x-kom hosting

[Rozwiązany] Proszę o sprawdzenie logów

Mateusz 935
utworzono
utworzono (edytowane)

Proszę o sprawdzenie logów.

 

OTL:

 

[spoiler][log]OTL logfile created on: 2013-10-08 16:32:25 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Michal\Moje dokumenty\Downloads
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,23 Mb Total Physical Memory | 282,16 Mb Available Physical Memory | 27,58% Memory free
2,40 Gb Paging File | 1,73 Gb Available in Paging File | 72,19% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 24,98 Gb Free Space | 63,96% Space Free | Partition Type: NTFS
Drive D: | 109,94 Gb Total Space | 88,49 Gb Free Space | 80,49% Space Free | Partition Type: NTFS

Computer Name: MICHAŁ_PC | User Name: Michal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-10-08 16:10:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michal\Moje dokumenty\Downloads\OTL.exe
PRC - [2013-10-03 17:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013-08-30 18:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013-08-30 18:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011-05-28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2009-10-10 09:49:36 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009-01-26 11:23:36 | 001,891,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-05-02 09:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2006-10-06 05:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe
PRC - [2005-07-20 00:02:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE


========== Modules (No Company Name) ==========

MOD - [2013-10-08 22:07:23 | 002,105,344 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13100800\algo.dll
MOD - [2013-10-03 17:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013-10-03 17:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013-10-03 17:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013-08-06 19:03:03 | 011,896,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\343c44af659625266143951b4a0267f2\System.Web.ni.dll
MOD - [2013-08-06 08:59:57 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013-07-21 21:05:37 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\79533103112291e81204ca24aed19890\System.Configuration.ni.dll
MOD - [2013-07-21 11:25:24 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\efecb20c44117df86f2eb5f93592fdd8\System.Windows.Forms.ni.dll
MOD - [2013-07-21 11:19:02 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll
MOD - [2013-07-21 11:17:02 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a1d221960bf7a0cbfd1f355595f77e83\System.Xml.ni.dll
MOD - [2013-07-21 11:11:51 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\82a53e923936d5f62d9af4cdfe50a4f8\System.Drawing.ni.dll
MOD - [2013-07-21 11:09:15 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\16562c54978851e92db8fec6f759bba1\System.ni.dll
MOD - [2013-07-21 11:09:05 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2012-12-31 13:48:27 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3482.36915__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2012-12-31 13:48:27 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3482.36914__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2012-12-31 13:48:27 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3482.36918__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2012-12-31 13:48:27 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3482.36914__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2012-12-31 13:48:26 | 001,732,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3482.36835__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2012-12-31 13:48:26 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3482.36817__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:26 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3482.36836__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2012-12-31 13:48:26 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3482.36885__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:26 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3482.36831__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2012-12-31 13:48:26 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3482.36858__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3482.36825__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:25 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3482.36903__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2012-12-31 13:48:25 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3482.36825__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:25 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3482.36867__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:25 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3482.36835__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:25 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3482.36904__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:25 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3482.36835__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:24 | 000,643,072 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3482.36913__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:24 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3482.36872__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3482.36872__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2012-12-31 13:48:24 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3482.36913__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:24 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3482.36871__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:23 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3482.36860__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:23 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3482.36880__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2012-12-31 13:48:23 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3482.36836__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3482.36865__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:23 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3482.36859__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:23 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3482.36864__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:22 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3482.36837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:22 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3482.36826__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:22 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3482.36855__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:22 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3482.36858__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:22 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3482.36840__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3482.36866__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:21 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3482.36859__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:21 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:21 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3482.36859__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3462.24009__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012-12-31 13:48:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3462.24008__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3462.24028__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3462.24053__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3462.24052__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3462.24025__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3462.24051__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012-12-31 13:48:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3462.23989__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012-12-31 13:48:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3462.23991__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012-12-31 13:48:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2012-12-31 13:48:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3462.24023__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012-12-31 13:48:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2012-12-31 13:48:20 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2012-12-31 13:48:19 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3462.24017__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3462.23996__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012-12-31 13:48:19 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3462.24052__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3462.24037__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3462.24039__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012-12-31 13:48:19 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3462.24047__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3462.24074__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012-12-31 13:48:19 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3462.24011__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3462.24014__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3462.24001__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3462.24036__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3462.24034__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3462.24019__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3462.24035__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3462.24020__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3482.36926__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2012-12-31 13:48:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3462.24040__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3462.24037__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3462.24037__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3482.36908__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012-12-31 13:48:18 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3462.24039__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3462.24027__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3462.24036__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3462.24034__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3462.24023__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3462.24038__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3462.24025__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3462.24024__90ba9c70f846762e\APM.Foundation.dll
MOD - [2012-12-31 13:48:18 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3462.24009__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012-12-31 13:48:17 | 000,552,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3482.36893__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2012-12-31 13:48:17 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3482.36830__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012-12-31 13:48:17 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3482.36898__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012-12-31 13:48:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3482.36897__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012-12-31 13:48:17 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3482.36816__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2012-12-31 13:48:17 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3462.23999__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012-12-31 13:48:17 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3462.24005__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012-12-31 13:48:17 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3462.24021__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012-12-31 13:48:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3462.24007__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2012-12-31 13:48:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3462.24020__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012-12-31 13:48:17 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2012-12-31 13:48:17 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2012-12-31 13:48:17 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3482.36815__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2012-12-31 13:48:16 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3482.36815__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012-12-31 13:48:16 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3462.24020__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012-12-31 13:48:16 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3462.24023__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2012-12-31 13:48:15 | 001,212,416 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3482.36822__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012-12-31 13:48:15 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3482.36813__90ba9c70f846762e\APM.Server.dll
MOD - [2012-12-31 13:48:15 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3482.36814__90ba9c70f846762e\AEM.Server.dll
MOD - [2012-12-31 13:48:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3462.24013__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012-12-31 13:48:15 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012-12-31 13:48:15 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3462.24041__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2012-12-31 13:48:15 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3482.36898__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2012-03-15 01:01:43 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pl_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2012-03-15 01:01:41 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011-05-28 14:47:00 | 000,127,376 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2011-05-28 14:47:00 | 000,101,264 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ComputerMenu.dll
MOD - [2011-05-28 14:46:58 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011-05-28 14:46:58 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011-05-28 14:46:58 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2011-04-11 16:26:33 | 000,024,064 | ---- | M] () -- C:\WINDOWS\system32\spe__l.dll
MOD - [2010-10-21 13:45:58 | 000,494,080 | ---- | M] () -- C:\WINDOWS\system32\SNXPWIA.dll
MOD - [2010-10-21 13:45:50 | 000,120,320 | ---- | M] () -- C:\WINDOWS\system32\SNXPEH.dll
MOD - [2009-10-10 09:49:36 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009-10-06 01:40:42 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\suge1l3.dll
MOD - [2009-07-22 10:47:18 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009-02-02 12:02:33 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\CopyToSendTo.dll
MOD - [2008-05-02 09:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008-05-02 09:15:38 | 000,010,240 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2008-05-02 09:15:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2008-04-15 22:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006-10-06 05:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe


========== Services (SafeList) ==========

SRV - [2013-09-21 05:17:32 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-08-30 18:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013-07-25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011-05-28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nvhda32.sys -- (NVHDA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (acpdpzc7)
DRV - [2013-08-30 18:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013-08-30 18:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013-08-30 18:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013-08-30 18:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013-08-30 18:48:12 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013-08-30 18:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013-08-30 18:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013-08-30 18:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013-04-04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012-10-31 09:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012-08-04 13:00:33 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012-05-14 17:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2009-10-07 01:24:16 | 005,922,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009-10-06 23:49:56 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2009-07-15 15:20:10 | 004,407,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009-05-01 05:26:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2008-10-31 06:10:48 | 000,117,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008-08-06 02:40:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008-04-14 17:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007-02-12 22:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\iaStor70.sys -- (iastor70)
DRV - [2007-02-12 22:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor70.sys -- (iaStor)
DRV - [2006-01-04 22:11:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - No CLSID value found
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes,DefaultScope = {3394CC98-A156-4D45-B7E8-8770BDAD65A5}
IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=PL&install_date=20120314&user_guid=49114CEFBA804F98BA6E978CFD5A36C2&machine_id=8f49ada212b0c249a84e86293d7617f2&browser=IE&os=win&os_version=5.1-x86-SP3&iesrc={referrer:source}
IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B03B00138FD988C3&affID=119357&tsp=4948
IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{3394CC98-A156-4D45-B7E8-8770BDAD65A5}: "URL" = http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=021313&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{60C8E06D-4473-43F6-BC2E-09CDDEE8E4B4}: "URL" = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7SKPB_pl
IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013-09-28 05:56:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-08-06 00:19:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-09-28 19:00:05 | 000,000,000 | ---D | M]

