Wirus?

[Pingwineq]

Witam, mam problem kiedy włączam ikonke np. mój komputer to uruchamia się wyszukiwanie pliku! Skanowałem avastem kompa wykrył wirusy usunął je , ale problem dalej się pojawia! Mam jeszcze inny problem za każdym razem kiedy uruchamiam system muszę wpisać komendę w menadżerze zadań "explorer" aby włączył się pasek i inne ikonki jak zrobić żeby automatycznie ze startem się włączały?

 

PS. Format nie wchodzi w grę.

 

LOG OTL:

OTL logfile created on: 2012-09-16 16:36:01 - Run 1

OTL by OldTimer - Version 3.2.61.5 Folder = E:\Downloads\Cinema 4D

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

1,37 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 57,93% Memory free

1,89 Gb Paging File | 1,31 Gb Available in Paging File | 69,50% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 9,77 Gb Total Space | 0,30 Gb Free Space | 3,03% Space Free | Partition Type: NTFS

Drive E: | 46,12 Gb Total Space | 24,75 Gb Free Space | 53,66% Space Free | Partition Type: NTFS

Drive F: | 38,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive H: | 676,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive I: | 647,83 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: PANCIU84 | User Name: Damian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012-09-16 16:29:47 | 000,600,064 | ---- | M] (OldTimer Tools) -- E:\Downloads\Cinema 4D\OTL.exe

PRC - [2012-08-29 12:03:38 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2012-08-29 12:03:36 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

PRC - [2012-08-21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- E:\Avast\AvastUI.exe

PRC - [2012-08-21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- E:\Avast\AvastSvc.exe

PRC - [2012-08-07 08:43:41 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

PRC - [2012-04-20 14:30:44 | 000,114,688 | ---- | M] () -- C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe

PRC - [2012-04-04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

PRC - [2012-03-14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- E:\Advanced SystemCare 5\ASCService.exe

PRC - [2012-03-06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- E:\Advanced SystemCare 5\ASCTray.exe

PRC - [2012-01-19 08:18:50 | 003,337,216 | ---- | M] (Hide My IP) -- C:\Program Files\Hide My IP\HideMyIpSrv.exe

PRC - [2010-11-16 15:37:38 | 000,264,704 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe

PRC - [2007-06-26 12:22:42 | 000,081,997 | ---- | M] () -- C:\Program Files\USB TV\EM28XX\BDARemote.exe

PRC - [2004-08-04 02:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\explorer.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012-09-16 10:05:08 | 001,810,432 | ---- | M] () -- E:\Avast\defs\12091600\algo.dll

MOD - [2012-08-07 08:43:40 | 000,442,392 | ---- | M] () -- C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.75\ppgooglenaclpluginchrome.dll

MOD - [2012-08-07 08:43:39 | 012,235,800 | ---- | M] () -- C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll

MOD - [2012-08-07 08:43:37 | 003,997,720 | ---- | M] () -- C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.75\pdf.dll

MOD - [2012-08-07 08:42:09 | 000,144,424 | ---- | M] () -- C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.75\avutil-51.dll

MOD - [2012-08-07 08:42:08 | 000,266,792 | ---- | M] () -- C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.75\avformat-54.dll

MOD - [2012-08-07 08:42:07 | 002,480,680 | ---- | M] () -- C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.75\avcodec-54.dll

MOD - [2012-04-20 14:30:44 | 000,114,688 | ---- | M] () -- C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe

MOD - [2012-01-08 15:41:12 | 000,093,696 | ---- | M] () -- E:\FileZilla FTP Client\fzshellext.dll

MOD - [2011-11-10 22:43:26 | 000,138,072 | ---- | M] () -- E:\Advanced SystemCare 5\ASCv5ExtMenu.dll

MOD - [2011-07-18 23:04:08 | 000,296,448 | ---- | M] () -- E:\Notepad++\NppShell_04.dll

MOD - [2011-04-21 16:54:40 | 000,347,024 | ---- | M] () -- E:\Advanced SystemCare 5\madexcept_.bpl

MOD - [2011-04-21 16:54:40 | 000,179,088 | ---- | M] () -- E:\Advanced SystemCare 5\madbasic_.bpl

MOD - [2011-04-21 16:54:40 | 000,046,480 | ---- | M] () -- E:\Advanced SystemCare 5\maddisAsm_.bpl

MOD - [2010-11-16 15:37:38 | 000,264,704 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe

