-19 16:09:36 | 000,448,586 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-06-19 16:09:36 | 000,392,630 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-06-19 16:09:36 | 000,074,648 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-06-19 16:09:36 | 000,058,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-06-18 22:27:00 | 000,198,605 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf [2011-06-18 22:21:52 | 000,002,644 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011-06-18 22:07:39 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Mój komputer.lnk [2011-06-18 22:07:37 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Moje dokumenty.lnk [2011-06-18 22:07:01 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav [2011-06-18 22:07:01 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav [2011-06-18 22:04:51 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe [2011-06-18 20:53:23 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF [2011-06-18 19:22:06 | 000,001,828 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\REALTEK 11n USB Wireless LAN Utility.lnk [2011-06-18 19:22:00 | 000,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2011-06-18 19:04:44 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD [2011-06-18 19:03:35 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2011-06-18 19:00:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011-06-18 19:00:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011-06-18 19:00:40 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011-06-18 19:00:40 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2011-06-18 19:00:37 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2011-06-18 19:00:36 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2011-06-18 19:00:36 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2011-06-18 19:00:25 | 000,004,293 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2011-06-18 18:57:11 | 000,021,856 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2011-06-18 18:54:18 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2011-06-16 09:00:00 | 000,073,216 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-06-16 09:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini [2011-06-02 01:15:52 | 000,243,200 | ---- | M] () -- C:\WINDOWS\System32\xvidvfw.dll [2011-06-02 01:10:30 | 000,644,608 | ---- | M] () -- C:\WINDOWS\System32\xvidcore.dll [2011-05-10 13:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2011-05-10 13:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2011-05-10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2011-05-10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2011-05-10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2011-05-10 13:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2011-05-10 13:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2011-05-10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2011-05-10 12:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2011-05-10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2011-05-10 08:06:08 | 004,517,664 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-06-28 16:34:31 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\AD-R.lnk [2011-06-27 02:19:55 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Light Image Resizer 4.lnk [2011-06-26 01:00:22 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Opera.lnk [2011-06-26 01:00:21 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2011-06-25 22:19:08 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011-06-25 22:17:20 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\iTunes.lnk [2011-06-25 22:11:59 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\QuickTime Player.lnk [2011-06-25 20:28:13 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Apple Software Update.lnk [2011-06-24 19:36:12 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\HiJackThis.lnk [2011-06-23 01:01:03 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\NapiProjekt.lnk [2011-06-22 18:30:14 | 000,000,101 | ---- | C] () -- C:\Documents and Settings\Kuba\.Xauthority [2011-06-22 18:29:44 | 000,001,773 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Shell.lnk [2011-06-22 18:28:28 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\NX Client for Windows.lnk [2011-06-22 16:45:48 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\FileZilla.lnk [2011-06-22 16:34:27 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat [2011-06-22 16:33:40 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI [2011-06-22 03:05:37 | 000,002,295 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Google Chrome.lnk [2011-06-22 00:53:12 | 000,001,243 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Ptasie Mleczko.rtf [2011-06-22 00:51:06 | 000,001,136 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Krem czekoladowy.rtf [2011-06-22 00:50:48 | 000,000,992 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Ciasto Marchewkowe.rtf [2011-06-22 00:32:10 | 000,001,178 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Serniczek.rtf [2011-06-22 00:04:31 | 000,001,410 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Chleb Dukana.rtf [2011-06-21 20:40:57 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Kadu.lnk [2011-06-20 14:56:25 | 000,002,070 | ---- | C] () -- C:\Documents and Settings\Kuba\Menu Start\Programy\SimAquarium.lnk [2011-06-20 14:55:19 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\OldOpera.lnk [2011-06-20 14:40:54 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\SimAQUARIUM v2.06 Tank-1.lnk [2011-06-20 08:40:52 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-06-20 08:38:54 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011-06-20 08:38:54 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2011-06-20 08:38:49 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml [2011-06-20 08:38:48 | 000,644,608 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011-06-20 08:38:48 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011-06-20 08:38:47 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-06-20 08:08:50 | 000,002,092 | ---- | C] () -- C:\Documents and Settings\Kuba\Menu Start\Programy\Spirograph.lnk [2011-06-20 07:38:25 