[2013-10-08 12:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Extensions
[2013-10-06 07:15:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\extensions
[2013-04-08 08:17:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013-07-20 07:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\extensions\ffxtlbr@babylon.com
[2013-07-20 07:23:08 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\babylon.xml
[2013-02-14 04:08:43 | 000,002,402 | ---- | M] () -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\bingp.xml
[2013-07-20 07:23:08 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\BrowserDefender.xml
[2013-07-20 07:24:13 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\delta.xml
[2012-03-14 15:43:19 | 000,001,390 | ---- | M] () -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\yahoo-zugo.xml
[2013-10-06 07:15:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-08-06 20:53:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012-08-06 20:53:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2013-03-30 20:09:46 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2013-03-30 20:09:46 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2013-03-30 20:09:46 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2013-03-30 20:09:46 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2013-03-30 20:09:46 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2013-03-30 20:09:46 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.5 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2008-04-15 22:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe ()
O4 - HKU\.DEFAULT..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-18..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-20..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-20..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{788F66A8-E515-43E8-AB51-B6209A3F529E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B88F9DB-B0AE-4237-BE3A-857DBA137FB5}: NameServer = 62.233.233.233 87.204.204.204
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-07-20 08:03:48 | 000,000,040 | ---- | M] () - C:\Autoconfig.ini -- [ NTFS ]
O32 - AutoRun File - [2009-10-19 01:10:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7600b32d-cb05-11df-971f-00138fd988c3}\Shell\AutoRun\command - "" = p.exe
O33 - MountPoints2\{7600b32d-cb05-11df-971f-00138fd988c3}\Shell\open\Command - "" = p.exe
O33 - MountPoints2\{90db2645-ddd8-11e1-993a-00138fd988c3}\Shell - "" = AutoRun
O33 - MountPoints2\{90db2645-ddd8-11e1-993a-00138fd988c3}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a2d1c55a-cf27-11e1-992a-00138fd988c3}\Shell - "" = AutoRun
O33 - MountPoints2\{a2d1c55a-cf27-11e1-992a-00138fd988c3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a2d1c55d-cf27-11e1-992a-00138fd988c3}\Shell - "" = AutoRun
O33 - MountPoints2\{a2d1c55d-cf27-11e1-992a-00138fd988c3}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013-10-08 16:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Temp
[2013-10-08 13:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\HD Tune
[2013-10-08 13:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune
[2013-10-08 13:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Dane aplikacji\ATI
[2013-09-19 01:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Gimnazjum - Chemia Nowej Ery
[2013-09-19 01:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Gimnazjum - Chemia Nowej Ery
[2013-09-19 01:47:32 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUn0415.exe
[3 C:\Documents and Settings\Michal\*.tmp files -> C:\Documents and Settings\Michal\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-10-08 16:17:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-10-08 15:49:02 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\Michal\Pulpit\Skrót do muza dawid.lnk
[2013-10-08 15:45:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013-10-08 15:44:09 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013-10-08 15:42:51 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013-10-08 15:42:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-10-08 13:34:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-10-08 03:51:47 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk
[2013-10-08 03:43:09 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2013-09-28 06:32:01 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013-09-21 05:17:30 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013-09-21 05:17:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013-09-19 18:03:31 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-09-19 01:47:50 | 000,001,322 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gimnazjum - Chemia Nowej Ery.lnk
[3 C:\Documents and Settings\Michal\*.tmp files -> C:\Documents and Settings\Michal\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-10-08 15:49:01 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\Michal\Pulpit\Skrót do muza dawid.lnk
[2013-09-19 01:47:50 | 000,001,322 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gimnazjum - Chemia Nowej Ery.lnk
[2013-08-05 17:49:54 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\pebbsbc.sys
[2013-07-20 10:56:45 | 000,010,793 | ---- | C] () -- C:\Documents and Settings\Michal\Dane aplikacji\SmarThruOptions.xml
[2013-07-20 10:55:32 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2013-07-20 10:52:35 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2013-07-20 10:52:03 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2013-07-20 08:00:24 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\spe__l.dll
[2013-07-20 08:00:22 | 000,158,040 | ---- | C] () -- C:\WINDOWS\System32\spe__ci.exe
[2013-07-20 08:00:21 | 001,571,160 | ---- | C] () -- C:\WINDOWS\TotalUninstaller.exe
[2013-07-20 06:39:09 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2013-07-20 06:38:04 | 000,120,112 | ---- | C] () -- C:\WINDOWS\Wiainst.exe
[2013-07-20 06:37:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2013-07-20 06:37:57 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
[2013-07-20 06:37:57 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2013-07-20 06:37:57 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
[2013-07-20 06:37:57 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
[2013-07-20 06:35:56 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\suge1l3.dll
[2013-06-28 19:23:46 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013-06-28 19:23:46 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013-06-28 19:23:46 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013-03-31 19:59:36 | 000,177,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013-03-31 19:59:36 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2012-12-31 13:50:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012-12-31 13:47:34 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012-09-26 19:45:28 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012-09-02 13:12:22 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-03-14 15:42:46 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012-03-14 15:42:46 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012-03-14 15:42:34 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-03-14 15:42:32 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012-02-17 02:29:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-01-30 21:10:09 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-01-07 21:15:15 | 000,016,171 | ---- | C] () -- C:\Documents and Settings\Michal\Menu Start.rar

========== ZeroAccess Check ==========

[2009-10-19 01:12:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009-02-03 02:06:35 | 002,254,336 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 21:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-15 22:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010-12-16 06:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2013-07-20 07:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon
[2012-08-04 12:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2013-08-05 15:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService
[2012-03-15 00:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit
[2013-08-05 15:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PLAY ONLINE
[2013-07-20 08:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Samsung
[2013-07-20 08:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SSScan
[2013-08-05 16:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Weskysoft
[2012-08-04 13:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\DAEMON Tools Lite
[2012-03-16 11:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1
[2013-08-06 08:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\IObit
[2009-12-24 05:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\Leadertech
[2013-07-20 07:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\pdfforge
[2013-07-20 08:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\Samsung

========== Purity Check ==========



< End of report >
[/log][/spoiler]

 

Extras:

 

[spoiler]

 

[log]OTL Extras logfile created on: 2013-10-08 16:32:25 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Michal\Moje dokumenty\Downloads
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,23 Mb Total Physical Memory | 282,16 Mb Available Physical Memory | 27,58% Memory free
2,40 Gb Paging File | 1,73 Gb Available in Paging File | 72,19% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 24,98 Gb Free Space | 63,96% Space Free | Partition Type: NTFS
Drive D: | 109,94 Gb Total Space | 88,49 Gb Free Space | 80,49% Space Free | Partition Type: NTFS

Computer Name: MICHAŁ_PC | User Name: Michal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\Microsoft Office\Office12\ONENOTE.EXE "%L" [2013-07-21 10:56:39 | 000,000,000 | ---D | M]
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Zdalne zarządzanie systemem Windows
"80:TCP" = 80:TCP:*:Disabled:Zdalne zarządzanie systemem Windows — tryb zgodności (ruch przychodzący HTTP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe" = C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe:*:Enabled:Samsung Universal Print Driver 2 -- (Samsung Electronics Co., Ltd.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe" = C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe:*:Enabled:Samsung Universal Print Driver 2 -- (Samsung Electronics Co., Ltd.)
"C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe" = C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe:*:Enabled:USDAgent -- (Samsung Electronics Co., Ltd.)
"C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe" = C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe:*:Enabled:ICCUpdater -- (Samsung Electronics Co., Ltd.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AACB61D-9A82-6836-2840-28D0CF08781B}" = Catalyst Control Center Graphics Light
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{221BCE94-499E-21A9-4744-364294430D6A}" = Catalyst Control Center Graphics Full New
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2A59A62D-09BA-E4CF-C7C2-E30332CE50F1}" = ccc-core-static
"{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
"{2C04F12D-9AE2-B73C-17F7-A906A3D0C147}" = Catalyst Control Center HydraVision Full
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85E968-9E24-0AE4-BC49-1614E86F0A50}" = Catalyst Control Center Graphics Previews Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{76D92E84-A78B-2F37-E165-95BC732750E0}" = ccc-core-preinstall
"{78CCDC80-1C7A-B95F-9968-33B1897CC5C3}" = AMD Catalyst Install Manager
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B4CF385A-2015-5236-C2DB-EF09DA2AEA6C}" = CCC Help English
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C573C350-C666-586C-B309-7C9BD4A44BBF}" = e-Deklaracje Desktop
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D52ED371-E583-2A3F-C17C-2FC42E2D0077}" = Catalyst Control Center Graphics Full Existing
"{D5A11B8A-2A7B-2BED-E05F-2318C83A771B}" = ccc-utility
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F58DBB36-F623-048A-0780-4FFDEA2486CA}" = Catalyst Control Center Core Implementation
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DamnNFOViewer" = DAMN NFO Viewer v2.10.0032.RC3 (Remove Only)
"e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1" = e-Deklaracje Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gimnazjum - Chemia Nowej Ery" = Gimnazjum - Chemia Nowej Ery
"Google Chrome" = Google Chrome
"HD Tune_is1" = HD Tune 2.55
"ie8" = Windows Internet Explorer 8
"jv16 PowerTools 2013" = jv16 PowerTools 2013
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"QcDrv" = Camera Driver
"RealAlt_is1" = Real Alternative 2.0.2
"Revo Uninstaller" = Revo Uninstaller 1.89
"RocketDock_is1" = RocketDock 1.3.5
"Samsung SCX-4200 Series" = Samsung SCX-4200 Series
"Samsung Universal Print Driver 2" = Samsung Universal Print Driver 2
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"The KMPlayer" = The KMPlayer (remove only)
"VDrive" = Vista Drive Indicator!
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"xp-AntiSpy" = xp-AntiSpy 3.98-2
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2013-04-11 05:17:24 | Computer Name = MICHAL-10E0FC9C | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2013-04-22 14:54:35 | Computer Name = MICHAL-10E0FC9C | Source = WmiAdapter | ID = 4099
Description = Otwarcie usługi nie powiodło się.

