Mateusz 935 utworzono 8 października 2013 utworzono 8 października 2013 (edytowane) Proszę o sprawdzenie logów. OTL: [spoiler][log]OTL logfile created on: 2013-10-08 16:32:25 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Michal\Moje dokumenty\Downloads Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,23 Mb Total Physical Memory | 282,16 Mb Available Physical Memory | 27,58% Memory free 2,40 Gb Paging File | 1,73 Gb Available in Paging File | 72,19% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 24,98 Gb Free Space | 63,96% Space Free | Partition Type: NTFS Drive D: | 109,94 Gb Total Space | 88,49 Gb Free Space | 80,49% Space Free | Partition Type: NTFS Computer Name: MICHAŁ_PC | User Name: Michal | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ========== PRC - [2013-10-08 16:10:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michal\Moje dokumenty\Downloads\OTL.exe PRC - [2013-10-03 17:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2013-08-30 18:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2013-08-30 18:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2011-05-28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe PRC - [2009-10-10 09:49:36 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe PRC - [2009-01-26 11:23:36 | 001,891,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-05-02 09:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe PRC - [2006-10-06 05:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe PRC - [2005-07-20 00:02:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE========== Modules (No Company Name) ========== MOD - [2013-10-08 22:07:23 | 002,105,344 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13100800\algo.dll MOD - [2013-10-03 17:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll MOD - [2013-10-03 17:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll MOD - [2013-10-03 17:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll MOD - [2013-08-06 19:03:03 | 011,896,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\343c44af659625266143951b4a0267f2\System.Web.ni.dll MOD - [2013-08-06 08:59:57 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2013-07-21 21:05:37 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\79533103112291e81204ca24aed19890\System.Configuration.ni.dll MOD - [2013-07-21 11:25:24 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\efecb20c44117df86f2eb5f93592fdd8\System.Windows.Forms.ni.dll MOD - [2013-07-21 11:19:02 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll MOD - [2013-07-21 11:17:02 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a1d221960bf7a0cbfd1f355595f77e83\System.Xml.ni.dll MOD - [2013-07-21 11:11:51 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\82a53e923936d5f62d9af4cdfe50a4f8\System.Drawing.ni.dll MOD - [2013-07-21 11:09:15 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\16562c54978851e92db8fec6f759bba1\System.ni.dll MOD - [2013-07-21 11:09:05 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll MOD - [2012-12-31 13:48:27 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3482.36915__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2012-12-31 13:48:27 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3482.36914__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2012-12-31 13:48:27 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3482.36918__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll MOD - [2012-12-31 13:48:27 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3482.36914__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll MOD - [2012-12-31 13:48:26 | 001,732,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3482.36835__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2012-12-31 13:48:26 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3482.36817__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2012-12-31 13:48:26 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3482.36836__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2012-12-31 13:48:26 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3482.36885__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2012-12-31 13:48:26 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3482.36831__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2012-12-31 13:48:26 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3482.36858__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2012-12-31 13:48:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3482.36825__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2012-12-31 13:48:25 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3482.36903__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2012-12-31 13:48:25 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3482.36825__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:25 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3482.36867__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2012-12-31 13:48:25 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3482.36835__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:25 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3482.36904__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:25 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3482.36835__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll MOD - [2012-12-31 13:48:24 | 000,643,072 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3482.36913__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:24 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3482.36872__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3482.36872__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2012-12-31 13:48:24 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3482.36913__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2012-12-31 13:48:24 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3482.36871__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2012-12-31 13:48:23 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3482.36860__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:23 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3482.36880__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2012-12-31 13:48:23 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3482.36836__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3482.36865__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:23 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3482.36859__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2012-12-31 13:48:23 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3482.36864__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2012-12-31 13:48:22 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3482.36837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:22 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3482.36826__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:22 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3482.36855__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:22 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3482.36858__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2012-12-31 13:48:22 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3482.36840__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2012-12-31 13:48:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3482.36866__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2012-12-31 13:48:21 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3482.36859__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:21 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:21 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3482.36859__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2012-12-31 13:48:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3462.24009__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2012-12-31 13:48:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3462.24008__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3462.24028__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3462.24053__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3462.24052__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3462.24025__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3462.24051__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2012-12-31 13:48:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3462.23989__90ba9c70f846762e\LOG.Foundation.dll MOD - [2012-12-31 13:48:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3462.23991__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2012-12-31 13:48:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2012-12-31 13:48:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3462.24023__90ba9c70f846762e\MOM.Foundation.dll MOD - [2012-12-31 13:48:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2012-12-31 13:48:20 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2012-12-31 13:48:19 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3462.24017__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2012-12-31 13:48:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3462.23996__90ba9c70f846762e\CLI.Foundation.dll MOD - [2012-12-31 13:48:19 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3462.24052__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2012-12-31 13:48:19 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3462.24037__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2012-12-31 13:48:19 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3462.24039__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2012-12-31 13:48:19 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2012-12-31 13:48:19 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3462.24047__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2012-12-31 13:48:19 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3462.24074__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2012-12-31 13:48:19 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3462.24011__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2012-12-31 13:48:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3462.24014__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2012-12-31 13:48:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3462.24001__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2012-12-31 13:48:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3462.24036__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3462.24034__90ba9c70f846762e\DEM.Graphics.dll MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3462.24019__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3462.24035__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3462.24020__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2012-12-31 13:48:18 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3482.36926__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2012-12-31 13:48:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3462.24040__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3462.24037__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3462.24037__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3482.36908__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2012-12-31 13:48:18 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3462.24039__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3462.24027__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3462.24036__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3462.24034__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3462.24023__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3462.24038__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3462.24025__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3462.24024__90ba9c70f846762e\APM.Foundation.dll MOD - [2012-12-31 13:48:18 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3462.24009__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2012-12-31 13:48:17 | 000,552,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3482.36893__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2012-12-31 13:48:17 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3482.36830__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2012-12-31 13:48:17 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3482.36898__90ba9c70f846762e\MOM.Implementation.dll MOD - [2012-12-31 13:48:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3482.36897__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2012-12-31 13:48:17 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3482.36816__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2012-12-31 13:48:17 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3462.23999__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2012-12-31 13:48:17 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3462.24005__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2012-12-31 13:48:17 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3462.24021__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2012-12-31 13:48:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3462.24007__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2012-12-31 13:48:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3462.24020__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2012-12-31 13:48:17 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2012-12-31 13:48:17 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2012-12-31 13:48:17 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3482.36815__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2012-12-31 13:48:16 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3482.36815__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2012-12-31 13:48:16 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3462.24020__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2012-12-31 13:48:16 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3462.24023__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2012-12-31 13:48:15 | 001,212,416 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3482.36822__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2012-12-31 13:48:15 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3482.36813__90ba9c70f846762e\APM.Server.dll MOD - [2012-12-31 13:48:15 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3482.36814__90ba9c70f846762e\AEM.Server.dll MOD - [2012-12-31 13:48:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3462.24013__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2012-12-31 13:48:15 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2012-12-31 13:48:15 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3462.24041__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2012-12-31 13:48:15 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3482.36898__90ba9c70f846762e\CCC.Implementation.dll MOD - [2012-03-15 01:01:43 