GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-31 23:47:25 Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 WDC_WD3200KS-00PFB0 rev.21.00M21 298,09GB Running: z65v1jcp.exe; Driver: C:\DOCUME~1\wojtas\USTAWI~1\Temp\uftdqpow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xB395AACC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xB467631C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xB395B5AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xB39A1620] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xB39676A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xB39676EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xB3967886] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xB39A0FD4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xB396760E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xB3967730] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xB3967656] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xB395BAE0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xB3967840] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xB395C398] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xB395AB32] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xB39A1CE6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xB39A1F9C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xB395FBEA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xB39A1B51] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xB39A19BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0xB46763F4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xB395A71E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xB46767D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xB395AB98] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xB395FFE0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xB395CEDC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xB39676CA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xB396770E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xB39678AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xB39A1330] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xB3967634] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xB395F4E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xB39677BE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xB396767E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xB395F8CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xB3967864] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xB4676574] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xB39A1837] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xB395CCF4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xB39A1689] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xB395C84A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xB4683D2C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xB4684698] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xB39A0617] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xB395ABFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xB395AC64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xB395C212] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xB395A7B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xB395A98A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xB39A1DED] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xB395A918] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xB395C562] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xB395C6C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xB395AA12] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xB395C050] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xB395C1F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0xB46737BE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xB395ACCA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xB395B606] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C44 80503844 4 Bytes [EA, FB, 95, B3] .text ntkrnlpa.exe!ZwCallbackReturn + 2E80 80503A80 12 Bytes [FE, AB, 95, B3, 64, AC, 95, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80503B28 12 Bytes [62, C5, 95, B3, C4, C6, 95, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A4ECC 4 Bytes CALL B395D5AD \SystemRoot\system32\drivers\aswSnx.sys .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F1B3C0, 0x843B7A, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text D:\programy\AVAST Software\Avast\AvastUI.exe[464] kernel32.dll!SetUnhandledExceptionFilter 7C810386 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text D:\programy\AVAST Software\Avast\AvastSvc.exe[1576] kernel32.dll!SetUnhandledExceptionFilter 7C810386 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text D:\programy\Mozilla Firefox\plugin-container.exe[2976] USER32.dll!GetWindowInfo 77D3F122 5 Bytes JMP 1057B6A3 D:\programy\Mozilla Firefox\xul.dll .text D:\programy\Mozilla Firefox\plugin-container.exe[2976] USER32.dll!GetMenuContextHelpId + 1A 77D84F11 7 Bytes JMP 10574EB7 D:\programy\Mozilla Firefox\xul.dll .text D:\programy\Mozilla Firefox\firefox.exe[3060] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 01A1C820 D:\programy\Mozilla Firefox\xul.dll .text D:\programy\Mozilla Firefox\firefox.exe[3060] ntdll.dll!NtFlushBuffersFile 7C90D9CA 5 Bytes JMP 019EF374 D:\programy\Mozilla Firefox\xul.dll .text D:\programy\Mozilla Firefox\firefox.exe[3060] ntdll.dll!NtQueryFullAttributesFile 7C90DFB2 5 Bytes JMP 019EF090 D:\programy\Mozilla Firefox\xul.dll .text D:\programy\Mozilla Firefox\firefox.exe[3060] ntdll.dll!NtReadFile 7C90E27C 5 Bytes JMP 019EF270 D:\programy\Mozilla Firefox\xul.dll .text D:\programy\Mozilla Firefox\firefox.exe[3060] ntdll.dll!NtReadFileScatter 7C90E291 5 Bytes JMP 0234923A D:\programy\Mozilla Firefox\xul.dll .text D:\programy\Mozilla Firefox\firefox.exe[3060] ntdll.dll!NtWriteFile 7C90E9F3 5 Bytes JMP 01A1D710 D:\programy\Mozilla Firefox\xul.dll .text D:\programy\Mozilla Firefox\firefox.exe[3060] ntdll.dll!NtWriteFileGather 7C90EA08 5 Bytes