MOD - [2009-12-10 11:52:38 | 000,192,512 | ---- | M] () -- C:\Program Files\PLAY ONLINE\DeviceMgrUIPlugin.dll

MOD - [2009-12-10 11:51:36 | 000,114,688 | ---- | M] () -- C:\Program Files\PLAY ONLINE\DeviceMgrPlugin.dll

MOD - [2009-12-10 11:40:20 | 000,991,232 | ---- | M] () -- C:\Program Files\PLAY ONLINE\NDISAPI.dll

MOD - [2009-10-13 09:28:42 | 000,159,744 | ---- | M] () -- C:\Program Files\PLAY ONLINE\SMSPlugin.dll

MOD - [2009-10-13 09:28:42 | 000,061,440 | ---- | M] () -- C:\Program Files\PLAY ONLINE\XCodec.dll

MOD - [2009-10-13 09:28:40 | 000,557,056 | ---- | M] () -- C:\Program Files\PLAY ONLINE\atcomm.dll

MOD - [2009-10-13 09:28:40 | 000,155,648 | ---- | M] () -- C:\Program Files\PLAY ONLINE\DetectDev.dll

MOD - [2009-10-13 09:28:40 | 000,139,264 | ---- | M] () -- C:\Program Files\PLAY ONLINE\LocaleMgrPlugin.dll

MOD - [2009-10-13 09:28:40 | 000,090,112 | ---- | M] () -- C:\Program Files\PLAY ONLINE\FileManager.dll

MOD - [2009-10-13 09:28:40 | 000,090,112 | ---- | M] () -- C:\Program Files\PLAY ONLINE\DialUpPlugin.dll

MOD - [2009-10-13 09:28:40 | 000,061,440 | ---- | M] () -- C:\Program Files\PLAY ONLINE\DeviceOperate.dll

MOD - [2009-10-13 09:28:40 | 000,057,344 | ---- | M] () -- C:\Program Files\PLAY ONLINE\ConfigFilePlugin.dll

MOD - [2009-10-13 09:28:40 | 000,032,768 | ---- | M] () -- C:\Program Files\PLAY ONLINE\NotifyServicePlugin.dll

MOD - [2009-10-13 09:28:40 | 000,014,848 | ---- | M] () -- C:\Program Files\PLAY ONLINE\isaputrace.dll

MOD - [2009-09-19 11:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\PLAY ONLINE\NetInfoPlugin.dll

MOD - [2009-02-27 19:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL

MOD - [2007-06-26 12:22:42 | 000,081,997 | ---- | M] () -- C:\Program Files\USB TV\EM28XX\BDARemote.exe

MOD - [2004-08-04 02:44:04 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2012-08-29 12:03:36 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2012-08-21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- E:\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012-06-28 18:51:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012-06-05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012-04-04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012-03-14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- E:\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)

SRV - [2012-01-19 08:18:50 | 003,337,216 | ---- | M] (Hide My IP) [On_Demand | Running] -- C:\Program Files\Hide My IP\HideMyIpSrv.exe -- (HideMyIpSRV)

SRV - [2010-11-16 15:37:38 | 000,264,704 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | Boot | Stopped] -- system32\giveio.sys -- (giveio)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (EagleXNt)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (EagleNT)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz134)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012-08-21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012-08-21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012-08-21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012-08-21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012-08-21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2012-08-21 11:13:14 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)

DRV - [2012-08-21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012-08-21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012-07-20 18:11:03 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)

DRV - [2012-07-20 18:11:03 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)

DRV - [2012-05-12 10:13:15 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2011-03-18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)

DRV - [2010-10-09 14:48:36 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV - [2010-08-27 13:53:32 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)

DRV - [2010-08-07 17:48:30 | 000,106,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2010-07-27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV - [2009-03-18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2005-12-12 07:40:44 | 001,414,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005-09-12 16:38:30 | 000,468,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)

DRV - [2005-06-17 06:47:48 | 000,352,000 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)

DRV - [2005-06-17 06:47:00 | 000,038,144 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)

DRV - [2004-08-04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.v9.com/?ut...&utm_medium=vlt

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.v9.com/?ut...&utm_medium=vlt

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.v9.com/?ut...&utm_medium=vlt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=128

IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000001e101f8c05

IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.google.pl...q={searchTerms}

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"

FF - prefs.js..browser.search.order.1: "Google "

FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://search.babylo...babsrc=HP_Prot"

FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.1

FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0

FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.8

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31

FF - prefs.js..extensions.enabledItems: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.12.0.8

FF - prefs.js..extensions.enabledItems: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37}:3.8.1.0

FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

 

[2011-11-26 08:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Damian\Dane aplikacji\Mozilla\Extensions

[2012-07-10 10:38:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Damian\Dane aplikacji\Mozilla\Firefox\Profiles\4wqbf6y3.default\extensions

[2011-11-26 08:49:30 | 000,000,000 | ---D | M] (WinZipBar Community Toolbar) -- C:\Documents and Settings\Damian\Dane aplikacji\Mozilla\Firefox\Profiles\4wqbf6y3.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}

[2012-04-22 10:07:00 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Damian\Dane aplikacji\Mozilla\Firefox\Profiles\4wqbf6y3.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

[2012-04-28 09:12:58 | 000,000,000 | ---D | M] (DealBulldog Toolbar) -- C:\Documents and Settings\Damian\Dane aplikacji\Mozilla\Firefox\Profiles\4wqbf6y3.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}

[2012-01-16 14:23:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Damian\Dane aplikacji\Mozilla\Firefox\Profiles\4wqbf6y3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012-01-14 19:56:33 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Damian\Dane aplikacji\Mozilla\Firefox\Profiles\4wqbf6y3.default\extensions\ffxtlbr@babylon.com

[2012-07-10 10:37:30 | 001,184,804 | ---- | M] () (No name found) -- C:\Documents and Settings\Damian\Dane aplikacji\Mozilla\Firefox\Profiles\4wqbf6y3.default\extensions\testpilot@labs.mozilla.com.xpi

[2012-07-10 10:37:25 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Damian\Dane aplikacji\Mozilla\Firefox\Profiles\4wqbf6y3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

[2012-07-10 10:38:30 | 000,743,290 | ---- | M] () (No name found) -- C:\Documents and Settings\Damian\Dane aplikacji\Mozilla\Firefox\Profiles\4wqbf6y3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012-04-18 00:39:24 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Damian\Dane aplikacji\Mozilla\Firefox\Profiles\4wqbf6y3.default\searchplugins\conduit.xml

 

========== Chrome ==========

 

CHR - homepage: http://google.pl/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://google.pl/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\20.0.1132.47\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\20.0.1132.47\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Angry Birds = C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\

CHR - Extension: AdBlock = C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.34_0\

CHR - Extension: AdBlock = C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\

CHR - Extension: uTorrentControl2 = C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\

CHR - Extension: uTorrentControl2 = C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\

 

O1 HOSTS File: ([2001-10-26 19:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - Reg Error: Value error. File not found

O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\DealBulldog Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\DealBulldog Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - Reg Error: Value error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\DealBulldog Toolbar\tbcore3.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

O4 - HKLM..\Run: [avast] E:\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKCU..\Run: [Advanced SystemCare 5] E:\Advanced SystemCare 5\ASCTray.exe (IObit)

O4 - HKCU..\Run: [DAEMON Tools Lite] E:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [HW_OPENEYE_OUC_] C:\Program Files\PLAY ONLINE\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BDARemote.lnk = C:\Program Files\USB TV\EM28XX\BDARemote.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\HMIPCore.dll (Hide My IP)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\HMIPCore.dll (Hide My IP)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\HMIPCore.dll (Hide My IP)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - mswsock.dll File not found

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.108.195.20 89.108.202.20

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4E4B9AA-22EA-438E-9323-012E0260C10B}: DhcpNameServer = 89.108.195.20 89.108.202.20

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found

O24 - Desktop Components:0 (Moja bieżąca strona główna) - about:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011-11-26 11:36:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010-11-16 23:37:37 | 000,142,336 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2008-03-07 10:34:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]

O32 - AutoRun File - [2004-10-26 02:40:24 | 000,000,000 | R--D | M] - H:\AutoRun -- [ CDFS ]

O32 - AutoRun File - [2004-10-26 02:40:24 | 000,684,032 | R--- | M] (Electronic Arts Inc.) - H:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2004-10-15 06:59:34 | 000,577,536 | R--- | M] (Electronic Arts Inc.) - H:\AutoRunGUI.dll -- [ CDFS ]

O32 - AutoRun File - [2004-10-26 02:46:32 | 000,000,105 | R--- | M] () - H:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2004-10-26 01:40:24 | 000,000,107 | R--- | M] () - I:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{3dcaf256-af0f-11e1-adee-001e101fa75c}\Shell - "" = AutoRun