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pl_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2012-03-15 01:01:41 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2011-05-28 14:47:00 | 000,127,376 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll MOD - [2011-05-28 14:47:00 | 000,101,264 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ComputerMenu.dll MOD - [2011-05-28 14:46:58 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madexcept_.bpl MOD - [2011-05-28 14:46:58 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madbasic_.bpl MOD - [2011-05-28 14:46:58 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\maddisAsm_.bpl MOD - [2011-04-11 16:26:33 | 000,024,064 | ---- | M] () -- C:\WINDOWS\system32\spe__l.dll MOD - [2010-10-21 13:45:58 | 000,494,080 | ---- | M] () -- C:\WINDOWS\system32\SNXPWIA.dll MOD - [2010-10-21 13:45:50 | 000,120,320 | ---- | M] () -- C:\WINDOWS\system32\SNXPEH.dll MOD - [2009-10-10 09:49:36 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe MOD - [2009-10-06 01:40:42 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\suge1l3.dll MOD - [2009-07-22 10:47:18 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009-02-02 12:02:33 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\CopyToSendTo.dll MOD - [2008-05-02 09:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe MOD - [2008-05-02 09:15:38 | 000,010,240 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll MOD - [2008-05-02 09:15:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll MOD - [2008-04-15 22:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006-10-06 05:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe========== Services (SafeList) ========== SRV - [2013-09-21 05:17:32 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-08-30 18:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2013-07-25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2011-05-28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nvhda32.sys -- (NVHDA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcecm.sys -- (huawei_cdcecm) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (acpdpzc7) DRV - [2013-08-30 18:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013-08-30 18:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013-08-30 18:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013-08-30 18:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013-08-30 18:48:12 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2013-08-30 18:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013-08-30 18:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013-08-30 18:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2013-04-04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012-10-31 09:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2012-08-04 13:00:33 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2012-05-14 17:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService) DRV - [2009-10-07 01:24:16 | 005,922,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2009-10-06 23:49:56 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp) DRV - [2009-07-15 15:20:10 | 004,407,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009-05-01 05:26:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) DRV - [2008-10-31 06:10:48 | 000,117,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2008-08-06 02:40:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008-04-14 17:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007-02-12 22:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\iaStor70.sys -- (iastor70) DRV - [2007-02-12 22:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor70.sys -- (iaStor) DRV - [2006-01-04 22:11:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)========== Standard Registry (SafeList) ==================== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\.DEFAULT\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-18\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-20\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - No CLSID value found IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes,DefaultScope = {3394CC98-A156-4D45-B7E8-8770BDAD65A5} IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=PL&install_date=20120314&user_guid=49114CEFBA804F98BA6E978CFD5A36C2&machine_id=8f49ada212b0c249a84e86293d7617f2&browser=IE&os=win&os_version=5.1-x86-SP3&iesrc={referrer:source} IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B03B00138FD988C3&affID=119357&tsp=4948 IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{3394CC98-A156-4D45-B7E8-8770BDAD65A5}: "URL" = http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=021313&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{60C8E06D-4473-43F6-BC2E-09CDDEE8E4B4}: "URL" = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7SKPB_pl IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ========== FF - prefs.js..browser.search.order.3: "Bing " FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013-09-28 05:56:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-08-06 00:19:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-09-28 19:00:05 | 000,000,000 | ---D | M] [2013-10-08 12:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Extensions [2013-10-06 07:15:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\extensions [2013-04-08 08:17:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-07-20 07:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\extensions\ffxtlbr@babylon.com [2013-07-20 07:23:08 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\babylon.xml [2013-02-14 04:08:43 | 000,002,402 | ---- | M] () -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\bingp.xml [2013-07-20 07:23:08 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\BrowserDefender.xml [2013-07-20 07:24:13 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\delta.xml [2012-03-14 15:43:19 | 000,001,390 | ---- | M] () -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\yahoo-zugo.xml [2013-10-06 07:15:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-08-06 20:53:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-08-06 20:53:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2013-03-30 20:09:46 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2013-03-30 20:09:46 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2013-03-30 20:09:46 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2013-03-30 20:09:46 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2013-03-30 20:09:46 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2013-03-30 20:09:46 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nprpjplug.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 6.0.330.5 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\ O1 HOSTS File: ([2008-04-15 22:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKLM..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe () O4 - HKU\.DEFAULT..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-18..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-20..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\.DEFAULT..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found O4 - HKU\S-1-5-18..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found O4 - HKU\S-1-5-20..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{788F66A8-E515-43E8-AB51-B6209A3F529E}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B88F9DB-B0AE-4237-BE3A-857DBA137FB5}: NameServer = 62.233.233.233 87.204.204.204 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013-07-20 08:03:48 | 000,000,040 | ---- | M] () - C:\Autoconfig.ini -- [ NTFS ] O32 - AutoRun File - [2009-10-19 01:10:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{7600b32d-cb05-11df-971f-00138fd988c3}\Shell\AutoRun\command - "" = p.exe O33 - MountPoints2\{7600b32d-cb05-11df-971f-00138fd988c3}\Shell\open\Command - "" = p.exe O33 - MountPoints2\{90db2645-ddd8-11e1-993a-00138fd988c3}\Shell - "" = AutoRun O33 - MountPoints2\{90db2645-ddd8-11e1-993a-00138fd988c3}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{a2d1c55a-cf27-11e1-992a-00138fd988c3}\Shell - "" = AutoRun O33 - MountPoints2\{a2d1c55a-cf27-11e1-992a-00138fd988c3}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a2d1c55d-cf27-11e1-992a-00138fd988c3}\Shell - "" = AutoRun O33 - MountPoints2\{a2d1c55d-cf27-11e1-992a-00138fd988c3}\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)========== Files/Folders - Created Within 30 Days ========== [2013-10-08 16:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Temp [2013-10-08 13:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\HD Tune [2013-10-08 13:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune [2013-10-08 13:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Dane aplikacji\ATI [2013-09-19 01:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Gimnazjum - Chemia Nowej Ery [2013-09-19 01:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Gimnazjum - Chemia Nowej Ery [2013-09-19 01:47:32 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUn0415.exe [3 C:\Documents and Settings\Michal\*.tmp files -> C:\Documents and Settings\Michal\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files - Modified Within 30 Days ========== [2013-10-08 16:17:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013-10-08 15:49:02 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\Michal\Pulpit\Skrót do muza dawid.lnk [2013-10-08 15:45:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013-10-08 15:44:09 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013-10-08 15:42:51 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013-10-08 15:42:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013-10-08 13:34:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013-10-08 03:51:47 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk [2013-10-08 03:43:09 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2013-09-28 06:32:01 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2013-09-21 05:17:30 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013-09-21 05:17:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013-09-19 18:03:31 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013-09-19 01:47:50 | 000,001,322 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gimnazjum - Chemia Nowej Ery.lnk [3 C:\Documents and Settings\Michal\*.tmp files -> C:\Documents and Settings\Michal\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files Created - No Company Name ========== [2013-10-08 15:49:01 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\Michal\Pulpit\Skrót do muza dawid.lnk [2013-09-19 01:47:50 | 000,001,322 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gimnazjum - Chemia Nowej Ery.lnk [2013-08-05 17:49:54 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\pebbsbc.sys [2013-07-20 10:56:45 | 000,010,793 | ---- | C] () -- C:\Documents and Settings\Michal\Dane aplikacji\SmarThruOptions.xml [2013-07-20 10:55:32 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll [2013-07-20 10:52:35 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini [2013-07-20 10:52:03 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll [2013-07-20 08:00:24 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\spe__l.dll [2013-07-20 08:00:22 | 000,158,040 | ---- | C] () -- C:\WINDOWS\System32\spe__ci.exe [2013-07-20 08:00:21 | 001,571,160 | ---- | C] () -- C:\WINDOWS\TotalUninstaller.exe [2013-07-20 06:39:09 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2013-07-20 06:38:04 | 000,120,112 | ---- | C] () -- C:\WINDOWS\Wiainst.exe [2013-07-20 06:37:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll [2013-07-20 06:37:57 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll [2013-07-20 06:37:57 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll [2013-07-20 06:37:57 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll [2013-07-20 06:37:57 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll [2013-07-20 06:35:56 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\suge1l3.dll [2013-06-28 19:23:46 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum [2013-06-28 19:23:46 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum [2013-06-28 19:23:46 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum [2013-03-31 19:59:36 | 000,177,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013-03-31 19:59:36 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2012-12-31 13:50:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2012-12-31 13:47:34 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2012-09-26 19:45:28 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2012-09-02 13:12:22 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-03-14 15:42:46 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012-03-14 15:42:46 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2012-03-14 15:42:34 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2012-03-14 15:42:32 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012-02-17 02:29:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012-01-30 21:10:09 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-01-07 21:15:15 | 000,016,171 | ---- | C] () -- C:\Documents and Settings\Michal\Menu Start.rar========== ZeroAccess Check ========== [2009-10-19 01:12:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009-02-03 02:06:35 | 002,254,336 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 21:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-15 22:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both========== LOP Check ========== [2010-12-16 06:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2013-07-20 07:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon [2012-08-04 12:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2013-08-05 15:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService [2012-03-15 00:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit [2013-08-05 15:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PLAY ONLINE [2013-07-20 08:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Samsung [2013-07-20 08:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SSScan [2013-08-05 16:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Weskysoft [2012-08-04 13:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\DAEMON Tools Lite [2012-03-16 11:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2013-08-06 08:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\IObit [2009-12-24 05:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\Leadertech [2013-07-20 07:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\pdfforge [2013-07-20 08:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\Samsung========== Purity Check ========== < End of report > [/log][/spoiler] Extras: [spoiler] [log]OTL Extras logfile created on: 2013-10-08 16:32:25 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Michal\Moje dokumenty\Downloads Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,23 Mb Total Physical Memory | 282,16 Mb Available Physical Memory | 27,58% Memory free 2,40 Gb Paging File | 1,73 Gb Available in Paging File | 72,19% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 24,98 Gb Free Space | 63,96% Space Free | Partition Type: NTFS Drive D: | 109,94 Gb Total Space | 88,49 Gb Free Space | 80,49% Space Free | Partition Type: NTFS Computer Name: MICHAŁ_PC | User Name: Michal | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE\Classes\] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\Microsoft Office\Office12\ONENOTE.EXE "%L" [2013-07-21 10:56:39 | 000,000,000 | ---D | M] Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "5985:TCP" = 5985:TCP:*:Disabled:Zdalne zarządzanie systemem Windows "80:TCP" = 80:TCP:*:Disabled:Zdalne zarządzanie systemem Windows — tryb zgodności (ruch przychodzący HTTP)========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe" = C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe:*:Enabled:Samsung Universal Print Driver 2 -- (Samsung Electronics Co., Ltd.