Error - 2013-04-25 05:17:23 | Computer Name = PC | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2013-04-26 23:49:55 | Computer Name = PC | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 2013-04-26 23:53:41 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd skype.exe, wersja 6.3.0.105, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.6055, adres błędu 0x0001055f.

Error - 2013-06-20 15:33:51 | Computer Name = MICHAŁ_PC | Source = MsiInstaller | ID = 11609
Description =

Error - 2013-06-20 15:33:53 | Computer Name = MICHAŁ_PC | Source = MsiInstaller | ID = 11609
Description =

Error - 2013-08-05 18:11:14 | Computer Name = MICHAŁ_PC | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 2013-10-08 06:02:34 | Computer Name = MICHAŁ_PC | Source = ESENT | ID = 494
Description = Catalog Database (1304) Odzyskiwanie bazy danych zakończyło się niepomyślnie
z błędem -1216, ponieważ napotkano odwołania do bazy danych 'C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb',
której już nie ma. Baza danych nie została doprowadzona do spójnego stanu, zanim
została usunięta (możliwe też, że ją przeniesiono lub zmieniono jej nazwę). Aparat
bazy danych nie pozwoli na dokończenie odzyskiwania w wypadku tego wystąpienia,
dopóki brakująca baza danych nie zostanie przywrócona na miejsce. Jeśli baza danych
faktycznie nie jest już dostępna ani wymagana, skontaktuj się z działem pomocy
technicznej w celu uzyskania dodatkowych instrukcji dotyczących czynności, które
umożliwią przeprowadzenie operacji odzyskiwania bez tej bazy danych.

Error - 2013-10-08 06:02:34 | Computer Name = MICHAŁ_PC | Source = ESENT | ID = 454
Description = Catalog Database (1304) Odzyskiwanie/przywracanie bazy danych nie
powiodło się z powodu nieoczekiwanego błędu: -1216.

[ System Events ]
Error - 2013-10-08 06:03:49 | Computer Name = MICHAŁ_PC | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2

Error - 2013-10-08 06:08:48 | Computer Name = MICHAŁ_PC | Source = Ftdisk | ID = 262189
Description = System nie może pomyślnie załadować sterownika zrzutu awaryjnego.

Error - 2013-10-08 06:08:48 | Computer Name = MICHAŁ_PC | Source = Ftdisk | ID = 262193
Description = Konfigurowanie pliku strony dla zrzutu awaryjnego nie powiodło się.
Upewnij się, że na partycji rozruchowej znajduje się plik strony i że jest wystarczająco
duży, aby zawierać całą pamięć fizyczną.

Error - 2013-10-07 21:07:47 | Computer Name = MICHAŁ_PC | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2

Error - 2013-10-07 22:34:53 | Computer Name = MICHAŁ_PC | Source = Ftdisk | ID = 262189
Description = System nie może pomyślnie załadować sterownika zrzutu awaryjnego.

Error - 2013-10-07 22:34:53 | Computer Name = MICHAŁ_PC | Source = Ftdisk | ID = 262193
Description = Konfigurowanie pliku strony dla zrzutu awaryjnego nie powiodło się.
Upewnij się, że na partycji rozruchowej znajduje się plik strony i że jest wystarczająco
duży, aby zawierać całą pamięć fizyczną.

Error - 2013-10-07 22:35:23 | Computer Name = MICHAŁ_PC | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2

Error - 2013-10-08 00:43:14 | Computer Name = MICHAŁ_PC | Source = Ftdisk | ID = 262189
Description = System nie może pomyślnie załadować sterownika zrzutu awaryjnego.

Error - 2013-10-08 00:43:14 | Computer Name = MICHAŁ_PC | Source = Ftdisk | ID = 262193
Description = Konfigurowanie pliku strony dla zrzutu awaryjnego nie powiodło się.
Upewnij się, że na partycji rozruchowej znajduje się plik strony i że jest wystarczająco
duży, aby zawierać całą pamięć fizyczną.

Error - 2013-10-08 00:44:30 | Computer Name = MICHAŁ_PC | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2

[ Windows PowerShel Events ]
Error - 2013-04-11 05:17:24 | Computer Name = MICHAL-10E0FC9C | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2013-04-22 14:54:35 | Computer Name = MICHAL-10E0FC9C | Source = WmiAdapter | ID = 4099
Description =

Error - 2013-04-25 05:17:23 | Computer Name = PC | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2013-04-26 23:49:55 | Computer Name = PC | Source = .NET Runtime Optimization Service | ID = 1103
Description =

Error - 2013-04-26 23:53:41 | Computer Name = PC | Source = Application Error | ID = 1000
Description =

Error - 2013-06-20 15:33:51 | Computer Name = MICHAŁ_PC | Source = MsiInstaller | ID = 11609
Description =

Error - 2013-06-20 15:33:53 | Computer Name = MICHAŁ_PC | Source = MsiInstaller | ID = 11609
Description =

Error - 2013-08-05 18:11:14 | Computer Name = MICHAŁ_PC | Source = .NET Runtime Optimization Service | ID = 1103
Description =

Error - 2013-10-08 06:02:34 | Computer Name = MICHAŁ_PC | Source = ESENT | ID = 494
Description =

Error - 2013-10-08 06:02:34 | Computer Name = MICHAŁ_PC | Source = ESENT | ID = 454
Description =


< End of report >
[/log]

[/spoiler]

 

Podczas skanowania PC programem Malwarebytes Anti-Malware wykryto 7 obiektów usunąć?

 

http://imageshack.us/photo/my-images/571/ptz6.png/

 

Postać logu:

 

[spoiler]

[log]Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Wersja bazy: v2013.10.07.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michal :: MICHAŁ_PC [administrator]

Ochrona: Wyłączona

2013-10-08 16:39:51
MBAM-log-2013-10-08 (17-12-44).txt

Typ skanowania: Pełne skanowanie (C:\|)
Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM
Odznaczone opcje skanowania: P2P
Przeskanowano obiektów: 223871
Upłynęło: 30 minut(y), 56 sekund(y)

Wykrytych procesów w pamięci: 0
(Nie znaleziono zagrożeń)

Wykrytych modułów w pamięci: 0
(Nie znaleziono zagrożeń)

Wykrytych kluczy rejestru: 5
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Nie wykonano akcji.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Nie wykonano akcji.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Nie wykonano akcji.
HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> Nie wykonano akcji.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Nie wykonano akcji.

Wykrytych wartości rejestru: 2
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> Nie wykonano akcji.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|bProtectTabs (PUP.Optional.BrowserProtect.A) -> Data: http://www1.delta-search.com/?babsrc=NT_ss&mntrId=B03B00138FD988C3&affID=119357&tsp=4948 -> Nie wykonano akcji.

Wykryte wpisy rejestru systemowego: 0
(Nie znaleziono zagrożeń)

wykrytych folderów: 0
(Nie znaleziono zagrożeń)

Wykrytych plików: 0
(Nie znaleziono zagrożeń)

(zakończone)
[/log]

 

[/spoiler]

 

Z góry dziękuje. Pozdrawiam

Natsuki Kuga
komentarz
komentarz

Podczas skanowania PC programem Malwarebytes Anti-Malware wykryto 7 obiektów usunąć?

 

Tak, usuń.

 

1. Podepnij wszystkie pamięci przenośne jakie posiadasz i do OTL w okno Własne opcje skanowania/Skrypt wklej:


:OTL
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...dir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=PL&install_date=20120314&user_guid=49114CEFBA804F98BA6E978CFD5A36C2&machine_id=8f49ada212b0c249a84e86293d7617f2&browser=IE&os=win&os_version=5.1-x86-SP3&iesrc={referrer:source}
IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B03B00138FD988C3&affID=119357&tsp=4948
IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...dir=2685&query={searchTerms}&invocationType=tb50winampie7
[2013-07-20 07:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\extensions\ffxtlbr@babylon.com
[2013-07-20 07:23:08 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\babylon.xml
[2013-07-20 07:23:08 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\BrowserDefender.xml
[2013-07-20 07:24:13 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\delta.xml
O33 - MountPoints2\{7600b32d-cb05-11df-971f-00138fd988c3}\Shell\AutoRun\command - "" = p.exe
O33 - MountPoints2\{7600b32d-cb05-11df-971f-00138fd988c3}\Shell\open\Command - "" = p.exe

:Files
C:\Documents and Settings\All Users\Dane aplikacji\Babylon

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP"=-
"80:TCP"=-

Kliknij Wykonaj skrypt, pokaż raport.