JMP 023491E9 D:\programy\Mozilla Firefox\xul.dll .text D:\programy\Mozilla Firefox\firefox.exe[3060] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00301F43 D:\programy\Mozilla Firefox\mozglue.dll .text D:\programy\Mozilla Firefox\firefox.exe[3060] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 002F03FC .text D:\programy\Mozilla Firefox\firefox.exe[3060] KERNEL32.dll!lstrlenW + 43 7C809A7C 7 Bytes JMP 022AFE0D D:\programy\Mozilla Firefox\xul.dll .text D:\programy\Mozilla Firefox\firefox.exe[3060] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B788 7 Bytes JMP 022AFDEA D:\programy\Mozilla Firefox\xul.dll .text D:\programy\Mozilla Firefox\firefox.exe[3060] KERNEL32.dll!lstrcpyn + 70 7C810381 7 Bytes JMP 01A1934D D:\programy\Mozilla Firefox\xul.dll .text D:\programy\Mozilla Firefox\firefox.exe[3060] user32.dll!GetWindowInfo 77D3F122 5 Bytes JMP 021B62F6 D:\programy\Mozilla Firefox\xul.dll .text D:\programy\Mozilla Firefox\firefox.exe[3060] GDI32.dll!SetWindowOrgEx + 15E 77F1960B 7 Bytes JMP 022AFD6B D:\programy\Mozilla Firefox\xul.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[872] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002 IAT C:\WINDOWS\system32\services.exe[872] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- Files - GMER 2.1 ---- File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\B29231A75957B5B142A59841290A7A4051764A64 0 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\1B98EC5BCC450315A6E9BA65A4470582EE8A1527 13594 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\96D5EE9C503CF13FAFCB81572ADB628C67F8C6B7 0 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\D1B96B005F1B10C942E179284EE17907D7EA7637 14149 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\406DD2A48526EA9AA75D93C84648609780F09855 21881 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\C119E663CB75CCFCCB4C9849E36CE7C6432C5127 12060 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\2454EF120C9BCED11C6E1DC7A5675FECCA3CC070 13937 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\70481C96C04175113F7D83119F24BAFBE954B02B 9443 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\5EF508A5F9B70E42456F2ADAC815FF2D9C03C85E 5554 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\3EFC8E0F2A78435169CD6B79A817926CD45D99CD 246150 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\CC304D454925DF4B6BC94CE68B580E1095EEB10E 246155 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\B77D5C30D8E228A92925052612A74FBDCF6459A1 1566 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\B7895BDB7C398E97FEED0289C023C51A10925866 11982 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\94649BDE88E338579A45B2DC3BA9B5B328F56FC8 6730 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\6EDE119706FC9F8BF26C7AE10E040CBD311E767F 1162 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\D4246EBB847048C3ABA380A059B82C36AC8054B1 7946 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\A41226FD2AD1F254BBCA70394E33A38037BDA2CC 20407 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\4C8B6422BC1F9EF6F590C9920428702E9C4E7634 21151 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\A236CD7841F1E66D4E41144209B79ECCD6D1EF9B 7667 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\BE398C2271802249813F09BEBA696017B552FAAC 23430 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\1D10AADD7E16A50DDFD66AEA0163FA86B8C203E6 3268 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\1E7AB2DF493D02BE90684DFECEC35BFFEC785168 9771 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\87BCBBC8517506B93D20D6E2C50DAA39EF50CC72 3477 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\BB0C2126A2B55A42947F3ED4F5E335E57E9D625C 9881 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\9FEFF87243B8F12437A71F93ECB1E14E8E1F7EFC 16076 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\609D50CB8D5A2FEC709DD13A93E99BAFF1DFCB52 6853 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\3DE4FF557D28859134071FB2D9A77A0D14D31AB3 3812 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\E726687D1D724DF0B29F3F315D655AA5BA670C1D 7275 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\E3A3660BBC6D64CD6A7F90803F6DC9E00AD1F7BA 9961 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\905A138D9C637283349B275BA58127672325B8AA 16847 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\72E905D2E9D32DD6B6972DEF59C859D7ECB84ABE 2886 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\D9BD96A8BE2476A087CCD05D4286E2FA5332BE58 411 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\D9D1F734E836274C2D72FC21BBBA642C78AB6D8F 9556 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\B5C6F8D8CEB442253EFE07B44E9EA982EACDA1A4 19968 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\9159CBADC9D44B13BB50CD8AD09621301601DA27 595 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\A7A840F38A15F74C4D8D57DE68EB370D21F0B3D8 19024 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\E4A86D9891CBF1200BCC44BC334E243F4F4BEFE8 5636 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\3846209526156B1477B90DC751545279238A9BDD 46913 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\F5B612E1368983B9FC385AE7DE81E28D7BECA6B8 774539 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\67536F8693A0121085E12F0371D1596108F93790 2305 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\5F9421B58D4A1C79F069230A98755FE5D9362A31 5959 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\AD6467C5ABF3EBA0398AD4BA7BCDF8C642347134 10248 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\AD7C25F6CD082F94A366866533C2BBC0BCC7877C 900 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\437C23387DA6E41CB689B5F60DC9897398CB2F1D 26681 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\43F7729193E558FE00BC18BFE9F37EEF1773D9A0 2847 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\88ADAA9478A0E5D808FC3647299D6ACF7ED25269 21906 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\6A1C7DF2FD4C4DE96CABB8196DB36F74AA13ED89 28737 