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe" = C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe:*:Enabled:Samsung Universal Print Driver 2 -- (Samsung Electronics Co., Ltd.) "C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe" = C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe:*:Enabled:USDAgent -- (Samsung Electronics Co., Ltd.) "C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe" = C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe:*:Enabled:ICCUpdater -- (Samsung Electronics Co., Ltd.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0AACB61D-9A82-6836-2840-28D0CF08781B}" = Catalyst Control Center Graphics Light "{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{221BCE94-499E-21A9-4744-364294430D6A}" = Catalyst Control Center Graphics Full New "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33 "{2A59A62D-09BA-E4CF-C7C2-E30332CE50F1}" = ccc-core-static "{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK "{2C04F12D-9AE2-B73C-17F7-A906A3D0C147}" = Catalyst Control Center HydraVision Full "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A85E968-9E24-0AE4-BC49-1614E86F0A50}" = Catalyst Control Center Graphics Previews Common "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7 "{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com "{76D92E84-A78B-2F37-E165-95BC732750E0}" = ccc-core-preinstall "{78CCDC80-1C7A-B95F-9968-33B1897CC5C3}" = AMD Catalyst Install Manager "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8) "{B4CF385A-2015-5236-C2DB-EF09DA2AEA6C}" = CCC Help English "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C573C350-C666-586C-B309-7C9BD4A44BBF}" = e-Deklaracje Desktop "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D52ED371-E583-2A3F-C17C-2FC42E2D0077}" = Catalyst Control Center Graphics Full Existing "{D5A11B8A-2A7B-2BED-E05F-2318C83A771B}" = ccc-utility "{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F58DBB36-F623-048A-0780-4FFDEA2486CA}" = Catalyst Control Center Core Implementation "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Advanced SystemCare 4_is1" = Advanced SystemCare 4 "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "avast" = avast! Free Antivirus "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DamnNFOViewer" = DAMN NFO Viewer v2.10.0032.RC3 (Remove Only) "e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1" = e-Deklaracje Desktop "ENTERPRISE" = Microsoft Office Enterprise 2007 "Gimnazjum - Chemia Nowej Ery" = Gimnazjum - Chemia Nowej Ery "Google Chrome" = Google Chrome "HD Tune_is1" = HD Tune 2.55 "ie8" = Windows Internet Explorer 8 "jv16 PowerTools 2013" = jv16 PowerTools 2013 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.2.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "QcDrv" = Camera Driver "RealAlt_is1" = Real Alternative 2.0.2 "Revo Uninstaller" = Revo Uninstaller 1.89 "RocketDock_is1" = RocketDock 1.3.5 "Samsung SCX-4200 Series" = Samsung SCX-4200 Series "Samsung Universal Print Driver 2" = Samsung Universal Print Driver 2 "Samsung Universal Scan Driver" = Samsung Universal Scan Driver "The KMPlayer" = The KMPlayer (remove only) "VDrive" = Vista Drive Indicator! "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Winamp" = Winamp "WinRAR archiver" = WinRAR archiver "xp-AntiSpy" = xp-AntiSpy 3.98-2 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013-04-11 05:17:24 | Computer Name = MICHAL-10E0FC9C | Source = JavaQuickStarterService | ID = 1 Description = Error - 2013-04-22 14:54:35 | Computer Name = MICHAL-10E0FC9C | Source = WmiAdapter | ID = 4099 Description = Otwarcie usługi nie powiodło się. Error - 2013-04-25 05:17:23 | Computer Name = PC | Source = JavaQuickStarterService | ID = 1 Description = Error - 2013-04-26 23:49:55 | Computer Name = PC | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error - 2013-04-26 23:53:41 | Computer Name = PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd skype.exe, wersja 6.3.0.105, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.6055, adres błędu 0x0001055f. Error - 2013-06-20 15:33:51 | Computer Name = MICHAŁ_PC | Source = MsiInstaller | ID = 11609 Description = Error - 2013-06-20 15:33:53 | Computer Name = MICHAŁ_PC | Source = MsiInstaller | ID = 11609 Description = Error - 2013-08-05 18:11:14 | Computer Name = MICHAŁ_PC | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error - 2013-10-08 06:02:34 | Computer Name = MICHAŁ_PC | Source = ESENT | ID = 494 Description = Catalog Database (1304) Odzyskiwanie bazy danych zakończyło się niepomyślnie z błędem -1216, ponieważ napotkano odwołania do bazy danych 'C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb', której już nie ma. Baza danych nie została doprowadzona do spójnego stanu, zanim została usunięta (możliwe też, że ją przeniesiono lub zmieniono jej nazwę). Aparat bazy danych nie pozwoli na dokończenie odzyskiwania w wypadku tego wystąpienia, dopóki brakująca baza danych nie zostanie przywrócona na miejsce. Jeśli baza danych faktycznie nie jest już dostępna ani wymagana, skontaktuj się z działem pomocy technicznej w celu uzyskania dodatkowych instrukcji dotyczących czynności, które umożliwią przeprowadzenie operacji odzyskiwania bez tej bazy danych. Error - 2013-10-08 06:02:34 | Computer Name = MICHAŁ_PC | Source = ESENT | ID = 454 Description = Catalog Database (1304) Odzyskiwanie/przywracanie bazy danych nie powiodło się z powodu nieoczekiwanego błędu: -1216. [ System Events ] Error - 2013-10-08 06:03:49 | Computer Name = MICHAŁ_PC | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2 Error - 2013-10-08 06:08:48 | Computer Name = MICHAŁ_PC | Source = Ftdisk | ID = 262189 Description = System nie może pomyślnie załadować sterownika zrzutu awaryjnego. Error - 2013-10-08 06:08:48 | Computer Name = MICHAŁ_PC | Source = Ftdisk | ID = 262193 Description = Konfigurowanie pliku strony dla zrzutu awaryjnego nie powiodło się. Upewnij się, że na partycji rozruchowej znajduje się plik strony i że jest wystarczająco duży, aby zawierać całą pamięć fizyczną. Error - 2013-10-07 21:07:47 | Computer Name = MICHAŁ_PC | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2 Error - 2013-10-07 22:34:53 | Computer Name = MICHAŁ_PC | Source = Ftdisk | ID = 262189 Description = System nie może pomyślnie załadować sterownika zrzutu awaryjnego. Error - 2013-10-07 22:34:53 | Computer Name = MICHAŁ_PC | Source = Ftdisk | ID = 262193 Description = Konfigurowanie pliku strony dla zrzutu awaryjnego nie powiodło się. Upewnij się, że na partycji rozruchowej znajduje się plik strony i że jest wystarczająco duży, aby zawierać całą pamięć fizyczną. Error - 2013-10-07 22:35:23 | Computer Name = MICHAŁ_PC | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2 Error - 2013-10-08 00:43:14 | Computer Name = MICHAŁ_PC | Source = Ftdisk | ID = 262189 Description = System nie może pomyślnie załadować sterownika zrzutu awaryjnego. Error - 2013-10-08 00:43:14 | Computer Name = MICHAŁ_PC | Source = Ftdisk | ID = 262193 Description = Konfigurowanie pliku strony dla zrzutu awaryjnego nie powiodło się. Upewnij się, że na partycji rozruchowej znajduje się plik strony i że jest wystarczająco duży, aby zawierać całą pamięć fizyczną. Error - 2013-10-08 00:44:30 | Computer Name = MICHAŁ_PC | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2 [ Windows PowerShel Events ] Error - 2013-04-11 05:17:24 | Computer Name = MICHAL-10E0FC9C | Source = JavaQuickStarterService | ID = 1 Description = Error - 2013-04-22 14:54:35 | Computer Name = MICHAL-10E0FC9C | Source = WmiAdapter | ID = 4099 Description = Error - 2013-04-25 05:17:23 | Computer Name = PC | Source = JavaQuickStarterService | ID = 1 Description = Error - 2013-04-26 23:49:55 | Computer Name = PC | Source = .NET Runtime Optimization Service | ID = 1103 Description = Error - 2013-04-26 23:53:41 | Computer Name = PC | Source = Application Error | ID = 1000 Description = Error - 2013-06-20 15:33:51 | Computer Name = MICHAŁ_PC | Source = MsiInstaller | ID = 11609 Description = Error - 2013-06-20 15:33:53 | Computer Name = MICHAŁ_PC | Source = MsiInstaller | ID = 11609 Description = Error - 2013-08-05 18:11:14 | Computer Name = MICHAŁ_PC | Source = .NET Runtime Optimization Service | ID = 1103 Description = Error - 2013-10-08 06:02:34 | Computer Name = MICHAŁ_PC | Source = ESENT | ID = 494 Description = Error - 2013-10-08 06:02:34 | Computer Name = MICHAŁ_PC | Source = ESENT | ID = 454 Description = < End of report > [/log] [/spoiler] Podczas skanowania PC programem Malwarebytes Anti-Malware wykryto 7 obiektów usunąć? http://imageshack.us/photo/my-images/571/ptz6.png/ Postać logu: [spoiler] [log]Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Wersja bazy: v2013.10.07.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Michal :: MICHAŁ_PC [administrator] Ochrona: Wyłączona 2013-10-08 16:39:51 MBAM-log-2013-10-08 (17-12-44).txt Typ skanowania: Pełne skanowanie (C:\|) Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM Odznaczone opcje skanowania: P2P Przeskanowano obiektów: 223871 Upłynęło: 30 minut(y), 56 sekund(y) Wykrytych procesów w pamięci: 0 (Nie znaleziono zagrożeń) Wykrytych modułów w pamięci: 0 (Nie znaleziono zagrożeń) Wykrytych kluczy rejestru: 5 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Nie wykonano akcji. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Nie wykonano akcji. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Nie wykonano akcji. HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> Nie wykonano akcji. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Nie wykonano akcji. Wykrytych wartości rejestru: 2 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> Nie wykonano akcji. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|bProtectTabs (PUP.Optional.BrowserProtect.A) -> Data: http://www1.delta-search.com/?babsrc=NT_ss&mntrId=B03B00138FD988C3&affID=119357&tsp=4948 -> Nie wykonano akcji. Wykryte wpisy rejestru systemowego: 0 (Nie znaleziono zagrożeń) wykrytych folderów: 0 (Nie znaleziono zagrożeń) Wykrytych plików: 0 (Nie znaleziono zagrożeń) (zakończone) [/log] [/spoiler] Z góry dziękuje. Pozdrawiam
Natsuki Kuga komentarz 9 października 2013 komentarz 9 października 2013 Podczas skanowania PC programem Malwarebytes Anti-Malware wykryto 7 obiektów usunąć? Tak, usuń. 1. Podepnij wszystkie pamięci przenośne jakie posiadasz i do OTL w okno Własne opcje skanowania/Skrypt wklej: :OTL IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...dir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=PL&install_date=20120314&user_guid=49114CEFBA804F98BA6E978CFD5A36C2&machine_id=8f49ada212b0c249a84e86293d7617f2&browser=IE&os=win&os_version=5.1-x86-SP3&iesrc={referrer:source} IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B03B00138FD988C3&affID=119357&tsp=4948 IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...dir=2685&query={searchTerms}&invocationType=tb50winampie7 [2013-07-20 07:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\extensions\ffxtlbr@babylon.com [2013-07-20 07:23:08 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\babylon.xml [2013-07-20 07:23:08 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\BrowserDefender.xml [2013-07-20 07:24:13 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\delta.xml O33 - MountPoints2\{7600b32d-cb05-11df-971f-00138fd988c3}\Shell\AutoRun\command - "" = p.exe O33 - MountPoints2\{7600b32d-cb05-11df-971f-00138fd988c3}\Shell\open\Command - "" = p.exe :Files C:\Documents and Settings\All Users\Dane aplikacji\Babylon :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "5985:TCP"=- "80:TCP"=- Kliknij Wykonaj skrypt, pokaż raport.2. Użyj USBFix z opcji Deletion. Pokaż raport.3. Odepnij pamięci i użyj AdwCleaner z opcji Usuń. Pokaż raport.4. Pokaż zestaw nowych logów + log z Gmer. 1