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2011-06-19 18:21:50 | 000,000,313 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Kuba - Utrata Wagi.html [2011-06-19 06:23:17 | 000,000,634 | ---- | C] () -- C:\WINDOWS\System32\MAPISVC.INF [2011-06-18 22:35:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll [2011-06-18 22:24:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxeavs.dll [2011-06-18 22:23:59 | 000,070,133 | ---- | C] () -- C:\WINDOWS\System32\lxeaprpr.chm [2011-06-18 22:23:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxeagcfg.dll [2011-06-18 22:23:57 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeacui.dll [2011-06-18 22:23:57 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeacuir.dll [2011-06-18 22:23:57 | 000,008,694 | ---- | C] () -- C:\WINDOWS\System32\lxeacommuilogo_rtl.bmp [2011-06-18 22:23:57 | 000,008,694 | ---- | C] () -- C:\WINDOWS\System32\lxeacommuilogo.bmp [2011-06-18 22:21:12 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxearwrd.ini [2011-06-18 22:20:56 | 000,198,605 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf [2011-06-18 22:20:55 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEAinst.dll [2011-06-18 22:20:53 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxeains.dll [2011-06-18 22:20:53 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxeainsb.dll [2011-06-18 22:20:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxeagrd.dll [2011-06-18 22:20:53 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeainsr.dll [2011-06-18 22:20:53 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxeajswr.dll [2011-06-18 22:20:52 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeacu.dll [2011-06-18 22:20:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeacub.dll [2011-06-18 22:20:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeacur.dll [2011-06-18 22:20:51 | 000,002,106 | ---- | C] () -- C:\WINDOWS\System32\lxea.loc [2011-06-18 22:20:17 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\LXEAsmr.dll [2011-06-18 22:20:16 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEAsm.dll [2011-06-18 22:15:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL [2011-06-18 22:13:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll [2011-06-18 22:07:39 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Mój komputer.lnk [2011-06-18 22:07:37 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Moje dokumenty.lnk [2011-06-18 22:07:01 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav [2011-06-18 22:07:01 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav [2011-06-18 22:05:38 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011-06-18 22:05:07 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ3.dat [2011-06-18 22:05:07 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ2.dat [2011-06-18 22:05:07 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat [2011-06-18 22:00:26 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2011-06-18 22:00:26 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2011-06-18 22:00:26 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2011-06-18 22:00:26 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2011-06-18 22:00:26 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2011-06-18 22:00:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2011-06-18 22:00:26 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2011-06-18 22:00:26 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2011-06-18 22:00:26 | 000,210,919 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml [2011-06-18 22:00:26 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl [2011-06-18 22:00:26 | 000,018,795 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu [2011-06-18 20:53:23 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF [2011-06-18 20:29:03 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011-06-18 20:29:01 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd [2011-06-18 20:29:00 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa [2011-06-18 20:29:00 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf [2011-06-18 20:28:59 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa [2011-06-18 20:28:38 | 000,001,734 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2011-06-18 20:28:20 | 000,399,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2011-06-18 20:28:20 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat [2011-06-18 20:28:20 | 000,105,628 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat [2011-06-18 20:28:20 | 000,037,509 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2011-06-18 20:28:20 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat [2011-06-18 20:28:20 | 000,033,765 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT [2011-06-18 20:28:20 | 000,016,825 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT [2011-06-18 20:28:20 | 000,013,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2011-06-18 20:28:20 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT [2011-06-18 20:28:20 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT [2011-06-18 20:28:20 | 000,008,599 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2011-06-18 20:28:20 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2011-06-18 20:28:20 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat [2011-06-18 20:28:19 | 002,033,887 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT [2011-06-18 20:28:19 | 001,246,357 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT [2011-06-18 20:28:19 | 000,808,524 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2011-06-18 20:28:19 | 000,634,012 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT [2011-06-18 20:27:30 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-06-18 20:26:27 | 000,000,211 | -HS- | C] () -- C:\boot.ini [2011-06-18 20:26:22 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf [2011-06-18 19:22:06 | 000,001,828 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\REALTEK 11n USB Wireless LAN Utility.lnk [2011-06-18 19:21:56 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2011-06-18 19:21:05 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2011-06-18 19:11:48 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Kuba\Menu