2. Użyj USBFix z opcji Deletion. Pokaż raport.

3. Odepnij pamięci i użyj AdwCleaner z opcji Usuń. Pokaż raport.

4. Pokaż zestaw nowych logów + log z Gmer.

  • Dobra wypowiedź 1
Mateusz 935
komentarz
komentarz

1. Raport po wykonaniu skryptu:

 

[spoiler][log]========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
Registry key HKEY_USERS\S-1-5-21-448539723-1292428093-842925246-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0388404D-6072-4CEB-B521-8F090FEAEE57}\ not found.
Registry key HKEY_USERS\S-1-5-21-448539723-1292428093-842925246-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-448539723-1292428093-842925246-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\babylon.xml moved successfully.
C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\BrowserDefender.xml moved successfully.
C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\delta.xml moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7600b32d-cb05-11df-971f-00138fd988c3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7600b32d-cb05-11df-971f-00138fd988c3}\ not found.
File p.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7600b32d-cb05-11df-971f-00138fd988c3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7600b32d-cb05-11df-971f-00138fd988c3}\ not found.
File p.exe not found.
========== FILES ==========
C:\Documents and Settings\All Users\Dane aplikacji\Babylon folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5985:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\80:TCP deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 10102013_095542
[/log][/spoiler]

 

2. USBFix:

 

[spoiler][log]############################## | UsbFix V 7.144 | [Deletion]

User: Michal (Administrator) # MICHAŁ_PC
Updated 08/10/2013 by El Desaparecido - Team SosVirus
Started at 09:57:37 | 10/10/2013

Website: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/

PC: (775XFire-VSTA)
CPU: Intel(R) Pentium(R) 4 CPU 3.00GHz
RAM -> [Total : 1023 | Free : 432]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [(!) Disabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 39 Gb (25 Mb free - 63%) [System] # NTFS
D:\ -> Fixed drive # 110 Gb (88 Mb free - 80%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM

################## | Regedit Run |

HKLM\SOFTWARE | Run : [VistaDrive] - C:\WINDOWS\VistaDrive\VistaDrive.exe
HKLM\SOFTWARE | Run : [LVCOMSX] - C:\WINDOWS\system32\LVCOMSX.EXE
HKLM\SOFTWARE | Run : [RTHDCPL] - RTHDCPL.EXE
HKLM\SOFTWARE | Run : [UnlockerAssistant] - "C:\Program Files\Unlocker\UnlockerAssistant.exe"
HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [Samsung PanelMgr] - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-20\SOFTWARE | Run : [RocketDock] - "C:\Program Files\RocketDock\RocketDock.exe"
HKU\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe
HKU\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-18\SOFTWARE | Run : [RocketDock] - "C:\Program Files\RocketDock\RocketDock.exe"
HKU\S-1-5-20\SOFTWARE | RunOnce : [_nltide_2] - regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\SOFTWARE | RunOnce : [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\SOFTWARE | RunOnce : [_nltide_2] - regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\SOFTWARE | RunOnce : [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

################## | Stopped processes |

Stopped! C:\WINDOWS\system32\Ati2evxx.exe (ID 1120 |ParentID 932)
Stopped! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID 1544 |ParentID 932)
Stopped! C:\WINDOWS\system32\Ati2evxx.exe (ID 1588 |ParentID 888)
Stopped! C:\WINDOWS\system32\spoolsv.exe (ID 1776 |ParentID 932)
Stopped! C:\WINDOWS\VistaDrive\VistaDrive.exe (ID 640 |ParentID 2036)
Stopped! C:\WINDOWS\system32\LVCOMSX.EXE (ID 676 |ParentID 2036)
Stopped! C:\WINDOWS\RTHDCPL.EXE (ID 688 |ParentID 2036)
Stopped! C:\Program Files\Unlocker\UnlockerAssistant.exe (ID 700 |ParentID 2036)
Stopped! C:\Program Files\Alwil Software\Avast5\avastUI.exe (ID 784 |ParentID 2036)
Stopped! C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe (ID 832 |ParentID 2036)
Stopped! C:\WINDOWS\system32\ctfmon.exe (ID 852 |ParentID 2036)
Stopped! C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID 1460 |ParentID 668)
Stopped! C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe (ID 1580 |ParentID 932)
Stopped! C:\Program Files\Java\jre6\bin\jqs.exe (ID 408 |ParentID 932)
Stopped! C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID 564 |ParentID 932)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID 3300 |ParentID 2036)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID 2664 |ParentID 3300)
Stopped! C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (ID 2024 |ParentID 1460)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID 2124 |ParentID 3300)

################## | Files # Infected Folders |


(!) Temporary files deleted.

################## | Registry |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{90db2645-ddd8-11e1-993a-00138fd988c3}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{a2d1c55a-cf27-11e1-992a-00138fd988c3}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{a2d1c55d-cf27-11e1-992a-00138fd988c3}

################## | Listing |

[31/12/2012 - 13:36:09 | D ] C:\AMD
[31/12/2012 - 13:46:19 | D ] C:\ATI
[20/07/2013 - 08:03:48 | N | 40] C:\Autoconfig.ini
[19/10/2009 - 01:10:55 | N | 0] C:\AUTOEXEC.BAT
[19/10/2009 - 01:03:32 | N | 211] C:\boot.ini
[15/04/2008 - 22:00:00 | N | 4952] C:\Bootfont.bin
[19/10/2009 - 01:10:55 | N | 0] C:\CONFIG.SYS
[20/08/2013 - 17:56:19 | N | 0] C:\Cookies
[19/10/2009 - 01:26:09 | D ] C:\Documents and Settings
[19/10/2009 - 01:10:55 | N | 0] C:\IO.SYS
[19/10/2009 - 01:10:55 | N | 0] C:\MSDOS.SYS
[20/07/2013 - 06:54:13 | RHD ] C:\MSOCache
[15/04/2008 - 22:00:00 | N | 47564] C:\NTDETECT.COM
[15/04/2008 - 22:00:00 | N | 251152] C:\ntldr
[10/10/2013 - 09:17:16 | ASH | 1610612736] C:\pagefile.sys
[08/10/2013 - 13:54:18 | D ] C:\Program Files
[19/10/2009 - 01:27:07 | SHD ] C:\RECYCLER
[19/10/2009 - 01:24:29 | SHD ] C:\System Volume Information
[20/07/2013 - 19:40:35 | D ] C:\Temp
[10/10/2013 - 09:58:59 | D ] C:\UsbFix
[10/10/2013 - 10:08:47 | A | 5605] C:\UsbFix [Clean 1] MICHAŁ_PC.txt
[08/10/2013 - 17:45:28 | D ] C:\WINDOWS
[10/10/2013 - 09:55:42 | D ] C:\_OTL
[06/08/2013 - 09:04:48 | D ] D:\Disco wesele
[20/07/2013 - 12:40:41 | D ] D:\Filmy
[08/10/2013 - 15:48:24 | D ] D:\muza dawid
[14/03/2012 - 15:27:47 | D ] D:\My Shared Folder
[14/03/2012 - 15:29:42 | D ] D:\Programy
[13/01/2011 - 03:23:05 | SHD ] D:\RECYCLER
[20/07/2013 - 11:49:21 | D ] D:\Sterowniki_Drukarka_Samsung_SCX_4200
[13/01/2011 - 03:22:31 | SHD ] D:\System Volume Information
[14/03/2012 - 15:29:02 | D ] D:\Zdjęcia

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
[/log][/spoiler]

 

3. AdwCleaner:

 

[spoiler][log]# AdwCleaner v3.007 - Report created 10/10/2013 at 10:11:48
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Dodatek Service Pack 3 (32 bits)
# Username : Michal - MICHAŁ_PC
# Running from : C:\Documents and Settings\Michal\Moje dokumenty\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\bProtector_extensions.rdf
File Found : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\invalidprefs.js
File Found : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\bingp.xml
File Found : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\yahoo-zugo.xml
File Found : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\user.js
File Found : C:\Program Files\Mozilla Firefox\.autoreg
Folder Found C:\Documents and Settings\Michal\Dane aplikacji\pdfforge

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\96dd8be138ec43
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v3.0.19 (pl)

[ File : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\prefs.js ]

Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.bbDpng", "6");
Line Found : user_pref("extensions.delta.cntry", "PL");
Line Found : user_pref("extensions.delta.dfltLng", "en");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.hdrMd5", "9B41987A0DBD4BF8EA00A20018B28C9A");
Line Found : user_pref("extensions.delta.id", "b03be40200000000000000138fd988c3");
Line Found : user_pref("extensions.delta.instlDay", "15905");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.lastVrsnTs", "1.8.21.57:23:50");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.sg", "tzb");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.21.57:23:50");
Line Found : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Found : user_pref("extensions.delta_i.babExt", "");
Line Found : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4948");
Line Found : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v30.0.1599.69

[ File : C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5599 octets] - [10/10/2013 10:11:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5659 octets] ##########
[/log][/spoiler]

 

[spoiler][log]# AdwCleaner v3.007 - Report created 10/10/2013 at 10:13:46
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Dodatek Service Pack 3 (32 bits)
# Username : Michal - MICHAŁ_PC
# Running from : C:\Documents and Settings\Michal\Moje dokumenty\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\Michal\Dane aplikacji\pdfforge
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\bProtector_extensions.rdf
File Deleted : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\invalidprefs.js
File Deleted : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\bingp.xml
File Deleted : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\yahoo-zugo.xml
File Deleted : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\96dd8be138ec43
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v3.0.19 (pl)