Mateusz 935 komentarz 10 października 2013 Autor komentarz 10 października 2013 1. Raport po wykonaniu skryptu: [spoiler][log]========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found. Registry key HKEY_USERS\S-1-5-21-448539723-1292428093-842925246-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0388404D-6072-4CEB-B521-8F090FEAEE57}\ not found. Registry key HKEY_USERS\S-1-5-21-448539723-1292428093-842925246-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-448539723-1292428093-842925246-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found. C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully. C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully. C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\extensions\ffxtlbr@babylon.com folder moved successfully. C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\babylon.xml moved successfully. C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\BrowserDefender.xml moved successfully. C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\delta.xml moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7600b32d-cb05-11df-971f-00138fd988c3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7600b32d-cb05-11df-971f-00138fd988c3}\ not found. File p.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7600b32d-cb05-11df-971f-00138fd988c3}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7600b32d-cb05-11df-971f-00138fd988c3}\ not found. File p.exe not found. ========== FILES ========== C:\Documents and Settings\All Users\Dane aplikacji\Babylon folder moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5985:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\80:TCP deleted successfully. OTL by OldTimer - Version 3.2.69.0 log created on 10102013_095542 [/log][/spoiler] 2. USBFix: [spoiler][log]############################## | UsbFix V 7.144 | [Deletion] User: Michal (Administrator) # MICHAŁ_PC Updated 08/10/2013 by El Desaparecido - Team SosVirus Started at 09:57:37 | 10/10/2013 Website: http://www.usbfix.net/ Forum : http://www.sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload_malware.php Contact: http://www.usbfix.net/contact/ PC: (775XFire-VSTA) CPU: Intel(R) Pentium(R) 4 CPU 3.00GHz RAM -> [Total : 1023 | Free : 432] Bios: American Megatrends Inc. Boot: Normal boot OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 3 WB: Windows Internet Explorer 8.0.6001.18702 SC: Security Center Service [(!) Disabled] WU: Windows Update Service [Enabled] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 39 Gb (25 Mb free - 63%) [System] # NTFS D:\ -> Fixed drive # 110 Gb (88 Mb free - 80%) [] # NTFS E:\ -> CD-ROM F:\ -> CD-ROM ################## | Regedit Run | HKLM\SOFTWARE | Run : [VistaDrive] - C:\WINDOWS\VistaDrive\VistaDrive.exe HKLM\SOFTWARE | Run : [LVCOMSX] - C:\WINDOWS\system32\LVCOMSX.EXE HKLM\SOFTWARE | Run : [RTHDCPL] - RTHDCPL.EXE HKLM\SOFTWARE | Run : [UnlockerAssistant] - "C:\Program Files\Unlocker\UnlockerAssistant.exe" HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [Samsung PanelMgr] - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun HKLM\SOFTWARE | RunOnce : [] - HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE HKU\S-1-5-20\SOFTWARE | Run : [RocketDock] - "C:\Program Files\RocketDock\RocketDock.exe" HKU\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe HKU\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE HKU\S-1-5-18\SOFTWARE | Run : [RocketDock] - "C:\Program Files\RocketDock\RocketDock.exe" HKU\S-1-5-20\SOFTWARE | RunOnce : [_nltide_2] - regsvr32 /s /n /i:U shell32 HKU\S-1-5-20\SOFTWARE | RunOnce : [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-18\SOFTWARE | RunOnce : [_nltide_2] - regsvr32 /s /n /i:U shell32 HKU\S-1-5-18\SOFTWARE | RunOnce : [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N ################## | Stopped processes | Stopped! C:\WINDOWS\system32\Ati2evxx.exe (ID 1120 |ParentID 932) Stopped! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID 1544 |ParentID 932) Stopped! C:\WINDOWS\system32\Ati2evxx.exe (ID 1588 |ParentID 888) Stopped! C:\WINDOWS\system32\spoolsv.exe (ID 1776 |ParentID 932) Stopped! C:\WINDOWS\VistaDrive\VistaDrive.exe (ID 640 |ParentID 2036) Stopped! C:\WINDOWS\system32\LVCOMSX.EXE (ID 676 |ParentID 2036) Stopped! C:\WINDOWS\RTHDCPL.EXE (ID 688 |ParentID 2036) Stopped! C:\Program Files\Unlocker\UnlockerAssistant.exe (ID 700 |ParentID 2036) Stopped! C:\Program Files\Alwil Software\Avast5\avastUI.exe (ID 784 |ParentID 2036) Stopped! C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe (ID 832 |ParentID 2036) Stopped! C:\WINDOWS\system32\ctfmon.exe (ID 852 |ParentID 2036) Stopped! C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID 1460 |ParentID 668) Stopped! C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe (ID 1580 |ParentID 932) Stopped! C:\Program Files\Java\jre6\bin\jqs.exe (ID 408 |ParentID 932) Stopped! C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID 564 |ParentID 932) Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID 3300 |ParentID 2036) Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID 2664 |ParentID 3300) Stopped! C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (ID 2024 |ParentID 1460) Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID 2124 |ParentID 3300) ################## | Files # Infected Folders | (!) Temporary files deleted. ################## | Registry | Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{90db2645-ddd8-11e1-993a-00138fd988c3} Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{a2d1c55a-cf27-11e1-992a-00138fd988c3} Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{a2d1c55d-cf27-11e1-992a-00138fd988c3} ################## | Listing | [31/12/2012 - 13:36:09 | D ] C:\AMD [31/12/2012 - 13:46:19 | D ] C:\ATI [20/07/2013 - 08:03:48 | N | 40] C:\Autoconfig.ini [19/10/2009 - 01:10:55 | N | 0] C:\AUTOEXEC.BAT [19/10/2009 - 01:03:32 | N | 211] C:\boot.ini [15/04/2008 - 22:00:00 | N | 4952] C:\Bootfont.bin [19/10/2009 - 01:10:55 | N | 0] C:\CONFIG.SYS [20/08/2013 - 17:56:19 | N | 0] C:\Cookies [19/10/2009 - 01:26:09 | D ] C:\Documents and Settings [19/10/2009 - 01:10:55 | N | 0] C:\IO.SYS [19/10/2009 - 01:10:55 | N | 0] C:\MSDOS.SYS [20/07/2013 - 06:54:13 | RHD ] C:\MSOCache [15/04/2008 - 22:00:00 | N | 47564] C:\NTDETECT.COM [15/04/2008 - 22:00:00 | N | 251152] C:\ntldr [10/10/2013 - 09:17:16 | ASH | 1610612736] C:\pagefile.sys [08/10/2013 - 13:54:18 | D ] C:\Program Files [19/10/2009 - 01:27:07 | SHD ] C:\RECYCLER [19/10/2009 - 01:24:29 | SHD ] C:\System Volume Information [20/07/2013 - 19:40:35 | D ] C:\Temp [10/10/2013 - 09:58:59 | D ] C:\UsbFix [10/10/2013 - 10:08:47 | A | 5605] C:\UsbFix [Clean 1] MICHAŁ_PC.txt [08/10/2013 - 17:45:28 | D ] C:\WINDOWS [10/10/2013 - 09:55:42 | D ] C:\_OTL [06/08/2013 - 09:04:48 | D ] D:\Disco wesele [20/07/2013 - 12:40:41 | D ] D:\Filmy [08/10/2013 - 15:48:24 | D ] D:\muza dawid [14/03/2012 - 15:27:47 | D ] D:\My Shared Folder [14/03/2012 - 15:29:42 | D ] D:\Programy [13/01/2011 - 03:23:05 | SHD ] D:\RECYCLER [20/07/2013 - 11:49:21 | D ] D:\Sterowniki_Drukarka_Samsung_SCX_4200 [13/01/2011 - 03:22:31 | SHD ] D:\System Volume Information [14/03/2012 - 15:29:02 | D ] D:\Zdjęcia ################## | Vaccin | C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) ################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |[/log][/spoiler] 3. AdwCleaner: [spoiler][log]# AdwCleaner v3.007 - Report created 10/10/2013 at 10:11:48 # Updated 09/10/2013 by Xplode # Operating System : Microsoft Windows XP Dodatek Service Pack 3 (32 bits) # Username : Michal - MICHAŁ_PC # Running from : C:\Documents and Settings\Michal\Moje dokumenty\Downloads\adwcleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\bProtector_extensions.rdf File Found : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\invalidprefs.js File Found : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\bingp.xml File Found : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\yahoo-zugo.xml File Found : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\user.js File Found : C:\Program Files\Mozilla Firefox\.autoreg Folder Found C:\Documents and Settings\Michal\Dane aplikacji\pdfforge ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\96dd8be138ec43 Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Found : HKCU\Software\Zugo Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\Software\DataMngr Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v3.0.19 (pl) [ File : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\prefs.js ] Line Found : user_pref("extensions.delta.admin", false); Line Found : user_pref("extensions.delta.aflt", "babsst"); Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Line Found : user_pref("extensions.delta.autoRvrt", "false"); Line Found : user_pref("extensions.delta.bbDpng", "6"); Line Found : user_pref("extensions.delta.cntry", "PL"); Line Found : user_pref("extensions.delta.dfltLng", "en"); Line Found : user_pref("extensions.delta.excTlbr", false); Line Found : user_pref("extensions.delta.ffxUnstlRst", true); Line Found : user_pref("extensions.delta.hdrMd5", "9B41987A0DBD4BF8EA00A20018B28C9A"); Line Found : user_pref("extensions.delta.id", "b03be40200000000000000138fd988c3"); Line Found : user_pref("extensions.delta.instlDay", "15905"); Line Found : user_pref("extensions.delta.instlRef", "sst"); Line Found : user_pref("extensions.delta.lastVrsnTs", "1.8.21.57:23:50"); Line Found : user_pref("extensions.delta.newTab", false); Line Found : user_pref("extensions.delta.prdct", "delta"); Line Found : user_pref("extensions.delta.prtnrId", "delta"); Line Found : user_pref("extensions.delta.rvrt", "false"); Line Found : user_pref("extensions.delta.sg", "tzb"); Line Found : user_pref("extensions.delta.smplGrp", "none"); Line Found : user_pref("extensions.delta.tlbrId", "base"); Line Found : user_pref("extensions.delta.tlbrSrchUrl", ""); Line Found : user_pref("extensions.delta.vrsn", "1.8.21.5"); Line Found : user_pref("extensions.delta.vrsnTs", "1.8.21.57:23:50"); Line Found : user_pref("extensions.delta.vrsni", "1.8.21.5"); Line Found : user_pref("extensions.delta_i.babExt", ""); Line Found : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4948"); Line Found : user_pref("extensions.delta_i.srcExt", "ss"); -\\ Google Chrome v30.0.1599.69 [ File : C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [5599 octets] - [10/10/2013 10:11:48] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5659 octets] ########## [/log][/spoiler] [spoiler][log]# AdwCleaner v3.007 - Report created 10/10/2013 at 10:13:46 # Updated 09/10/2013 by Xplode # Operating System : Microsoft Windows XP Dodatek Service Pack 3 (32 bits) # Username : Michal - MICHAŁ_PC # Running from : C:\Documents and Settings\Michal\Moje dokumenty\Downloads\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\Michal\Dane aplikacji\pdfforge File Deleted : C:\Program Files\Mozilla Firefox\.autoreg File Deleted : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\bProtector_extensions.rdf File Deleted : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\invalidprefs.js File Deleted : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\bingp.xml File Deleted : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\searchplugins\yahoo-zugo.xml File Deleted : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKCU\Software\96dd8be138ec43 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKCU\Software\Zugo Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v3.0.19 (pl) [ File : C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\prefs.js ] Line Deleted : user_pref("extensions.delta.admin", false); Line Deleted : user_pref("extensions.delta.aflt", "babsst"); Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Line Deleted : user_pref("extensions.delta.autoRvrt", "false"); Line Deleted : user_pref("extensions.delta.bbDpng", "6"); Line Deleted : user_pref("extensions.delta.cntry", "PL"); Line Deleted : user_pref("extensions.delta.dfltLng", "en"); Line Deleted : user_pref("extensions.delta.excTlbr", false); Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true); Line Deleted : user_pref("extensions.delta.hdrMd5", "9B41987A0DBD4BF8EA00A20018B28C9A"); Line Deleted : user_pref("extensions.delta.id", "b03be40200000000000000138fd988c3"); Line Deleted : user_pref("extensions.delta.instlDay", "15905"); Line Deleted : user_pref("extensions.delta.instlRef", "sst"); Line Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.21.57:23:50"); Line Deleted : user_pref("extensions.delta.newTab", false); Line Deleted : user_pref("extensions.delta.prdct", "delta"); Line Deleted : user_pref("extensions.delta.prtnrId", "delta"); Line Deleted : user_pref("extensions.delta.rvrt", "false"); Line Deleted : user_pref("extensions.delta.sg", "tzb"); Line Deleted : user_pref("extensions.delta.smplGrp", "none"); Line Deleted : user_pref("extensions.delta.tlbrId", "base"); Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", ""); Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5"); Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.57:23:50"); Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5"); Line Deleted : user_pref("extensions.delta_i.babExt", ""); Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4948"); Line Deleted : user_pref("extensions.delta_i.srcExt", "ss"); -\\ Google Chrome v30.0.1599.69 [ File : C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [5739 octets] - [10/10/2013 10:11:48] AdwCleaner[S0].txt - [5778 octets] - [10/10/2013 10:13:46] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5838 octets] ########## [/log][/spoiler] 4. OTL: [spoiler][log]OTL logfile created on: 2013-10-10 19:41:13 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Michal\Moje dokumenty\Downloads\Narzędzia do naprawy systemu - Nie uruchamiać Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,23 Mb Total Physical Memory | 355,07 Mb Available Physical Memory | 34,70% Memory free 2,40 Gb Paging File | 1,75 Gb Available in Paging File | 72,94% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 24,60 Gb Free Space | 62,98% Space Free | Partition Type: NTFS Drive D: | 109,94 Gb Total Space | 88,49 Gb Free Space | 80,49% Space Free | Partition Type: NTFS Computer Name: MICHAŁ_PC | User Name: Michal | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ========== PRC - [2013-10-08 16:10:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michal\Moje dokumenty\Downloads\Narzędzia do naprawy systemu - Nie uruchamiać\OTL.exe PRC - [2013-10-03 17:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2013-08-30 18:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2013-08-30 18:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2011-05-28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe PRC - [2009-10-10 09:49:36 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe PRC - [2009-01-26 11:23:36 | 001,891,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-05-02 09:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe PRC - [2006-10-06 05:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe PRC - [2005-07-20 00:02:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE========== Modules (No Company Name) ========== MOD - [2013-10-10 08:37:42 | 002,105,344 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13100901\algo.dll MOD - [2013-10-03 17:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll MOD - [2013-10-03 17:03:04 | 013,611,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll MOD - [2013-10-03 17:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll MOD - [2013-10-03 17:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll MOD - [2013-08-06 19:03:03 | 011,896,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\343c44af659625266143951b4a0267f2\System.Web.ni.dll MOD - [2013-08-06 08:59:57 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2013-07-21 21:05:37 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\79533103112291e81204ca24aed19890\System.Configuration.ni.dll MOD - [2013-07-21 11:25:24 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\efecb20c44117df86f2eb5f93592fdd8\System.Windows.Forms.ni.dll MOD - [2013-07-21 11:19:02 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll MOD - [2013-07-21 11:17:02 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a1d221960bf7a0cbfd1f355595f77e83\System.Xml.ni.dll MOD - [2013-07-21 11:11:51 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\82a53e923936d5f62d9af4cdfe50a4f8\System.Drawing.ni.dll MOD - [2013-07-21 11:09:15 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\16562c54978851e92db8fec6f759bba1\System.ni.dll MOD - [2013-07-21 11:09:05 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll MOD - [2012-12-31 13:48:27 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3482.36915__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2012-12-31 13:48:27 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3482.36914__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2012-12-31 13:48:27 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3482.36918__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll MOD - [2012-12-31 13:48:27 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3482.36914__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll MOD - [2012-12-31 13:48:26 | 001,732,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3482.36835__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2012-12-31 13:48:26 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3482.36817__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2012-12-31 13:48:26 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3482.36836__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2012-12-31 13:48:26 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3482.36885__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2012-12-31 13:48:26 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3482.36831__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2012-12-31 13:48:26 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3482.36858__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2012-12-31 13:48:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3482.36825__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2012-12-31 13:48:25 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3482.36903__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2012-12-31 13:48:25 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3482.36825__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:25 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3482.36867__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2012-12-31 13:48:25 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3482.36835__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:25 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3482.36904__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:25 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3482.36835__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll MOD - [2012-12-31 13:48:24 | 000,643,072 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3482.36913__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:24 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3482.36872__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3482.36872__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2012-12-31 13:48:24 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3482.36913__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2012-12-31 13:48:24 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3482.36871__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2012-12-31 13:48:23 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3482.36860__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:23 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3482.36880__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2012-12-31 13:48:23 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3482.36836__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3482.36865__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:23 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3482.36859__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2012-12-31 13:48:23 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3482.36864__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2012-12-31 13:48:22 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3482.36837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:22 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3482.36826__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:22 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3482.36855__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:22 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3482.36858__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2012-12-31 13:48:22 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3482.36840__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2012-12-31 13:48:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3482.36866__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2012-12-31 13:48:21 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3482.36859__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:21 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2012-12-31 13:48:21 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3482.36859__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2012-12-31 13:48:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3462.24009__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2012-12-31 13:48:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3462.24008__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3462.24028__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3462.24053__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3462.24052__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3462.24025__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2012-12-31 13:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3462.24051__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2012-12-31 13:48:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3462.23989__90ba9c70f846762e\LOG.Foundation.dll MOD - [2012-12-31 13:48:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3462.23991__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2012-12-31 13:48:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2012-12-31 13:48:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3462.24023__90ba9c70f846762e\MOM.Foundation.dll MOD - [2012-12-31 13:48:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2012-12-31 13:48:20 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2012-12-31 13:48:19 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3462.24017__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2012-12-31 13:48:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3462.23996__90ba9c70f846762e\CLI.Foundation.dll MOD - [2012-12-31 13:48:19 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3462.24052__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2012-12-31 13:48:19 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3462.24037__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2012-12-31 13:48:19 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3462.24039__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2012-12-31 13:48:19 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2012-12-31 13:48:19 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3462.24047__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2012-12-31 13:48:19 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3462.24074__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2012-12-31 13:48:19 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3462.24011__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2012-12-31 13:48:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3462.24014__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2012-12-31 13:48:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3462.24001__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2012-12-31 13:48:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3462.24036__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3462.24034__90ba9c70f846762e\DEM.Graphics.dll MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3462.24019__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3462.24035__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2012-12-31 13:48:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3462.24020__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2012-12-31 13:48:18 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3482.36926__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2012-12-31 13:48:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3462.24040__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3462.24037__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3462.24037__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3482.36908__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2012-12-31 13:48:18 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3462.24039__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3462.24027__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3462.24036__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3462.24034__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3462.24023__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3462.24038__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3462.24025__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2012-12-31 13:48:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3462.24024__90ba9c70f846762e\APM.Foundation.dll MOD - [2012-12-31 13:48:18 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3462.24009__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2012-12-31 13:48:17 | 000,552,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3482.36893__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2012-12-31 13:48:17 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3482.36830__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2012-12-31 13:48:17 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3482.36898__90ba9c70f846762e\MOM.Implementation.dll MOD - [2012-12-31 13:48:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3482.36897__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2012-12-31 13:48:17 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3482.36816__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2012-12-31 13:48:17 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3462.23999__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2012-12-31 13:48:17 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3462.24005__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2012-12-31 13:48:17 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3462.24021__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2012-12-31 13:48:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3462.24007__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2012-12-31 13:48:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3462.24020__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2012-12-31 13:48:17 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2012-12-31 13:48:17 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2012-12-31 13:48:17 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3482.36815__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2012-12-31 13:48:16 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3482.36815__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2012-12-31 13:48:16 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3462.24020__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2012-12-31 13:48:16 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3462.24023__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2012-12-31 13:48:15 | 001,212,416 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3482.36822__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2012-12-31 13:48:15 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3482.36813__90ba9c70f846762e\APM.Server.dll MOD - [2012-12-31 13:48:15 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3482.36814__90ba9c70f846762e\AEM.Server.dll MOD - [2012-12-31 13:48:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3462.24013__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2012-12-31 13:48:15 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2012-12-31 13:48:15 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3462.24041__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2012-12-31 13:48:15 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3482.36898__90ba9c70f846762e\CCC.Implementation.dll MOD - [2012-03-15 01:01:43 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pl_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2012-03-15 01:01:41 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2012-01-26 05:00:00 | 003,480,064 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax MOD - [2011-05-28 14:46:58 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madexcept_.bpl MOD - [2011-05-28 14:46:58 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madbasic_.bpl MOD - [2011-05-28 14:46:58 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\maddisAsm_.bpl MOD - [2011-04-11 16:26:33 | 000,024,064 | ---- | M] () -- C:\WINDOWS\system32\spe__l.dll MOD - [2010-10-21 13:45:58 | 000,494,080 | ---- | M] () -- C:\WINDOWS\system32\SNXPWIA.dll MOD - [2010-10-21 13:45:50 | 000,120,320 | ---- | M] () -- C:\WINDOWS\system32\SNXPEH.dll MOD - [2009-10-10 09:49:36 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe MOD - [2009-10-06 01:40:42 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\suge1l3.dll MOD - [2009-07-22 10:47:18 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2008-05-02 09:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe MOD - [2008-05-02 09:15:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll MOD - [2008-04-15 22:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006-10-06 05:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (MSDTC) SRV - [2013-10-10 19:18:38 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-08-30 18:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2013-07-25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2011-05-28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Michal\USTAWI~1\Temp\uglyypow.sys -- (uglyypow) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nvhda32.sys -- (NVHDA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcecm.sys -- (huawei_cdcecm) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a9bter2q) DRV - [2013-08-30 18:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013-08-30 18:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013-08-30 18:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013-08-30 18:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013-08-30 18:48:12 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2013-08-30 18:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013-08-30 18:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013-08-30 18:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2013-04-04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012-10-31 09:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2012-08-04 13:00:33 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2012-05-14 17:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AtihdXP3.sys -- (AtiHDAudioService) DRV - [2009-10-07 01:24:16 | 005,922,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2009-10-06 23:49:56 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - [2009-07-15 15:20:10 | 004,407,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag) DRV - [2009-05-01 05:26:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\LV561AV.SYS -- (PID_0928) DRV - [2008-10-31 06:10:48 | 000,117,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp) DRV - [2008-08-06 02:40:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008-04-14 17:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum) DRV - [2007-02-12 22:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\iaStor70.sys -- (iastor70) DRV - [2007-02-12 22:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor70.sys -- (iaStor) DRV - [2006-01-04 22:11:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Monfilt.sys -- (Monfilt)========== Standard Registry (SafeList) ==================== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\.DEFAULT\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-18\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-20\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - No CLSID value found IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{3394CC98-A156-4D45-B7E8-8770BDAD65A5}: "URL" = http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=021313&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\..