Start\Programy\Outlook Express.lnk [2011-06-18 19:11:46 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Kuba\Menu Start\Programy\Internet Explorer.lnk [2011-06-18 19:11:37 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Kuba\Menu Start\Programy\Pomoc zdalna.lnk [2011-06-18 19:11:37 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Kuba\Menu Start\Programy\Windows Media Player.lnk [2011-06-18 19:04:44 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD [2011-06-18 19:03:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011-06-18 19:02:54 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll [2011-06-18 19:02:31 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2011-06-18 19:02:25 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2011-06-18 19:02:23 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2011-06-18 19:02:21 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2011-06-18 19:02:08 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll [2011-06-18 19:02:02 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2011-06-18 19:01:58 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll [2011-06-18 19:01:44 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2011-06-18 19:00:40 | 000,002,644 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT [2011-06-18 19:00:40 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2011-06-18 19:00:40 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2011-06-18 19:00:40 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS [2011-06-18 19:00:40 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT [2011-06-18 19:00:36 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb [2011-06-18 19:00:36 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb [2011-06-18 19:00:35 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx [2011-06-18 18:59:22 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Windows Movie Maker.lnk [2011-06-18 18:59:07 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex [2011-06-18 18:58:51 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp [2011-06-18 18:58:51 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp [2011-06-18 18:58:45 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf [2011-06-18 18:58:04 | 000,380,416 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll [2011-06-18 18:57:13 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Windows Messenger.lnk [2011-06-18 18:57:11 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011-06-18 18:56:11 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Pod mikroskopem.bmp [2011-06-18 18:56:11 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Stiuk z Santa Fe.bmp [2011-06-18 18:56:11 | 000,026,680 | ---- | C] () -- C:\WINDOWS\Wachlarze.bmp [2011-06-18 18:56:11 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Nefryt.bmp [2011-06-18 18:56:11 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rododendron.bmp [2011-06-18 18:56:11 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Na rybkach.bmp [2011-06-18 18:56:11 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Indiański pled.bmp [2011-06-18 18:56:10 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Bąbelki.bmp [2011-06-18 18:56:10 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Kawa.bmp [2011-06-18 18:56:10 | 000,016,730 | ---- | C] () -- C:\WINDOWS\Puch.bmp [2011-06-18 18:56:10 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Niebieska koronka 16.bmp [2011-06-18 18:56:07 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h [2011-06-18 18:56:07 | 000,001,225 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd [2011-06-18 18:56:06 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h [2011-06-18 18:56:01 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc [2008-04-14 22:16:20 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006-12-31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006-01-04 09:59:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2003-01-28 00:09:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\libexpat.dll [2001-10-26 19:15:16 | 000,448,586 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2001-10-26 19:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2001-10-26 19:15:16 | 000,074,648 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2001-10-26 19:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2001-08-23 16:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001-08-23 16:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001-08-18 00:30:24 | 000,392,630 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001-08-18 00:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001-08-18 00:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001-08-18 00:30:22 | 000,058,930 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001-08-18 00:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001-07-22 01:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001-07-22 01:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001-07-22 01:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [color=#E56717]========== LOP Check ==========[/color] [2011-06-18 22:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2011-06-19 16:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2011-06-21 00:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl [2011-06-18 22:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Vista64 [2011-06-18 22:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\XP [2011-06-25 20:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011-06-20 08:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\BESTplayer [2011-06-22 16:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\BITS [2011-06-20 07:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\DAEMON Tools [2011-06-28 16:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\FileZilla [2011-06-22 16:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\FlashGet [2011-06-22 16:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\FlashGetBHO [2011-06-19 19:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Gadu-Gadu 10 [2011-06-27 14:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Kadu [2011-06-27 02:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\ObviousIdea [2011-06-26 01:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Opera [2011-06-21 00:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Tlen.pl [2011-06-22 16:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\uTorrent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2011-06-28 16:35:54 | 000,002,351 | ---- | M] () -- C:\Ad-Report-CLEAN[1].txt [2011-06-18 19:00:40 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2011-06-18 18:54:18 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2001-07-22 01:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2011-06-18 19:00:40 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011-06-18 19:00:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011-06-18 19:00:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-04-13 21:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-13 23:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2011-06-28 16:37:07 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-14 22:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-04-14 22:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-18 00:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-18 00:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-04-14 22:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 21:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008-04-14 21:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008-04-13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] Extras.TXT: [log]OTL Extras logfile created on: 2011-06-28 16:41:51 - Run 2 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Kuba\Moje dokumenty\Downloads\Wczesniej Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 73,56% Memory free 3,85 Gb Paging File | 3,44 Gb Available in Paging File | 89,38% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 43,42 Gb Total Space | 32,77 Gb Free Space | 75,47% Space Free | Partition Type: NTFS Drive D: | 68,36 Gb Total Space | 51,66 Gb Free Space | 75,57% Space Free | Partition Type: NTFS Computer Name: COMPANY | User Name: Kuba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot "1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot "53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.) "C:\WINDOWS\system32\lxeacoms.exe" = C:\WINDOWS\system32\lxeacoms.exe:*:Enabled:S300-S400 Series Server -- ( ) "C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software)) "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\OldOpera\opera.exe" = C:\Program Files\OldOpera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\Tlen.pl\tlen.exe" = C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 "C:\Program Files\NX Client for Windows\nxclient.exe" = C:\Program Files\NX Client for Windows\nxclient.exe:*:Enabled:nxclient -- () "C:\Program Files\NX Client for Windows\bin\nxssh.exe" = C:\Program Files\NX Client for Windows\bin\nxssh.exe:*:Enabled:nxssh -- () [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls Driver "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C441297F-C9F2-4177-9D5F-1B10F0358E32}" = Opera 10.54 "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI "{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.0.6.8 "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Ad-Remover" = Ad-Remover par C_XX "avast" = avast! Free Antivirus "ENTERPRISE" = Microsoft Office Enterprise 2007 "FileZilla Client" = FileZilla Client 3.5.0 "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers. "Kadu" = Kadu 0.9.2 "KLiteCodecPack_is1" = K-Lite Codec Pack 7.2.0 (Full) "Lexmark S300-S400 Series" = Lexmark S300-S400 Series "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "NVIDIA Drivers" = NVIDIA Drivers "nxclient_is1" = NX Client for Windows 3.5.0-5 "Opera 11.11.2109" = Opera 11.11 "SimAQUARIUM2 Tank-1 Screensaver_is1" = SimAQUARIUM2 Tank-1 Screensaver "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.01 (32-bitowy) "XTreme-G Drivers_is1" = XTreme-G 182.06m XP 32bit [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "SimAquarium" = SimAquarium "Spirograph" = Spirograph [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-06-22 17:19:44 | Computer Name = COMPANY | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd nxclient.exe, wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00d81e2c. Error - 2011-06-25 17:21:54 | Computer Name = COMPANY | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd kadu.exe, wersja 0.6.6.0, moduł powodujący błąd qtwebkit4.dll, wersja 4.7.3.0, adres błędu 0x006cfce6. [ System Events ] Error - 2011-06-28 11:28:33 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7031 Description = Usługa Apple Mobile Device niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2011-06-28 11:28:33 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7034 Description = Usługa Usługa Bonjour niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2011-06-28 11:28:33 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7034 Description = Usługa Java Quick Starter niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2011-06-28 11:28:33 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7034 Description = Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2011-06-28 11:28:33 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7034 Description = Usługa lxea_device niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2011-06-28 11:28:41 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7034 Description = Usługa Usługa iPod niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2011-06-28 11:31:12 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą lxeaCATSCustConnectService. Error - 2011-06-28 11:31:12 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lxeaCATSCustConnectService z powodu następującego błędu: %%1053 Error - 2011-06-28 11:37:41 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą lxeaCATSCustConnectService. Error - 2011-06-28 11:37:41 | Computer Name = COMPANY | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lxeaCATSCustConnectService z powodu następującego błędu: %%1053 < End of report > [/log] Wydaje mi się, że wszystko aczkolwiek nie wiem gdzie mogę znaleźć raport usuwania po OTL. Sam nie chciałem nic klikać, więc jak czegoś brakuje to proszę napisz a dopełnie obowiązku. Pozdrawiam.