[ File : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\prefs.js ]

Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.bbDpng", "6");
Line Deleted : user_pref("extensions.delta.cntry", "PL");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.hdrMd5", "9B41987A0DBD4BF8EA00A20018B28C9A");
Line Deleted : user_pref("extensions.delta.id", "b03be40200000000000000138fd988c3");
Line Deleted : user_pref("extensions.delta.instlDay", "15905");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.21.57:23:50");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.sg", "tzb");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.57:23:50");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4948");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v30.0.1599.69

[ File : C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5739 octets] - [10/10/2013 10:11:48]
AdwCleaner[S0].txt - [5778 octets] - [10/10/2013 10:13:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5838 octets] ##########
[/log][/spoiler]

 

4. OTL:

 

[spoiler][log]OTL logfile created on: 2013-10-10 19:41:13 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Michal\Moje dokumenty\Downloads\Narzędzia do naprawy systemu - Nie uruchamiać
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,23 Mb Total Physical Memory | 355,07 Mb Available Physical Memory | 34,70% Memory free
2,40 Gb Paging File | 1,75 Gb Available in Paging File | 72,94% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 24,60 Gb Free Space | 62,98% Space Free | Partition Type: NTFS
Drive D: | 109,94 Gb Total Space | 88,49 Gb Free Space | 80,49% Space Free | Partition Type: NTFS

Computer Name: MICHAŁ_PC | User Name: Michal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-10-08 16:10:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michal\Moje dokumenty\Downloads\Narzędzia do naprawy systemu - Nie uruchamiać\OTL.exe
PRC - [2013-10-03 17:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013-08-30 18:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013-08-30 18:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011-05-28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2009-10-10 09:49:36 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009-01-26 11:23:36 | 001,891,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-05-02 09:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2006-10-06 05:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe
PRC - [2005-07-20 00:02:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE


========== Modules (No Company Name) ==========

MOD - [2013-10-10 08:37:42 | 002,105,344 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13100901\algo.dll
MOD - [2013-10-03 17:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013-10-03 17:03:04 | 013,611,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
MOD - [2013-10-03 17:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013-10-03 17:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013-08-06 19:03:03 | 011,896,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\343c44af659625266143951b4a0267f2\System.Web.ni.dll
MOD - [2013-08-06 08:59:57 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013-07-21 21:05:37 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\79533103112291e81204ca24aed19890\System.Configuration.ni.dll
MOD - [2013-07-21 11:25:24 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\efecb20c44117df86f2eb5f93592fdd8\System.Windows.Forms.ni.dll
MOD - [2013-07-21 11:19:02 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll
MOD - [2013-07-21 11:17:02 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a1d221960bf7a0cbfd1f355595f77e83\System.Xml.ni.dll
MOD - [2013-07-21 11:11:51 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\82a53e923936d5f62d9af4cdfe50a4f8\System.Drawing.ni.dll
MOD - [2013-07-21 11:09:15 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\16562c54978851e92db8fec6f759bba1\System.ni.dll
MOD - [2013-07-21 11:09:05 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2012-12-31 13:48:27 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3482.36915__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2012-12-31 13:48:27 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3482.36914__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2012-12-31 13:48:27 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3482.36918__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2012-12-31 13:48:27 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3482.36914__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2012-12-31 13:48:26 | 001,732,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3482.36835__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2012-12-31 13:48:26 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3482.36817__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:26 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3482.36836__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2012-12-31 13:48:26 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3482.36885__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:26 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3482.36831__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2012-12-31 13:48:26 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3482.36858__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3482.36825__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:25 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3482.36903__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2012-12-31 13:48:25 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3482.36825__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:25 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3482.36867__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:25 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3482.36835__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:25 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3482.36904__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:25 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3482.36835__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:24 | 000,643,072 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3482.36913__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:24 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3482.36872__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3482.36872__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2012-12-31 13:48:24 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3482.36913__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:24 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3482.36871__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:23 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3482.36860__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:23 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3482.36880__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2012-12-31 13:48:23 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3482.36836__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3482.36865__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:23 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3482.36859__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:23 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3482.36864__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:22 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3482.36837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:22 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3482.36826__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:22 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3482.36855__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:22 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3482.36858__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:22 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3482.36840__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3482.36866__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:21 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3482.36859__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:21 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012-12-31 13:48:21 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3482.36859__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2012-12-31 13:48:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3462.24009__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012-12-31 13:48:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3462.24008__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3462.24028__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3462.24053__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3462.24052__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3462.24025__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3462.24051__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012-12-31 13:48:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3462.23989__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012-12-31 13:48:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3462.23991__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012-12-31 13:48:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2012-12-31 13:48:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3462.24023__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012-12-31 13:48:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2012-12-31 13:48:20 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2012-12-31 13:48:19 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3462.24017__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3462.23996__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012-12-31 13:48:19 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3462.24052__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3462.24037__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3462.24039__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012-12-31 13:48:19 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3462.24047__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3462.24074__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012-12-31 13:48:19 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3462.24011__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3462.24014__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3462.24001__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3462.24036__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3462.24034__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3462.24019__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3462.24035__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3462.24020__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3482.36926__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2012-12-31 13:48:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3462.24040__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3462.24037__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3462.24037__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3482.36908__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012-12-31 13:48:18 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3462.24039__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3462.24027__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3462.24036__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3462.24034__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3462.24023__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3462.24038__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3462.24025__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2012-12-31 13:48:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3462.24024__90ba9c70f846762e\APM.Foundation.dll
MOD - [2012-12-31 13:48:18 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3462.24009__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012-12-31 13:48:17 | 000,552,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3482.36893__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2012-12-31 13:48:17 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3482.36830__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012-12-31 13:48:17 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3482.36898__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012-12-31 13:48:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3482.36897__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012-12-31 13:48:17 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3482.36816__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2012-12-31 13:48:17 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3462.23999__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012-12-31 13:48:17 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3462.24005__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012-12-31 13:48:17 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3462.24021__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012-12-31 13:48:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3462.24007__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2012-12-31 13:48:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3462.24020__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012-12-31 13:48:17 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2012-12-31 13:48:17 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2012-12-31 13:48:17 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3482.36815__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2012-12-31 13:48:16 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3482.36815__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012-12-31 13:48:16 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3462.24020__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012-12-31 13:48:16 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3462.24023__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2012-12-31 13:48:15 | 001,212,416 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3482.36822__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012-12-31 13:48:15 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3482.36813__90ba9c70f846762e\APM.Server.dll
MOD - [2012-12-31 13:48:15 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3482.36814__90ba9c70f846762e\AEM.Server.dll
MOD - [2012-12-31 13:48:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3462.24013__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012-12-31 13:48:15 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012-12-31 13:48:15 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3462.24041__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2012-12-31 13:48:15 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3482.36898__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2012-03-15 01:01:43 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pl_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2012-03-15 01:01:41 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012-01-26 05:00:00 | 003,480,064 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2011-05-28 14:46:58 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011-05-28 14:46:58 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011-05-28 14:46:58 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2011-04-11 16:26:33 | 000,024,064 | ---- | M] () -- C:\WINDOWS\system32\spe__l.dll
MOD - [2010-10-21 13:45:58 | 000,494,080 | ---- | M] () -- C:\WINDOWS\system32\SNXPWIA.dll
MOD - [2010-10-21 13:45:50 | 000,120,320 | ---- | M] () -- C:\WINDOWS\system32\SNXPEH.dll
MOD - [2009-10-10 09:49:36 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009-10-06 01:40:42 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\suge1l3.dll
MOD - [2009-07-22 10:47:18 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008-05-02 09:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008-05-02 09:15:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2008-04-15 22:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006-10-06 05:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - [2013-10-10 19:18:38 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-08-30 18:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013-07-25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011-05-28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Michal\USTAWI~1\Temp\uglyypow.sys -- (uglyypow)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nvhda32.sys -- (NVHDA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a9bter2q)
DRV - [2013-08-30 18:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013-08-30 18:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013-08-30 18:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013-08-30 18:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013-08-30 18:48:12 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013-08-30 18:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013-08-30 18:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013-08-30 18:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013-04-04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012-10-31 09:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012-08-04 13:00:33 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2012-05-14 17:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2009-10-07 01:24:16 | 005,922,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009-10-06 23:49:56 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2009-07-15 15:20:10 | 004,407,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2009-05-01 05:26:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\LV561AV.SYS -- (PID_0928)
DRV - [2008-10-31 06:10:48 | 000,117,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008-08-06 02:40:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008-04-14 17:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007-02-12 22:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\iaStor70.sys -- (iastor70)
DRV - [2007-02-12 22:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor70.sys -- (iaStor)
DRV - [2006-01-04 22:11:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - No CLSID value found
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{3394CC98-A156-4D45-B7E8-8770BDAD65A5}: "URL" = http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=021313&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{60C8E06D-4473-43F6-BC2E-09CDDEE8E4B4}: "URL" = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7SKPB_pl
IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013-09-28 05:56:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-08-06 00:19:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-09-28 19:00:05 | 000,000,000 | ---D | M]