\SearchScopes\{60C8E06D-4473-43F6-BC2E-09CDDEE8E4B4}: "URL" = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7SKPB_pl IE - HKU\S-1-5-21-448539723-1292428093-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ========== FF - prefs.js..browser.search.order.3: "Bing " FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013-09-28 05:56:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-08-06 00:19:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-09-28 19:00:05 | 000,000,000 | ---D | M] [2013-10-08 12:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Extensions [2013-10-10 09:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\extensions [2013-04-08 08:17:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michal\Dane aplikacji\Mozilla\Firefox\Profiles\7tntthsf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-10-06 07:15:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-08-06 20:53:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-08-06 20:53:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2013-03-30 20:09:46 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2013-03-30 20:09:46 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2013-03-30 20:09:46 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2013-03-30 20:09:46 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2013-03-30 20:09:46 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2013-03-30 20:09:46 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nprpjplug.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 6.0.330.5 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\ O1 HOSTS File: ([2008-04-15 22:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKLM..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe () O4 - HKU\.DEFAULT..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-18..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-20..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\.DEFAULT..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found O4 - HKU\S-1-5-18..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found O4 - HKU\S-1-5-20..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll () O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{788F66A8-E515-43E8-AB51-B6209A3F529E}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B88F9DB-B0AE-4237-BE3A-857DBA137FB5}: NameServer = 62.233.233.233 87.204.204.204 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\System32\Userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013-07-20 08:03:48 | 000,000,040 | ---- | M] () - C:\Autoconfig.ini -- [ NTFS ] O32 - AutoRun File - [2009-10-19 01:10:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2013-10-10 10:08:49 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2013-10-10 10:08:49 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)========== Files/Folders - Created Within 30 Days ========== [2013-10-10 10:11:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013-10-10 10:08:49 | 000,000,000 | RHSD | C] -- C:\Autorun.inf [2013-10-10 09:56:50 | 000,000,000 | ---D | C] -- C:\UsbFix [2013-10-10 09:55:42 | 000,000,000 | ---D | C] -- C:\_OTL [2013-10-08 17:25:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michal\Recent [2013-10-08 16:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\Temp [2013-10-08 13:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\HD Tune [2013-10-08 13:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune [2013-10-08 13:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Dane aplikacji\ATI [2013-09-19 01:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Gimnazjum - Chemia Nowej Ery [2013-09-19 01:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Gimnazjum - Chemia Nowej Ery [2013-09-19 01:47:32 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUn0415.exe [3 C:\Documents and Settings\Michal\*.tmp files -> C:\Documents and Settings\Michal\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files - Modified Within 30 Days ========== [2013-10-10 19:45:04 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013-10-10 19:18:39 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013-10-10 19:18:37 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013-10-10 19:18:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013-10-10 10:15:48 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013-10-10 10:14:45 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013-10-10 10:14:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013-10-09 12:41:29 | 000,010,793 | ---- | M] () -- C:\Documents and Settings\Michal\Dane aplikacji\SmarThruOptions.xml [2013-10-08 15:49:02 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\Michal\Pulpit\Skrót do muza dawid.lnk [2013-10-08 13:34:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013-10-08 03:51:47 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk [2013-10-08 03:43:09 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2013-09-28 06:32:01 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2013-09-19 18:03:31 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013-09-19 01:47:50 | 000,001,322 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gimnazjum - Chemia Nowej Ery.lnk [3 C:\Documents and Settings\Michal\*.tmp files -> C:\Documents and Settings\Michal\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files Created - No Company Name ========== [2013-10-08 15:49:01 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\Michal\Pulpit\Skrót do muza dawid.lnk [2013-09-19 01:47:50 | 000,001,322 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gimnazjum - Chemia Nowej Ery.lnk [2013-08-05 17:49:54 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\pebbsbc.sys [2013-07-20 10:56:45 | 000,010,793 | ---- | C] () -- C:\Documents and Settings\Michal\Dane aplikacji\SmarThruOptions.xml [2013-07-20 10:55:32 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll [2013-07-20 10:52:35 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini [2013-07-20 10:52:03 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll [2013-07-20 08:00:24 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\spe__l.dll [2013-07-20 08:00:22 | 000,158,040 | ---- | C] () -- C:\WINDOWS\System32\spe__ci.exe [2013-07-20 08:00:21 | 001,571,160 | ---- | C] () -- C:\WINDOWS\TotalUninstaller.exe [2013-07-20 06:39:09 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2013-07-20 06:38:04 | 000,120,112 | ---- | C] () -- C:\WINDOWS\Wiainst.exe [2013-07-20 06:37:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll [2013-07-20 06:37:57 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll [2013-07-20 06:37:57 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll [2013-07-20 06:37:57 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll [2013-07-20 06:37:57 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll [2013-07-20 06:35:56 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\suge1l3.dll [2013-06-28 19:23:46 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum [2013-06-28 19:23:46 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum [2013-06-28 19:23:46 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum [2013-03-31 19:59:36 | 000,177,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013-03-31 19:59:36 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2012-12-31 13:50:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2012-12-31 13:47:34 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2012-09-26 19:45:28 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2012-09-02 13:12:22 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Michal\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-03-14 15:42:46 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012-03-14 15:42:46 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2012-03-14 15:42:34 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2012-03-14 15:42:32 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012-02-17 02:29:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012-01-30 21:10:09 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-01-07 21:15:15 | 000,016,171 | ---- | C] () -- C:\Documents and Settings\Michal\Menu Start.rar========== ZeroAccess Check ========== [2009-10-19 01:12:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009-02-03 02:06:35 | 002,254,336 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 21:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-15 22:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both========== LOP Check ========== [2010-12-16 06:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2012-08-04 12:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2013-08-05 15:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService [2012-03-15 00:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit [2013-08-05 15:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PLAY ONLINE [2013-07-20 08:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Samsung [2013-07-20 08:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SSScan [2013-08-05 16:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Weskysoft [2012-08-04 13:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\DAEMON Tools Lite [2012-03-16 11:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2013-08-06 08:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\IObit [2009-12-24 05:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\Leadertech [2013-07-20 08:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Dane aplikacji\Samsung========== Purity Check ========== < End of report > [/log][/spoiler] Extras: [spoiler][log]OTL Extras logfile created on: 2013-10-10 19:41:13 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Michal\Moje dokumenty\Downloads\Narzędzia do naprawy systemu - Nie uruchamiać Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,23 Mb Total Physical Memory | 355,07 Mb Available Physical Memory | 34,70% Memory free 2,40 Gb Paging File | 1,75 Gb Available in Paging File | 72,94% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 24,60 Gb Free Space | 62,98% Space Free | Partition Type: NTFS Drive D: | 109,94 Gb Total Space | 88,49 Gb Free Space | 80,49% Space Free | Partition Type: NTFS Computer Name: MICHAŁ_PC | User Name: Michal | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-448539723-1292428093-842925246-1004\SOFTWARE\Classes\] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\Microsoft Office\Office12\ONENOTE.EXE "%L" [2013-07-21 10:56:39 | 000,000,000 | ---D | M] Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe" = C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe:*:Enabled:Samsung Universal Print Driver 2 -- (Samsung Electronics Co., Ltd.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe" = C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe:*:Enabled:Samsung Universal Print Driver 2 -- (Samsung Electronics Co., Ltd.) "C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe" = C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe:*:Enabled:USDAgent -- (Samsung Electronics Co., Ltd.) "C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe" = C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe:*:Enabled:ICCUpdater -- (Samsung Electronics Co., Ltd.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikację -- (Microsoft Corporation)========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0AACB61D-9A82-6836-2840-28D0CF08781B}" = Catalyst Control Center Graphics Light "{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{221BCE94-499E-21A9-4744-364294430D6A}" = Catalyst Control Center Graphics Full New "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33 "{2A59A62D-09BA-E4CF-C7C2-E30332CE50F1}" = ccc-core-static "{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK "{2C04F12D-9AE2-B73C-17F7-A906A3D0C147}" = Catalyst Control Center HydraVision Full "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A85E968-9E24-0AE4-BC49-1614E86F0A50}" = Catalyst Control Center Graphics Previews Common "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7 "{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com "{76D92E84-A78B-2F37-E165-95BC732750E0}" = ccc-core-preinstall "{78CCDC80-1C7A-B95F-9968-33B1897CC5C3}" = AMD Catalyst Install Manager "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8) "{B4CF385A-2015-5236-C2DB-EF09DA2AEA6C}" = CCC Help English "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C573C350-C666-586C-B309-7C9BD4A44BBF}" = e-Deklaracje Desktop "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D52ED371-E583-2A3F-C17C-2FC42E2D0077}" = Catalyst Control Center Graphics Full Existing "{D5A11B8A-2A7B-2BED-E05F-2318C83A771B}" = ccc-utility "{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F58DBB36-F623-048A-0780-4FFDEA2486CA}" = Catalyst Control Center Core Implementation "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Advanced SystemCare 4_is1" = Advanced SystemCare 4 "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "avast" = avast! Free Antivirus "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DamnNFOViewer" = DAMN NFO Viewer v2.10.0032.RC3 (Remove Only) "e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1" = e-Deklaracje Desktop "ENTERPRISE" = Microsoft Office Enterprise 2007 "Gimnazjum - Chemia Nowej Ery" = Gimnazjum - Chemia Nowej Ery "Google Chrome" = Google Chrome "HD Tune_is1" = HD Tune 2.55 "ie8" = Windows Internet Explorer 8 "jv16 PowerTools 2013" = jv16 PowerTools 2013 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.2.