wirusolog komentarz 28 czerwca 2011 komentarz 28 czerwca 2011 (edytowane) Mała poprawka i kroki końcowe. [hr] [b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst: [code]:Files C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\System32\secustat.dat :OTL O1 - Hosts: 74.208.10.249 gs.apple.com O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. [/code] Klikniij w [b]Wykonaj Skrypt[/b]. Tym razem restartu nie będzie / wyskoczy raport, nic z nim nie rób, notatnik zamknij. [b]2.[/b] W OTL wciśnij przycisk [b]Sprzątanie[/b]. [b]3.[/b] Uruchom Ad-Remover'a i wciśnij w nim [b]UNINSTALL[/b]. [b]4.[/b] Aktualizacja zabezpieczeń: [quote] Internet Explorer [b](Version = 6.0.2900.5512)[/b] "Adobe Flash Player Plugin" =[b] Adobe Flash Player 10 Plugin[/b] "{C441297F-C9F2-4177-9D5F-1B10F0358E32}" = [b]Opera 10.54[/b] [/quote] [list] [*]Jest tu bardzo stara wersja IE. Trzeba aktualizować IE bo dużo programów korzysta z silnika, bez Twojej wiedzy, nawet jeżeli korzystasz z Opery. Tak więc aktualizacja do wersji [url=http://windows.microsoft.com/pl-PL/internet-explorer/products/ie/home][b][color=blue][u]8[/url][/b][/color][/u]. [*]Nie jest podana tu konkretna wersja Flash, upewnij się że masz zainstalowany [url="http://get.adobe.com/flashplayer/"][color="#0000FF"][b]Adobe Flash Player 10.3.181.34[/b][/color][/url]. [*]W logu jest widoczna wersja przeglądarki -> Opera 11.11, tak więc wersja 10.54 do pełnej deinstalacji[/list] [b]5.[/b] Do wyczyszczenia punkty przywracania systemu: [url=http://www.searchengines.pl/Czyszczenie-punktow-przywracania-systemu-t141981.html][b][color="#0000FF"][u]LINK[/url][/b][/color][/u] [b]6.[/b] Zalecam [b]pełne skanowania[/b] [url=http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button][b][color="#0000FF"][u]MBAM[/url][/b][/color][/u] (po instalacji zaaktualizuj ręczne baze wirusów) + [url=http://www.dobreprogramy.pl/Dr.WEB-CureIt,Program,Windows,12976.html][b][color="#0000FF"][u]Dr.Web CureIt![/url][/b][/color][/u]. Jeżeli obydwa skanery coś wykryją usuwasz w przypadku MBAM / leczysz i usuwasz w przypadku Dr.Web'a. Po usunięciu zagrożeń pokazujesz z obydwu programów raporty. 1
Mr.Hankey komentarz 29 czerwca 2011 Autor komentarz 29 czerwca 2011 (edytowane) Jeżeli chodzi o skan Dr.Webem to nic nie wykrył i w zasadzie nie wiem gdzie kliknąć tam żeby pojawił się raport więc zrobiłem screena: [URL=http://imageshack.us/photo/my-images/29/webmb.jpg/][IMG]http://img29.imageshack.us/img29/605/webmb.th.jpg[/IMG][/URL] Co do MBAM to pokiełbasiłek nieco: -Pierwsze skanowanie wykryło jeden zainfekowany plik sound32.dll i trochę się przestraszyłem żeby go usuwać bo możliwe, że pochrzaniłbym coś na kompie, więc to zostawiłem i przeszedłem do Dr.Web, który jak podałem wyżej - nic nie wykrył. -Drugie skanowanie (po Dr.Web-ie) wykryło 2 zagrożenia (sound32.dll i jakiś inny plik na dysku, który niestety usunąłem bez zapisu loga) -Trzecie skanowanie ponownie wykryło zagrożenie w sound32.dll i tym razem je usunąłem, a oto log: [log]Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Wersja bazy: 6970 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 8.0.6001.18702 2011-06-29 04:51:29 mbam-log-2011-06-29 (04-51-29).txt Typ skanowania: Pełne skanowanie (C:\|D:\|) Przeskanowano obiektów: 192528 Upłynęło: 23 minut(y), 2 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 1 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: c:\sound32.dll (Trojan.Agent) -> Quarantined and deleted successfully. [/log] Do tego mam kilka pytań: [b]1.[/b] Czy jak usunąłem sound32.dll to nie będzie to miało negatywnego wpływu na mój komputer? [b]2.[/b] Na komputerze lepiej zostawić AVAST czy MBAM? Edit: //Z siecią jakby się poprawiło, jak wstanę to dokładnie przetestuję bo teraz po pracy idę spać. Jednak Ping na testach nadal wypada blado (70-100). Niemniej jednak wielkie dzięki jak do pory pomaga Pozdrawiam.