[2013-10-08 12:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Extensions
[2013-10-10 09:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\extensions
[2013-04-08 08:17:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013-10-06 07:15:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-08-06 20:53:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012-08-06 20:53:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2013-03-30 20:09:46 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2013-03-30 20:09:46 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2013-03-30 20:09:46 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2013-03-30 20:09:46 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2013-03-30 20:09:46 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2013-03-30 20:09:46 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.5 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2008-04-15 22:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe ()
O4 - HKU\.DEFAULT..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-18..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-20..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-20..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3


O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{788F66A8-E515-43E8-AB51-B6209A3F529E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B88F9DB-B0AE-4237-BE3A-857DBA137FB5}: NameServer = 62.233.233.233 87.204.204.204
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\System32\Userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-07-20 08:03:48 | 000,000,040 | ---- | M] () - C:\Autoconfig.ini -- [ NTFS ]
O32 - AutoRun File - [2009-10-19 01:10:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013-10-10 10:08:49 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013-10-10 10:08:49 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013-10-10 10:11:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013-10-10 10:08:49 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2013-10-10 09:56:50 | 000,000,000 | ---D | C] -- C:\UsbFix
[2013-10-10 09:55:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-10-08 17:25:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michal\Recent
[2013-10-08 16:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Temp
[2013-10-08 13:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\HD Tune
[2013-10-08 13:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune
[2013-10-08 13:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Dane aplikacji\ATI
[2013-09-19 01:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Gimnazjum - Chemia Nowej Ery
[2013-09-19 01:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Gimnazjum - Chemia Nowej Ery
[2013-09-19 01:47:32 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUn0415.exe
[3 C:\Documents and Settings\Michal\*.tmp files -> C:\Documents and Settings\Michal\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-10-10 19:45:04 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013-10-10 19:18:39 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-10-10 19:18:37 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013-10-10 19:18:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013-10-10 10:15:48 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013-10-10 10:14:45 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013-10-10 10:14:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-10-09 12:41:29 | 000,010,793 | ---- | M] () -- C:\Documents and Settings\Michal\Dane aplikacji\SmarThruOptions.xml
[2013-10-08 15:49:02 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\Michal\Pulpit\Skrót do muza dawid.lnk
[2013-10-08 13:34:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-10-08 03:51:47 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk
[2013-10-08 03:43:09 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2013-09-28 06:32:01 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013-09-19 18:03:31 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-09-19 01:47:50 | 000,001,322 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gimnazjum - Chemia Nowej Ery.lnk
[3 C:\Documents and Settings\Michal\*.tmp files -> C:\Documents and Settings\Michal\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-10-08 15:49:01 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\Michal\Pulpit\Skrót do muza dawid.lnk
[2013-09-19 01:47:50 | 000,001,322 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gimnazjum - Chemia Nowej Ery.lnk
[2013-08-05 17:49:54 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\pebbsbc.sys
[2013-07-20 10:56:45 | 000,010,793 | ---- | C] () -- C:\Documents and Settings\Michal\Dane aplikacji\SmarThruOptions.xml
[2013-07-20 10:55:32 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2013-07-20 10:52:35 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2013-07-20 10:52:03 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2013-07-20 08:00:24 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\spe__l.dll
[2013-07-20 08:00:22 | 000,158,040 | ---- | C] () -- C:\WINDOWS\System32\spe__ci.exe
[2013-07-20 08:00:21 | 001,571,160 | ---- | C] () -- C:\WINDOWS\TotalUninstaller.exe
[2013-07-20 06:39:09 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2013-07-20 06:38:04 | 000,120,112 | ---- | C] () -- C:\WINDOWS\Wiainst.exe
[2013-07-20 06:37:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2013-07-20 06:37:57 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
[2013-07-20 06:37:57 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2013-07-20 06:37:57 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
[2013-07-20 06:37:57 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
[2013-07-20 06:35:56 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\suge1l3.dll
[2013-06-28 19:23:46 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013-06-28 19:23:46 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013-06-28 19:23:46 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013-03-31 19:59:36 | 000,177,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013-03-31 19:59:36 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2012-12-31 13:50:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012-12-31 13:47:34 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012-09-26 19:45:28 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012-09-02 13:12:22 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-03-14 15:42:46 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012-03-14 15:42:46 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012-03-14 15:42:34 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-03-14 15:42:32 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012-02-17 02:29:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-01-30 21:10:09 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-01-07 21:15:15 | 000,016,171 | ---- | C] () -- C:\Documents and Settings\Michal\Menu Start.rar

========== ZeroAccess Check ==========

[2009-10-19 01:12:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009-02-03 02:06:35 | 002,254,336 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 21:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-15 22:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010-12-16 06:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2012-08-04 12:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2013-08-05 15:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService
[2012-03-15 00:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit
[2013-08-05 15:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PLAY ONLINE
[2013-07-20 08:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Samsung
[2013-07-20 08:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SSScan
[2013-08-05 16:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Weskysoft
[2012-08-04 13:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\DAEMON Tools Lite
[2012-03-16 11:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1
[2013-08-06 08:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\IObit
[2009-12-24 05:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\Leadertech
[2013-07-20 08:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\Samsung

========== Purity Check ==========



< End of report >
[/log][/spoiler]

 

Extras:

 

[spoiler][log]OTL Extras logfile created on: 2013-10-10 19:41:13 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Michal\Moje dokumenty\Downloads\Narzędzia do naprawy systemu - Nie uruchamiać
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,23 Mb Total Physical Memory | 355,07 Mb Available Physical Memory | 34,70% Memory free
2,40 Gb Paging File | 1,75 Gb Available in Paging File | 72,94% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 24,60 Gb Free Space | 62,98% Space Free | Partition Type: NTFS
Drive D: | 109,94 Gb Total Space | 88,49 Gb Free Space | 80,49% Space Free | Partition Type: NTFS

Computer Name: MICHAŁ_PC | User Name: Michal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\Microsoft Office\Office12\ONENOTE.EXE "%L" [2013-07-21 10:56:39 | 000,000,000 | ---D | M]
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe" = C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe:*:Enabled:Samsung Universal Print Driver 2 -- (Samsung Electronics Co., Ltd.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe" = C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe:*:Enabled:Samsung Universal Print Driver 2 -- (Samsung Electronics Co., Ltd.)
"C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe" = C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe:*:Enabled:USDAgent -- (Samsung Electronics Co., Ltd.)
"C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe" = C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe:*:Enabled:ICCUpdater -- (Samsung Electronics Co., Ltd.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikację -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AACB61D-9A82-6836-2840-28D0CF08781B}" = Catalyst Control Center Graphics Light
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{221BCE94-499E-21A9-4744-364294430D6A}" = Catalyst Control Center Graphics Full New
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2A59A62D-09BA-E4CF-C7C2-E30332CE50F1}" = ccc-core-static
"{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
"{2C04F12D-9AE2-B73C-17F7-A906A3D0C147}" = Catalyst Control Center HydraVision Full
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85E968-9E24-0AE4-BC49-1614E86F0A50}" = Catalyst Control Center Graphics Previews Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{76D92E84-A78B-2F37-E165-95BC732750E0}" = ccc-core-preinstall
"{78CCDC80-1C7A-B95F-9968-33B1897CC5C3}" = AMD Catalyst Install Manager
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B4CF385A-2015-5236-C2DB-EF09DA2AEA6C}" = CCC Help English
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C573C350-C666-586C-B309-7C9BD4A44BBF}" = e-Deklaracje Desktop
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D52ED371-E583-2A3F-C17C-2FC42E2D0077}" = Catalyst Control Center Graphics Full Existing
"{D5A11B8A-2A7B-2BED-E05F-2318C83A771B}" = ccc-utility
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F58DBB36-F623-048A-0780-4FFDEA2486CA}" = Catalyst Control Center Core Implementation
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DamnNFOViewer" = DAMN NFO Viewer v2.10.0032.RC3 (Remove Only)
"e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1" = e-Deklaracje Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gimnazjum - Chemia Nowej Ery" = Gimnazjum - Chemia Nowej Ery
"Google Chrome" = Google Chrome
"HD Tune_is1" = HD Tune 2.55
"ie8" = Windows Internet Explorer 8
"jv16 PowerTools 2013" = jv16 PowerTools 2013
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"QcDrv" = Camera Driver
"RealAlt_is1" = Real Alternative 2.0.2
"Revo Uninstaller" = Revo Uninstaller 1.89
"RocketDock_is1" = RocketDock 1.3.5
"Samsung SCX-4200 Series" = Samsung SCX-4200 Series
"Samsung Universal Print Driver 2" = Samsung Universal Print Driver 2
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"The KMPlayer" = The KMPlayer (remove only)
"Usbfix" = UsbFix By El Desaparecido
"VDrive" = Vista Drive Indicator!
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"xp-AntiSpy" = xp-AntiSpy 3.98-2
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2013-04-26 23:49:55 | Computer Name = PC | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 2013-04-26 23:53:41 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd skype.exe, wersja 6.3.0.105, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.6055, adres błędu 0x0001055f.