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "QcDrv" = Camera Driver "RealAlt_is1" = Real Alternative 2.0.2 "Revo Uninstaller" = Revo Uninstaller 1.89 "RocketDock_is1" = RocketDock 1.3.5 "Samsung SCX-4200 Series" = Samsung SCX-4200 Series "Samsung Universal Print Driver 2" = Samsung Universal Print Driver 2 "Samsung Universal Scan Driver" = Samsung Universal Scan Driver "The KMPlayer" = The KMPlayer (remove only) "Usbfix" = UsbFix By El Desaparecido "VDrive" = Vista Drive Indicator! "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Winamp" = Winamp "WinRAR archiver" = WinRAR archiver "xp-AntiSpy" = xp-AntiSpy 3.98-2 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013-04-26 23:49:55 | Computer Name = PC | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error - 2013-04-26 23:53:41 | Computer Name = PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd skype.exe, wersja 6.3.0.105, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.6055, adres błędu 0x0001055f. Error - 2013-06-20 15:33:51 | Computer Name = MICHAŁ_PC | Source = MsiInstaller | ID = 11609 Description = Error - 2013-06-20 15:33:53 | Computer Name = MICHAŁ_PC | Source = MsiInstaller | ID = 11609 Description = Error - 2013-08-05 18:11:14 | Computer Name = MICHAŁ_PC | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error - 2013-10-08 06:02:34 | Computer Name = MICHAŁ_PC | Source = ESENT | ID = 494 Description = Catalog Database (1304) Odzyskiwanie bazy danych zakończyło się niepomyślnie z błędem -1216, ponieważ napotkano odwołania do bazy danych 'C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb', której już nie ma. Baza danych nie została doprowadzona do spójnego stanu, zanim została usunięta (możliwe też, że ją przeniesiono lub zmieniono jej nazwę). Aparat bazy danych nie pozwoli na dokończenie odzyskiwania w wypadku tego wystąpienia, dopóki brakująca baza danych nie zostanie przywrócona na miejsce. Jeśli baza danych faktycznie nie jest już dostępna ani wymagana, skontaktuj się z działem pomocy technicznej w celu uzyskania dodatkowych instrukcji dotyczących czynności, które umożliwią przeprowadzenie operacji odzyskiwania bez tej bazy danych. Error - 2013-10-08 06:02:34 | Computer Name = MICHAŁ_PC | Source = ESENT | ID = 454 Description = Catalog Database (1304) Odzyskiwanie/przywracanie bazy danych nie powiodło się z powodu nieoczekiwanego błędu: -1216. Error - 2013-10-10 04:19:06 | Computer Name = MICHAŁ_PC | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: , wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2013-10-10 04:19:06 | Computer Name = MICHAŁ_PC | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: , wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2013-10-10 04:19:06 | Computer Name = MICHAŁ_PC | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: , wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. [ System Events ] Error - 2013-10-09 18:57:56 | Computer Name = MICHAŁ_PC | Source = Service Control Manager | ID = 7034 Description = Usługa Advanced SystemCare Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2013-10-09 18:57:56 | Computer Name = MICHAŁ_PC | Source = Service Control Manager | ID = 7034 Description = Usługa Java Quick Starter niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2013-10-09 18:57:56 | Computer Name = MICHAŁ_PC | Source = Service Control Manager | ID = 7034 Description = Usługa MBAMScheduler niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2013-10-09 19:15:06 | Computer Name = MICHAŁ_PC | Source = Ftdisk | ID = 262189 Description = System nie może pomyślnie załadować sterownika zrzutu awaryjnego. Error - 2013-10-09 19:15:06 | Computer Name = MICHAŁ_PC | Source = Ftdisk | ID = 262193 Description = Konfigurowanie pliku strony dla zrzutu awaryjnego nie powiodło się. Upewnij się, że na partycji rozruchowej znajduje się plik strony i że jest wystarczająco duży, aby zawierać całą pamięć fizyczną. Error - 2013-10-09 19:15:21 | Computer Name = MICHAŁ_PC | Source = W32Time | ID = 39452689 Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera DNS ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji, wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751) Error - 2013-10-09 19:15:21 | Computer Name = MICHAŁ_PC | Source = W32Time | ID = 39452701 Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne. Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego czasu. Error - 2013-10-09 19:15:36 | Computer Name = MICHAŁ_PC | Source = W32Time | ID = 39452689 Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera DNS ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji, wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751) Error - 2013-10-09 19:15:36 | Computer Name = MICHAŁ_PC | Source = W32Time | ID = 39452701 Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne. Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego czasu. Error - 2013-10-10 04:14:41 | Computer Name = MICHAŁ_PC | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2 [ Windows PowerShel Events ] Error - 2013-04-26 23:49:55 | Computer Name = PC | Source = .NET Runtime Optimization Service | ID = 1103 Description = Error - 2013-04-26 23:53:41 | Computer Name = PC | Source = Application Error | ID = 1000 Description = Error - 2013-06-20 15:33:51 | Computer Name = MICHAŁ_PC | Source = MsiInstaller | ID = 11609 Description = Error - 2013-06-20 15:33:53 | Computer Name = MICHAŁ_PC | Source = MsiInstaller | ID = 11609 Description = Error - 2013-08-05 18:11:14 | Computer Name = MICHAŁ_PC | Source = .NET Runtime Optimization Service | ID = 1103 Description = Error - 2013-10-08 06:02:34 | Computer Name = MICHAŁ_PC | Source = ESENT | ID = 494 Description = Error - 2013-10-08 06:02:34 | Computer Name = MICHAŁ_PC | Source = ESENT | ID = 454 Description = Error - 2013-10-10 04:19:06 | Computer Name = MICHAŁ_PC | Source = crypt32 | ID = 131083 Description = Error - 2013-10-10 04:19:06 | Computer Name = MICHAŁ_PC | Source = crypt32 | ID = 131083 Description = Error - 2013-10-10 04:19:06 | Computer Name = MICHAŁ_PC | Source = crypt32 | ID = 131083 Description = < End of report > [/log][/spoiler] GMER: [spoiler][log]GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-10 19:39:29 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.ZM10 149,01GB Running: qq62dpn4.exe; Driver: C:\DOCUME~1\Michal\USTAWI~1\Temp\uglyypow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA7FBF610] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA80735FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA7FC00E6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA8003B36] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA7FCBF18] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA7FCBF64] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA7FCC0FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA80034EA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA7FCBE86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA7FCBFA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA7FCBECE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA7FC05E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA7FCC0B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA7FC0E9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA7FBF676] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA80041FC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA80044B2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA7FC4596] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA8004067] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA8003ED2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA80736C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA7FBF25E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA7FBF6DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA7FC498C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA7FC192C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA7FCBF42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA7FCBF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA7FCC122] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA8003846] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA7FCBEAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA7FC3E78] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA7FCC036] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA7FCBEF6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA7FC426E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA7FCC0DC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA8073822] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA8003D4D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA7FC17F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA8003B9F] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA7FC134E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA8080744] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA8002B30] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA7FBF742] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA7FBF7A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA7FC0D16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA7FBF2F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA7FBF4CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA8004303] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA7FBF45C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA7FC1066] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA7FC11C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA7FBF556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA7FC0B54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA7FC0CF6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA8071C42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA7FBF80E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA7FC0142] INT 0x62 ? 87365BF8 INT 0x73 ? 873D6BF8 INT 0x83 ? 86879BF8 INT 0xA4 ? 86879BF8 INT 0xB4 ? 86879BF8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA808CE00] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwYieldExecution + 11A 804E48C4 4 Bytes JMP B7A80034 .text ntoskrnl.exe!ZwYieldExecution + 3C2 804E4B6C 12 Bytes [42, F7, FB, A7, A8, F7, FB, ...] .text ntoskrnl.exe!ZwYieldExecution + 46A 804E4C14 12 Bytes [66, 10, FC, A7, C8, 11, FC, ...] {ADC AH, BH; CMPSD ; ENTER 0xfc11, 0xa7; PUSH ESI; CMC ; STI ; CMPSD } PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP A808B7B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80576715 4 Bytes CALL A7FC1FD9 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 8058BA0C 3 Bytes JMP A808CE04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx + 4 8058BA10 3 Bytes [27, CC, CC] {DAA ; INT 3 ; INT 3 } PAGE ntoskrnl.exe!ObMakeTemporaryObject 805DF70E 5 Bytes JMP A8089C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? spuq.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF51D7000, 0x230C27, 0xE8000020] .text USBPORT.SYS!DllUnload F518E8AC 5 Bytes JMP 868791D8 .text a9bter2q.SYS F50E9386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text a9bter2q.SYS F50E93AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text a9bter2q.SYS F50E93C4 3 Bytes [00, 80, 02] .text a9bter2q.SYS F50E93C9 1 Byte [30] .text a9bter2q.SYS F50E93C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... .text win32k.sys!EngFreeUserMem + 674 BF809980 1 Byte [E9] .text win32k.sys!EngFreeUserMem + 674 BF809980 5 Bytes JMP A7FC6284 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C8DC 5 Bytes JMP A7FC6162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8139A7 5 Bytes JMP A7FC6116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E654 5 Bytes JMP A7FC4BF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 197D BF820D61 5 Bytes JMP A7FC56EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPaint + 11A6 BF82D57B 5 Bytes JMP A7FC4D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLockSurface + C09 BF82E6F9 5 Bytes JMP A7FC63FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + 2E84 BF83908A 5 Bytes JMP A7FC6614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + B8EC BF841AF2 5 Bytes JMP A7FC600A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + E0A8 BF8442AE 5 Bytes JMP A7FC56CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + F624 BF84582A 5 Bytes JMP A7FC4DF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 290F BF86C704 5 Bytes JMP A7FC57C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 4BED BF86E9E2 5 Bytes JMP A7FC522C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 4C78 BF86EA6D 5 Bytes JMP A7FC5508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 584E BF86F643 5 Bytes JMP A7FC4AD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + AC2C BF874A21 5 Bytes JMP A7FC61B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnicodeToMultiByteN + 67E3 BF87BC40 5 Bytes JMP A7FC633C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 35E9 BF897CE9 5 Bytes JMP A7FC52F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4126 BF898826 5 Bytes JMP A7FC54C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF8B590C 5 Bytes JMP A7FC57E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 2862 BF8B902A 5 Bytes JMP A7FC656C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 35C2 BF8C1C5F 5 Bytes JMP A7FC4F24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + A58C BF8EB1E4 5 Bytes JMP A7FC570A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8EFCA5 5 Bytes JMP A7FC49C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 3BBE BF8F1E74 5 Bytes JMP A7FC5008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 3E3E BF8F20F4 5 Bytes JMP A7FC5150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A3E BF91480E 5 Bytes JMP A7FC4CDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1CEA BF914ABA 5 Bytes JMP A7FC588C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2612 BF9153E2 5 Bytes JMP A7FC4EBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F93 BF917D63 5 Bytes JMP A7FC5628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1943 BF948240 5 Bytes JMP A7FC64BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[368] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[492] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[492] SHELL32.dll!SHFileOperationW 7CA70984 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll .text C:\WINDOWS\VistaDrive\VistaDrive.exe[588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\VistaDrive\VistaDrive.exe[588] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\LVCOMSX.EXE[604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\LVCOMSX.EXE[604] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[612] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Unlocker\UnlockerAssistant.exe[628] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Unlocker\UnlockerAssistant.exe[628] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[644] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[688] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[724] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 54, F1, 00] {SUB [ECX+ESI*8+0x0], DL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 57, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 54, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 55, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C76E .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 56, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 55, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 56, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C7DF .