wirusolog komentarz 29 czerwca 2011 komentarz 29 czerwca 2011 Gorzej jest z tym, że z Twoich przypuszczeń ten plik się odradza, co mnie niepokoi. [quote name='MrHankey' timestamp='1309319546' post='1288569'] Do tego mam kilka pytań: [b]1.[/b] Czy jak usunąłem sound32.dll to nie będzie to miało negatywnego wpływu na mój komputer? [b]2.[/b] Na komputerze lepiej zostawić AVAST czy MBAM? [/quote] Ad 1) Nic się nie stanie, to jest plik zarażony i trzeba go wyelminować. Ad 2) MBAM to jedynie skaner na żądanie, a Avast to ochrona w czasie rzeczywistym. Nalegam, żeby skan MBAMem przeprowadzać raz w tygodniu, tak dla świętego spokoju. [b]--> sound32.dll <--[/b] sprawdźmy czy dalej gdzieś on jest na dysku. [hr] Ściągnij -> [url=http://images.malwareremoval.com/jpshortstuff/SystemLook.exe][b][color=blue][u]SystemLook.exe[/url][/b][/color][/u] Uruchom i w dolne białe okienko wklej to: [quote] :filefind sound32.dll :regfind sound32.dll [/quote] Kliknij w [b]Look[/b]. Czekaj aż pojawi się raport i po wyskoczeniu raportu pokaż mi go. 1
stabilo komentarz 29 czerwca 2011 komentarz 29 czerwca 2011 To mi bardziej wygląda na winę sprzętu sieciowego.
Mr.Hankey komentarz 29 czerwca 2011 Autor komentarz 29 czerwca 2011 [quote name='wirusolog' date='29 czerwiec 2011 - 09:27' timestamp='1309336185' post='1288639'] Ściągnij -> SystemLook.exe Uruchom i w dolne białe okienko wklej to: Cytat :filefind sound32.dll :regfind sound32.dll Kliknij w Look. Czekaj aż pojawi się raport i po wyskoczeniu raportu pokaż mi go. [/quote] [log]SystemLook 04.09.10 by jpshortstuff Log created at 14:14 on 29/06/2011 by Kuba Administrator - Elevation successful ========== filefind ========== Searching for "sound32.dll " No files found. ========== regfind ========== Searching for "sound32.dll " No data found. -= EOF =-[/log] Dziś wieczorem dam znać w temacie jak wygląda sprawa sprawa z siecią - czy nadal przerywa czy już nie. Pozdrawiam.
wirusolog komentarz 29 czerwca 2011 komentarz 29 czerwca 2011 Tego pliku nie ma dysku ani żadnego wpisu. Czyli Twoje problemy nie wynikają z wirusami. 1
Mr.Hankey komentarz 29 czerwca 2011 Autor komentarz 29 czerwca 2011 (edytowane) [quote name='wirusolog' date='29 czerwiec 2011 - 14:48' timestamp='1309355440' post='1288899'] Tego pliku nie ma dysku ani żadnego wpisu. Czyli Twoje problemy nie wynikają z wirusami. [/quote] Początkowo założyłem ten temat w "Awarie Komputerów" bo sam nie wiedziałem co dokładnie wywołuje mój błąd, ale któryś z Moderatorów musiał go tutaj przenieść. W takim razie jeżeli nie jest to sprawa wirusowa to czy jakiś Moderator może wrzucić ten temat do dobrego działu, ponieważ problem nadal występuje? Wielkie podziękowania dla WIRUSOLOG za to, że przeprowadził mnie przez wszystko krok po kroku. Pozdrawiam.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.