Error - 2013-06-20 15:33:51 | Computer Name = MICHAŁ_PC | Source = MsiInstaller | ID = 11609
Description =

Error - 2013-06-20 15:33:53 | Computer Name = MICHAŁ_PC | Source = MsiInstaller | ID = 11609
Description =

Error - 2013-08-05 18:11:14 | Computer Name = MICHAŁ_PC | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 2013-10-08 06:02:34 | Computer Name = MICHAŁ_PC | Source = ESENT | ID = 494
Description = Catalog Database (1304) Odzyskiwanie bazy danych zakończyło się niepomyślnie
z błędem -1216, ponieważ napotkano odwołania do bazy danych 'C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb',
której już nie ma. Baza danych nie została doprowadzona do spójnego stanu, zanim
została usunięta (możliwe też, że ją przeniesiono lub zmieniono jej nazwę). Aparat
bazy danych nie pozwoli na dokończenie odzyskiwania w wypadku tego wystąpienia,
dopóki brakująca baza danych nie zostanie przywrócona na miejsce. Jeśli baza danych
faktycznie nie jest już dostępna ani wymagana, skontaktuj się z działem pomocy
technicznej w celu uzyskania dodatkowych instrukcji dotyczących czynności, które
umożliwią przeprowadzenie operacji odzyskiwania bez tej bazy danych.

Error - 2013-10-08 06:02:34 | Computer Name = MICHAŁ_PC | Source = ESENT | ID = 454
Description = Catalog Database (1304) Odzyskiwanie/przywracanie bazy danych nie
powiodło się z powodu nieoczekiwanego błędu: -1216.

Error - 2013-10-10 04:19:06 | Computer Name = MICHAŁ_PC | Source = crypt32 | ID = 131083
Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej
aktualizacji z: ,
wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
bieżącego zegara systemowego lub sygnatury czasowej.

Error - 2013-10-10 04:19:06 | Computer Name = MICHAŁ_PC | Source = crypt32 | ID = 131083
Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej
aktualizacji z: ,
wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
bieżącego zegara systemowego lub sygnatury czasowej.

Error - 2013-10-10 04:19:06 | Computer Name = MICHAŁ_PC | Source = crypt32 | ID = 131083
Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej
aktualizacji z: ,
wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
bieżącego zegara systemowego lub sygnatury czasowej.

[ System Events ]
Error - 2013-10-09 18:57:56 | Computer Name = MICHAŁ_PC | Source = Service Control Manager | ID = 7034
Description = Usługa Advanced SystemCare Service niespodziewanie zakończyła pracę.
Wystąpiło to razy: 1.

Error - 2013-10-09 18:57:56 | Computer Name = MICHAŁ_PC | Source = Service Control Manager | ID = 7034
Description = Usługa Java Quick Starter niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2013-10-09 18:57:56 | Computer Name = MICHAŁ_PC | Source = Service Control Manager | ID = 7034
Description = Usługa MBAMScheduler niespodziewanie zakończyła pracę. Wystąpiło to
razy: 1.

Error - 2013-10-09 19:15:06 | Computer Name = MICHAŁ_PC | Source = Ftdisk | ID = 262189
Description = System nie może pomyślnie załadować sterownika zrzutu awaryjnego.

Error - 2013-10-09 19:15:06 | Computer Name = MICHAŁ_PC | Source = Ftdisk | ID = 262193
Description = Konfigurowanie pliku strony dla zrzutu awaryjnego nie powiodło się.
Upewnij się, że na partycji rozruchowej znajduje się plik strony i że jest wystarczająco
duży, aby zawierać całą pamięć fizyczną.

Error - 2013-10-09 19:15:21 | Computer Name = MICHAŁ_PC | Source = W32Time | ID = 39452689
Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera
DNS ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi
próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji,
wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)

Error - 2013-10-09 19:15:21 | Computer Name = MICHAŁ_PC | Source = W32Time | ID = 39452701
Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas
z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.
Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego
czasu.

Error - 2013-10-09 19:15:36 | Computer Name = MICHAŁ_PC | Source = W32Time | ID = 39452689
Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera
DNS ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi
próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji,
wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)

Error - 2013-10-09 19:15:36 | Computer Name = MICHAŁ_PC | Source = W32Time | ID = 39452701
Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas
z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.
Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego
czasu.

Error - 2013-10-10 04:14:41 | Computer Name = MICHAŁ_PC | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2

[ Windows PowerShel Events ]
Error - 2013-04-26 23:49:55 | Computer Name = PC | Source = .NET Runtime Optimization Service | ID = 1103
Description =

Error - 2013-04-26 23:53:41 | Computer Name = PC | Source = Application Error | ID = 1000
Description =

Error - 2013-06-20 15:33:51 | Computer Name = MICHAŁ_PC | Source = MsiInstaller | ID = 11609
Description =

Error - 2013-06-20 15:33:53 | Computer Name = MICHAŁ_PC | Source = MsiInstaller | ID = 11609
Description =

Error - 2013-08-05 18:11:14 | Computer Name = MICHAŁ_PC | Source = .NET Runtime Optimization Service | ID = 1103
Description =

Error - 2013-10-08 06:02:34 | Computer Name = MICHAŁ_PC | Source = ESENT | ID = 494
Description =

Error - 2013-10-08 06:02:34 | Computer Name = MICHAŁ_PC | Source = ESENT | ID = 454
Description =

Error - 2013-10-10 04:19:06 | Computer Name = MICHAŁ_PC | Source = crypt32 | ID = 131083
Description =

Error - 2013-10-10 04:19:06 | Computer Name = MICHAŁ_PC | Source = crypt32 | ID = 131083
Description =

Error - 2013-10-10 04:19:06 | Computer Name = MICHAŁ_PC | Source = crypt32 | ID = 131083
Description =


< End of report >
[/log][/spoiler]

 

GMER:

 

[spoiler][log]GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-10-10 19:39:29
Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.ZM10 149,01GB
Running: qq62dpn4.exe; Driver: C:\DOCUME~1\Michal\USTAWI~1\Temp\uglyypow.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA7FBF610]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA80735FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA7FC00E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA8003B36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA7FCBF18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA7FCBF64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA7FCC0FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA80034EA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA7FCBE86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA7FCBFA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA7FCBECE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA7FC05E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA7FCC0B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA7FC0E9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA7FBF676]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA80041FC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA80044B2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA7FC4596]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA8004067]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA8003ED2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA80736C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA7FBF25E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA7FBF6DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA7FC498C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA7FC192C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA7FCBF42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA7FCBF86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA7FCC122]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA8003846]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA7FCBEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA7FC3E78]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA7FCC036]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA7FCBEF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA7FC426E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA7FCC0DC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA8073822]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA8003D4D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA7FC17F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA8003B9F]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA7FC134E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA8080744]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA8002B30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA7FBF742]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA7FBF7A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA7FC0D16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA7FBF2F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA7FBF4CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA8004303]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA7FBF45C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA7FC1066]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA7FC11C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA7FBF556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA7FC0B54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA7FC0CF6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA8071C42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA7FBF80E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA7FC0142]

INT 0x62 ? 87365BF8
INT 0x73 ? 873D6BF8
INT 0x83 ? 86879BF8
INT 0xA4 ? 86879BF8
INT 0xB4 ? 86879BF8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA808CE00]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 2.1 ----