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 54, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91C90D .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 55, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 56, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 57, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 012003FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01211014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01210804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01210A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01210C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01210E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 012101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 012103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01210600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01220804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01220A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01220600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 012201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[852] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 012203FC .text C:\WINDOWS\system32\csrss.exe[856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[856] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[888] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\services.exe[932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[932] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1116] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1260] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1304] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1532] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1584] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1636] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[1696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[1696] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1784] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\Michal\Moje dokumenty\Downloads\Narzędzia do naprawy systemu - Nie uruchamiać\qq62dpn4.exe[1992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Michal\Moje dokumenty\Downloads\Narzędzia do naprawy systemu - Nie uruchamiać\qq62dpn4.exe[1992] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 6C, 06, 01] {SUB [ESI+EAX+0x1], CH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 6F, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 6C, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 6D, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91DC86 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 6E, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 6D, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 6E, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91DCF7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 6C, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91DE25 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 6D, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 6E, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 6F, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 013501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 013503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01361014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01360804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01360A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01360C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01360E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 013601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 013603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01360600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01370804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01370A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01370600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 013701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 013703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F4, 8F, 00] {SUB AH, DH; POP DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, F7, 8F, 00] {SUB BH, DH; POP DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F4, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F5, 8F, 00] {TEST AL, 0xf5; POP DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91660E .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, F6, 8F, 00] {TEST AL, 0xf6; POP DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F5, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, F6, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91667F .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F4, 8F, 00] {TEST AL, 0xf4; POP DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9167AD .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F5, 8F, 00] {SUB CH, DH; POP DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, F6, 8F, 00] {SUB DH, DH; POP DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, F7, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00BE01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00BE03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00BF1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00BF0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00BF0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00BF0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00BF0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00BF01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00BF03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00BF0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00C00804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00C00A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00C00600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00C001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2284] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00C003FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\svchost.exe[3360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[3360] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3736] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A4, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A7, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A4, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A5, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91ADBE .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A6, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A5, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A6, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91AE2F .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A4, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91AF5D .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A5, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A6, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A7, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 010501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 010503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01061014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01060804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01060A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01060C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01060E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 010601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 010603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01060600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01070804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01070A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01070600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 010701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4056] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 010703FC ---- Kernel IAT/EAT - GMER 2.1 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 873D92D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F76C7DDC] spuq.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F76C7E30] spuq.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F769D042] spuq.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F769D13E] spuq.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F769D0C0] spuq.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F769D800] spuq.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F769D6D6] spuq.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 868792D8 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F76ACB90] spuq.sys IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!swprintf] 001CBA86 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IofCallDriver] 001CC186 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!sprintf] 968D5140 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoStartTimer] 000022C0 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ZwCreateKey] C6000000 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoStartPacket] 538B0000 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoFreeMdl] E8500000 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmUnlockPages] 00002280 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeSetTimer] F6317300 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!_allmul] 74070647 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!_except_handler3] 05578A0B IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!_aulldiv] 03087408 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!strstr] 72F93B3F IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!_strupr] 8A09EBDA IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!KeTickCount] 88084B8A IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!memmove] 18C48300 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!KfRaiseIrql] 00001CB1 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!HalTranslateBusAddress] 8986C636 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!READ_PORT_USHORT] 001C9686 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2 IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\a9bter2q.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Alwil Software\Avast5\avastUI.exe[644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C90790] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[852] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 01050010 IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1532] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C90790] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2236] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 011A0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2284] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00A30010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4056] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00EB0010 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 873D51F8 AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBPDO-0 868781F8 Device \Driver\usbuhci \Device\USBPDO-1 868781F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 873D71F8 Device \Driver\dmio \Device\DmControl\DmConfig 873D71F8 Device \Driver\dmio \Device\DmControl\DmPnP 873D71F8 Device \Driver\dmio \Device\DmControl\DmInfo 873D71F8 Device \Driver\usbuhci \Device\USBPDO-2 868781F8 Device \Driver\PCI_PNP6632 \Device\00000046 spuq.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{9B88F9DB-B0AE-4237-BE3A-857DBA137FB5} 860831F8 Device \Driver\usbuhci \Device\USBPDO-3 868781F8 Device \Driver\usbehci \Device\USBPDO-4 8684B1F8 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Ftdisk \Device\HarddiskVolume1 873661F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 873661F8 Device \Driver\Cdrom \Device\CdRom0 868231F8 Device \Driver\iaStor \Device\Ide\iaStor0 873D61F8 Device \Driver\atapi \Device\Ide\IdePort0 [F75EFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F75EFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 873D61F8 Device \Driver\Cdrom \Device\CdRom1 868231F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 860831F8 Device \Driver\NetBT \Device\NetbiosSmb 860831F8 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBFDO-0 868781F8 Device \Driver\usbuhci \Device\USBFDO-1 868781F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8607E1F8 Device \Driver\usbuhci \Device\USBFDO-2 868781F8 Device \Driver\sptd \Device\1253136632 spuq.sys Device \FileSystem\MRxSmb \Device\LanmanRedirector 8607E1F8 Device \Driver\usbuhci \Device\USBFDO-3 868781F8 Device \Driver\usbehci \Device\USBFDO-4 8684B1F8 Device \Driver\Ftdisk \Device\FtControl 873661F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{788F66A8-E515-43E8-AB51-B6209A3F529E} 860831F8 Device \Driver\a9bter2q \Device\Scsi\a9bter2q1Port2Path0Target0Lun0 867C31F8 Device \Driver\a9bter2q \Device\Scsi\a9bter2q1 867C31F8 Device \FileSystem\Cdfs \Cdfs 868A51F8 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x873d61f8]<< 873d61f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87307868] 87307868 Trace 3 CLASSPNP.SYS[f77effd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86dd0030] 86dd0030 Trace \Driver\iaStor[0x873a9298] -> IRP_MJ_CREATE -> 0x873d61f8 873d61f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0xB4 0x05 0x5A ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0xC2 0x69 0xEE ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5C 0x35 0xC8 0xFD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0xB4 0x05 0x5A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0xC2 0x69 0xEE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5C 0x35 0xC8 0xFD ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0xB4 0x05 0x5A ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0xC2 0x69 0xEE ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5C 0x35 0xC8 0xFD ... ---- EOF - GMER 2.1 ---- [/log][/spoiler]
Natsuki Kuga komentarz 12 października 2013 komentarz 12 października 2013 Występują jeszcze jakieś problemy? Jeśli nie, podam kroki końcowe. 1
Mateusz 935 komentarz 13 października 2013 Autor komentarz 13 października 2013 Żadne problemy już nie występują. Niestety nie ma mnie już także teraz nie będę mógł wykonać tych kroków końcowych. Chyba, że mogę wykonać je później będę u znajomego w przyszłym tygodniu. Myślę że żadne zmiany na PC nie zajdą ponieważ komputer jest wykorzystywany do internetu.
Natsuki Kuga komentarz 16 października 2013 komentarz 16 października 2013 Jeśli jakoś dałbyś radę jednak wykonać, to podaję: 1. W OTL kliknij Sprzątanie, inne narzędzia też usuń.2. Odinstaluj Java 6 Update 33 i zainstaluj nową Javę 7 Update 45: http://download.oracle.com/otn-pub/java/jdk/7u45-b18/jre-7u45-windows-x64.exe3. Opróżnij folder przywracania systemu: http://support.microsoft.com/kb/264887/pl (wyłącz i włącz przywracanie systemu) To wszystko. 1
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.