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\DD4D31D04E669EBBA60FBA007228459B63C33B6A 19968 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\78D463E12546EA622D00E93B021961DE24B89CC2 2604 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\2DCAB331C0CF2B3E7A0B25F8C9DC4AD9D92C32B6 14221 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\2DF2F8D306FB0738F878D21EED1D4140FB6C499F 13544 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\0685AB3B6F1AAD17958AE8F82B287EFC4B12FEF8 2931 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\F215B6882D1D850932E8613B69CF98F8A52B15EC 15434 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\3CC483B4C248E19849B664FC90A788F0B1C865EA 164 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\26B5AAFE6C3646880DD4D2667705E6E82160CE02 19451 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\61FAB9ACF46AF63A0D5434373ABBF3A7EBA341AE 7967 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\620B1BBFDF539A675C467AC2534C28A625392C43 28561 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\39EA4B72B97155CE98093BEBCC1E34FC780B603F 23928 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\08088BBFBBF7C814D9D408A4B6BB6B44C2782DF8 8644 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\18EEFEE7D4486087932B56B5FEB18B3BD6A626A0 9679 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\DE1646FA0585DD7BEE0CC41E56CD78AEA14520A9 566 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\D01EDAE9710649BEFB64153119CAB811CF68FD18 195320 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\D052A56A18618A85C039CCE9D595FCC3B688D0CC 3652 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\C8828D1B68D3C685A525BB1C8C32B8CA62595CA0 2737 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\38B6277350E8CA0BE0A574EA4689606F41E30226 54135 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\8EC7C6B641A3B5424272030A187274564732920C 3006 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\8EDAE8BDB56328C9BFB81C3D70E37480E0344EB9 1966 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\22F801DC5A756C0F20476A6F7278C20FB50C05F1 779 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\A6CC5114E23DE45B6D768309C399DEE378B1142D 23771 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\6FDDBE2DA8CB898A493F6CA3AD0F48A400B093A4 7930 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\1D76FB6D30E3A4F3A3C08C3D3C3C92272DC6A14B 153345 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\50B6EED8AD2944C642B379A012EB5013EBD3E5A9 3571 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\E2B3898C806BDFE8CF8E3517B32B8949291AB4C7 19402 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\FDD1CD508D9F4199A150C0986770DA2DD80E9D9A 899 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\66B17CDCF821B9CD8C62445D3174D6629B053256 44082 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\97C353B6AC240A86822CF233C19C53EB624C94EB 9769 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\55716C7B4C2A668EFFE5ACE5CB769F36B7E9BEE8 774545 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\E507111A2131768344D89B765A2433DD96005D7E 10599 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\A35681868678A0FACE2FEAAD148A99EA78BA1BC7 26377 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\A1FD7ACFB43A2E3D27A221F77CCD609D5895A96D 5470 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\49EECAE30961CA1C9B96805E8BA78CC6963637FB 9370 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\6723A14DFE013E7BB614E33891D11EDF5299E48B 12733 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\9EAF406ED22734DB8EA3681FEB49AE0A370FE301 17694 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\25A0B7E5EA090BBBFFF97B0034AA84003CA378BB 151149 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\A04F47E6D9AE1692DA22826C41EC5AA8018DC904 9427 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\D20D22C095E298C6FC425CA546DC2E8282CC6418 3491 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\8B0707A71E1EADC91BB308F7238516A40A8F5B22 20397 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\300F9E3285000E14C6D97E835A96CB13E1D6D30E 25026 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\302A0E3CB3B20FFD3FE1EDF7FDFB00F0FE23D51B 18397 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\D7813058CA457E3C15D536A6306C595EDE544FF0 12238 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\A9B7536AF64DB3509C19E49AB558A42E5FA46A3C 545 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\76B1F12DB23A9971CA245769426FCD7C19D78262 22207 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\401394253BF47EB334995993A6A0A0F7618110A5 16984 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\CAE6AA98CC055A60D767782F0221E0E72782D993 22010 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\D3BA2EB0E55DE4107B332AC6D4E58202B64533CA 25137 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\11219C6E0F808C6671CACC26736F0EA8F876B298 900 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\D90367FFC3B0AAD857FC29537CA98D860F0F06A5 27152 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\9B9175F822DFB8CD7403BBB3DB6122C98F4227C1 14661 bytes File C:\Documents and Settings\wojtas\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qp8a4xog.default\cache2\entries\3E6CF4F4BDE2CD5140A1DBE0E024FD0DA9B2FF03 1047 bytes File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-2000478354-1532298954-839522115-1003 0 bytes File C:\avast! sandbox\S-1-5-21-2000478354-1532298954-839522115-1003\webStorage 0 bytes File C:\avast! sandbox\S-1-5-21-2000478354-1532298954-839522115-1003\webStorage\C 0 bytes File C:\avast! sandbox\S-1-5-21-2000478354-1532298954-839522115-1003\webStorage\snx_fs.dat 978 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG 1024 bytes File D:\avast! sandbox 0 bytes File D:\avast! sandbox\S-1-5-21-2000478354-1532298954-839522115-1003 0 bytes File D:\avast! sandbox\S-1-5-21-2000478354-1532298954-839522115-1003\webStorage 0 bytes File D:\avast! sandbox\S-1-5-21-2000478354-1532298954-839522115-1003\webStorage\D 0 bytes ---- EOF - GMER 2.1 ----