.text ntoskrnl.exe!ZwYieldExecution + 11A 804E48C4 4 Bytes JMP B7A80034
.text ntoskrnl.exe!ZwYieldExecution + 3C2 804E4B6C 12 Bytes [42, F7, FB, A7, A8, F7, FB, ...]
.text ntoskrnl.exe!ZwYieldExecution + 46A 804E4C14 12 Bytes [66, 10, FC, A7, C8, 11, FC, ...] {ADC AH, BH; CMPSD ; ENTER 0xfc11, 0xa7; PUSH ESI; CMC ; STI ; CMPSD }
PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP A808B7B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80576715 4 Bytes CALL A7FC1FD9 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058BA0C 3 Bytes JMP A808CE04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx + 4 8058BA10 3 Bytes [27, CC, CC] {DAA ; INT 3 ; INT 3 }
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805DF70E 5 Bytes JMP A8089C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? spuq.sys Nie można odnaleźć określonego pliku. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF51D7000, 0x230C27, 0xE8000020]
.text USBPORT.SYS!DllUnload F518E8AC 5 Bytes JMP 868791D8
.text a9bter2q.SYS F50E9386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a9bter2q.SYS F50E93AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a9bter2q.SYS F50E93C4 3 Bytes [00, 80, 02]
.text a9bter2q.SYS F50E93C9 1 Byte [30]
.text a9bter2q.SYS F50E93C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text win32k.sys!EngFreeUserMem + 674 BF809980 1 Byte [E9]
.text win32k.sys!EngFreeUserMem + 674 BF809980 5 Bytes JMP A7FC6284 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C8DC 5 Bytes JMP A7FC6162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8139A7 5 Bytes JMP A7FC6116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E654 5 Bytes JMP A7FC4BF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 197D BF820D61 5 Bytes JMP A7FC56EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 11A6 BF82D57B 5 Bytes JMP A7FC4D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLockSurface + C09 BF82E6F9 5 Bytes JMP A7FC63FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 2E84 BF83908A 5 Bytes JMP A7FC6614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + B8EC BF841AF2 5 Bytes JMP A7FC600A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + E0A8 BF8442AE 5 Bytes JMP A7FC56CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + F624 BF84582A 5 Bytes JMP A7FC4DF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 290F BF86C704 5 Bytes JMP A7FC57C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 4BED BF86E9E2 5 Bytes JMP A7FC522C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 4C78 BF86EA6D 5 Bytes JMP A7FC5508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 584E BF86F643 5 Bytes JMP A7FC4AD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AC2C BF874A21 5 Bytes JMP A7FC61B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 67E3 BF87BC40 5 Bytes JMP A7FC633C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35E9 BF897CE9 5 Bytes JMP A7FC52F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4126 BF898826 5 Bytes JMP A7FC54C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF8B590C 5 Bytes JMP A7FC57E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 2862 BF8B902A 5 Bytes JMP A7FC656C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 35C2 BF8C1C5F 5 Bytes JMP A7FC4F24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + A58C BF8EB1E4 5 Bytes JMP A7FC570A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8EFCA5 5 Bytes JMP A7FC49C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 3BBE BF8F1E74 5 Bytes JMP A7FC5008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 3E3E BF8F20F4 5 Bytes JMP A7FC5150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A3E BF91480E 5 Bytes JMP A7FC4CDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1CEA BF914ABA 5 Bytes JMP A7FC588C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2612 BF9153E2 5 Bytes JMP A7FC4EBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F93 BF917D63 5 Bytes JMP A7FC5628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1943 BF948240 5 Bytes JMP A7FC64BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[368] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[492] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[492] SHELL32.dll!SHFileOperationW 7CA70984 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\WINDOWS\VistaDrive\VistaDrive.exe[588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\VistaDrive\VistaDrive.exe[588] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\LVCOMSX.EXE[604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\LVCOMSX.EXE[604] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[612] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[628] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[628] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[644] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[688] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[724] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 54, F1, 00] {SUB [ECX+ESI*8+0x0], DL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 57, F1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 54, F1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 55, F1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C76E
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 56, F1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 55, F1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 56, F1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C7DF
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 54, F1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91C90D
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 55, F1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 56, F1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 57, F1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012001F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 012003FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01211014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01210804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01210A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01210C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01210E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 012101F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 012103FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01210600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01220804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01220A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01220600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 012201F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[852] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 012203FC
.text C:\WINDOWS\system32\csrss.exe[856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[856] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[888] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1116] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1260] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1304] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1532] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1584] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1636] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1696] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1784] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Documents and Settings\Michal\Moje dokumenty\Downloads\Narzędzia do naprawy systemu - Nie uruchamiać\qq62dpn4.exe[1992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Michal\Moje dokumenty\Downloads\Narzędzia do naprawy systemu - Nie uruchamiać\qq62dpn4.exe[1992] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 6C, 06, 01] {SUB [ESI+EAX+0x1], CH}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 6F, 06, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 6C, 06, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 6D, 06, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91DC86
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 6E, 06, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 6D, 06, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 6E, 06, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91DCF7
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 6C, 06, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91DE25
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 6D, 06, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 6E, 06, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 6F, 06, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 013501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 013503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01361014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01360804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01360A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01360C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01360E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 013601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 013603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01360600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01370804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01370A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01370600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 013701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 013703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F4, 8F, 00] {SUB AH, DH; POP DWORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, F7, 8F, 00] {SUB BH, DH; POP DWORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F4, 8F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F5, 8F, 00] {TEST AL, 0xf5; POP DWORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91660E
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, F6, 8F, 00] {TEST AL, 0xf6; POP DWORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F5, 8F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, F6, 8F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91667F
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F4, 8F, 00] {TEST AL, 0xf4; POP DWORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9167AD
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F5, 8F, 00] {SUB CH, DH; POP DWORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, F6, 8F, 00] {SUB DH, DH; POP DWORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, F7, 8F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00BE01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00BE03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00BF1014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00BF0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00BF0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00BF0C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00BF0E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00BF01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00BF03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00BF0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00C00804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00C00A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00C00600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00C001F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00C003FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\svchost.exe[3360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3360] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3736] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A4, D7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A7, D7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A4, D7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A5, D7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91ADBE
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A6, D7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A5, D7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A6, D7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91AE2F
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A4, D7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91AF5D
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A5, D7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A6, D7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A7, D7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 010501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 010503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01061014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01060804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01060A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01060C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01060E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 010601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 010603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01060600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01070804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01070A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01070600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 010701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 010703FC

---- Kernel IAT/EAT - GMER 2.1 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 873D92D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F76C7DDC] spuq.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F76C7E30] spuq.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F769D042] spuq.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F769D13E] spuq.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F769D0C0] spuq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F769D800] spuq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F769D6D6] spuq.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 868792D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F76ACB90] spuq.sys
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!swprintf] 001CBA86
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IofCallDriver] 001CC186
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoStartTimer] 000022C0
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmUnlockPages] 00002280
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Program Files\Alwil Software\Avast5\avastUI.exe[644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C90790] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[852] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 01050010
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1532] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C90790] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2236] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 011A0010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2284] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00A30010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4056] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00EB0010

---- Devices - GMER 2.1 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 873D51F8

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBPDO-0 868781F8
Device \Driver\usbuhci \Device\USBPDO-1 868781F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 873D71F8
Device \Driver\dmio \Device\DmControl\DmConfig 873D71F8
Device \Driver\dmio \Device\DmControl\DmPnP 873D71F8
Device \Driver\dmio \Device\DmControl\DmInfo 873D71F8
Device \Driver\usbuhci \Device\USBPDO-2 868781F8
Device \Driver\PCI_PNP6632 \Device\00000046 spuq.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{9B88F9DB-B0AE-4237-BE3A-857DBA137FB5} 860831F8
Device \Driver\usbuhci \Device\USBPDO-3 868781F8
Device \Driver\usbehci \Device\USBPDO-4 8684B1F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 873661F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 873661F8
Device \Driver\Cdrom \Device\CdRom0 868231F8
Device \Driver\iaStor \Device\Ide\iaStor0 873D61F8
Device \Driver\atapi \Device\Ide\IdePort0 [F75EFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F75EFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 873D61F8
Device \Driver\Cdrom \Device\CdRom1 868231F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 860831F8
Device \Driver\NetBT \Device\NetbiosSmb 860831F8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBFDO-0 868781F8
Device \Driver\usbuhci \Device\USBFDO-1 868781F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8607E1F8
Device \Driver\usbuhci \Device\USBFDO-2 868781F8
Device \Driver\sptd \Device\1253136632 spuq.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8607E1F8
Device \Driver\usbuhci \Device\USBFDO-3 868781F8
Device \Driver\usbehci \Device\USBFDO-4 8684B1F8
Device \Driver\Ftdisk \Device\FtControl 873661F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{788F66A8-E515-43E8-AB51-B6209A3F529E} 860831F8
Device \Driver\a9bter2q \Device\Scsi\a9bter2q1Port2Path0Target0Lun0 867C31F8
Device \Driver\a9bter2q \Device\Scsi\a9bter2q1 867C31F8
Device \FileSystem\Cdfs \Cdfs 868A51F8

---- Trace I/O - GMER 2.1 ----

Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x873d61f8]<< 873d61f8
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87307868] 87307868
Trace 3 CLASSPNP.SYS[f77effd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86dd0030] 86dd0030
Trace \Driver\iaStor[0x873a9298] -> IRP_MJ_CREATE -> 0x873d61f8 873d61f8

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0xB4 0x05 0x5A ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0xC2 0x69 0xEE ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5C 0x35 0xC8 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0xB4 0x05 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0xC2 0x69 0xEE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5C 0x35 0xC8 0xFD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0xB4 0x05 0x5A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0xC2 0x69 0xEE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5C 0x35 0xC8 0xFD ...

---- EOF - GMER 2.1 ----
[/log][/spoiler]

Natsuki Kuga
komentarz
komentarz

Występują jeszcze jakieś problemy? Jeśli nie, podam kroki końcowe.

  • Dobra wypowiedź 1
Mateusz 935
komentarz
komentarz

Żadne problemy już nie występują. Niestety nie ma mnie już także teraz nie będę mógł wykonać tych kroków końcowych.

Chyba, że mogę wykonać je później będę u znajomego w przyszłym tygodniu. Myślę że żadne zmiany na PC nie zajdą ponieważ komputer jest wykorzystywany do internetu.

Natsuki Kuga
komentarz
komentarz

Jeśli jakoś dałbyś radę jednak wykonać, to podaję:

 

1. W OTL kliknij Sprzątanie, inne narzędzia też usuń.

2. Odinstaluj Java 6 Update 33 i zainstaluj nową Javę 7 Update 45: http://download.oracle.com/otn-pub/java/jdk/7u45-b18/jre-7u45-windows-x64.exe

3. Opróżnij folder przywracania systemu: http://support.microsoft.com/kb/264887/pl (wyłącz i włącz przywracanie systemu)

To wszystko.

  • Dobra wypowiedź 1
Mateusz 935
komentarz
komentarz

Dzięki :D

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.