O33 - MountPoints2\{3dcaf256-af0f-11e1-adee-001e101fa75c}\Shell\AutoRun\command - "" = L:\Startme.exe

O33 - MountPoints2\{5ba98bf3-9c02-11e1-ad95-001e101ffb86}\Shell - "" = AutoRun

O33 - MountPoints2\{5ba98bf3-9c02-11e1-ad95-001e101ffb86}\Shell\AutoRun\command - "" = H:\setup.exe -- [2004-10-15 06:59:34 | 000,110,592 | R--- | M] (Electronic Arts Inc.)

O33 - MountPoints2\{63ba8b20-c5ed-11e1-ae67-0016368571fe}\Shell - "" = AutoRun

O33 - MountPoints2\{63ba8b20-c5ed-11e1-ae67-0016368571fe}\Shell\AutoRun\command - "" = F:\Startme.exe

O33 - MountPoints2\{8b097a3a-8ae4-11e1-ad16-0016368571fe}\Shell - "" = AutoRun

O33 - MountPoints2\{8b097a3a-8ae4-11e1-ad16-0016368571fe}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2010-11-16 23:37:37 | 000,142,336 | R--- | M] ()

O33 - MountPoints2\{8b097a3d-8ae4-11e1-ad16-0016368571fe}\Shell - "" = AutoRun

O33 - MountPoints2\{8b097a3d-8ae4-11e1-ad16-0016368571fe}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2010-11-16 23:37:37 | 000,142,336 | R--- | M] ()

O33 - MountPoints2\{b88c2974-8aff-11e1-ad19-0016368571fe}\Shell - "" = AutoRun

O33 - MountPoints2\{b88c2974-8aff-11e1-ad19-0016368571fe}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2010-11-16 23:37:37 | 000,142,336 | R--- | M] ()

O33 - MountPoints2\{cefd0b1c-a294-11e1-adb6-001e101ff5b1}\Shell - "" = AutoRun

O33 - MountPoints2\{cefd0b1c-a294-11e1-adb6-001e101ff5b1}\Shell\AutoRun\command - "" = I:\RunGame.exe -- [2004-10-26 01:40:24 | 000,192,512 | R--- | M] (Electronic Arts Inc.)

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2010-11-16 23:37:37 | 000,142,336 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012-09-16 14:41:16 | 000,018,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys

[2012-09-16 14:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\avast! Internet Security

[2012-09-16 14:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner

[2012-09-16 14:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012-09-16 13:56:43 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012-09-16 13:56:42 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012-09-16 13:56:38 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012-09-16 13:55:19 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012-09-16 13:55:18 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012-09-16 13:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012-09-08 14:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\LogMeIn Hamachi

[2012-09-08 14:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi

[2012-09-04 10:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Macromedia

[2012-09-04 10:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Adobe

[2012-08-24 21:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Damian\temp

[2012-08-20 07:23:42 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Damian\M-10-6897-8685-3464

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012-09-16 15:54:00 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-2025429265-1177238915-1003UA.job

[2012-09-16 15:04:05 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012-09-16 15:03:23 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\ASC5_AutoClean.job

[2012-09-16 15:02:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012-09-16 14:44:50 | 000,004,832 | -HS- | M] () -- C:\Documents and Settings\All Users\Dokumenty\Spis treści programu OneNote.onetoc2

[2012-09-16 14:41:16 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\config.nt

[2012-09-16 14:33:57 | 000,000,478 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Internet Security.lnk

[2012-09-16 14:24:49 | 000,164,648 | ---- | M] () -- C:\Documents and Settings\Damian\Pulpit\cc_20120916_142438.reg

[2012-09-16 14:24:06 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk

[2012-09-16 09:54:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-2025429265-1177238915-1003Core.job

[2012-09-15 23:54:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012-09-15 23:54:43 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012-09-15 23:39:31 | 000,491,390 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2012-09-15 23:39:31 | 000,433,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012-09-15 23:39:31 | 000,084,406 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2012-09-15 23:39:31 | 000,067,894 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012-09-15 21:22:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012-09-15 21:05:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf

[2012-09-15 21:05:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

[2012-09-15 20:52:53 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2012-09-15 20:51:47 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2012-09-15 20:51:47 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2012-09-15 20:47:40 | 000,021,856 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat

[2012-09-15 20:44:23 | 000,000,321 | -HS- | M] () -- C:\boot.ini

[2012-09-14 17:10:21 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\ASC5_AutoUpdate.job

[2012-09-13 15:03:36 | 000,193,158 | ---- | M] () -- C:\Documents and Settings\Damian\Pulpit\as.bmp

[2012-09-11 19:30:19 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\Damian\Pulpit\program_kola_j._ang_klasa_III.lnk

[2012-09-08 14:28:27 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\LogMeIn Hamachi.lnk

[2012-09-02 21:03:37 | 000,678,446 | ---- | M] () -- C:\Documents and Settings\Damian\Pulpit\Plan Lekcji IB.bmp

[2012-09-01 12:32:02 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk

[2012-08-27 18:37:16 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012-08-22 11:59:24 | 000,003,431 | ---- | M] () -- C:\Documents and Settings\Damian\.recently-used.xbel

[2012-08-21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012-08-21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012-08-21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012-08-21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012-08-21 11:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012-08-21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012-08-21 11:13:14 | 000,018,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys

[2012-08-21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012-08-21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012-08-21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012-08-21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012-08-19 14:24:14 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Sony PC Companion 2.1.lnk

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012-09-16 14:44:43 | 000,004,832 | -HS- | C] () -- C:\Documents and Settings\All Users\Dokumenty\Spis treści programu OneNote.onetoc2

[2012-09-16 14:33:57 | 000,000,478 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Internet Security.lnk

[2012-09-16 14:33:40 | 000,001,721 | ---- | C] () -- C:\Documents and Settings\Damian\Pulpit\License.avastlic

[2012-09-16 14:24:45 | 000,164,648 | ---- | C] () -- C:\Documents and Settings\Damian\Pulpit\cc_20120916_142438.reg

[2012-09-16 14:24:06 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk

[2012-09-16 13:56:37 | 000,000,258 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012-09-15 23:52:33 | 000,001,225 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd

[2012-09-15 23:51:41 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2012-09-15 23:51:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2012-09-15 23:50:46 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2012-09-15 23:50:29 | 000,001,734 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT

[2012-09-13 15:03:35 | 000,193,158 | ---- | C] () -- C:\Documents and Settings\Damian\Pulpit\as.bmp

[2012-09-11 19:30:29 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\Damian\Pulpit\program_kola_j._ang_klasa_III.lnk

[2012-09-08 14:28:27 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\LogMeIn Hamachi.lnk

[2012-09-02 21:03:37 | 000,678,446 | ---- | C] () -- C:\Documents and Settings\Damian\Pulpit\Plan Lekcji IB.bmp

[2012-08-22 11:59:24 | 000,003,431 | ---- | C] () -- C:\Documents and Settings\Damian\.recently-used.xbel

[2012-08-20 18:57:14 | 000,000,804 | ---- | C] () -- C:\WINDOWS\Installer\{2c4b137b-0e83-4940-400a-51b9a2f5986e}\L\00000004.@

[2012-08-20 18:57:12 | 000,232,960 | ---- | C] () -- C:\WINDOWS\Installer\{2c4b137b-0e83-4940-400a-51b9a2f5986e}\U\00000008.@

[2012-08-19 14:24:14 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Sony PC Companion 2.1.lnk

[2012-07-27 16:25:43 | 000,000,252 | ---- | C] () -- C:\WINDOWS\madagascar.ini

[2012-07-25 10:14:43 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI

[2012-05-20 09:27:25 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg

[2012-05-20 09:27:24 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll

[2012-05-20 09:27:24 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll

[2012-05-20 09:27:24 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll

[2012-05-20 09:27:24 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll

[2012-05-20 09:27:24 | 000,002,919 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat

[2012-04-22 22:12:22 | 004,424,704 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll

[2012-04-21 09:44:11 | 000,112,421 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2012-04-20 15:17:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012-04-09 01:40:36 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2012-04-09 01:39:46 | 000,260,608 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2012-04-09 01:39:32 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll

[2012-04-09 01:39:32 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2012-04-09 01:39:30 | 001,525,248 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll

[2012-04-09 01:39:30 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll

[2012-04-09 01:39:28 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll

[2012-04-09 01:39:28 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll

[2012-04-09 01:39:26 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll

[2012-03-29 16:21:26 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll

[2012-03-29 16:21:18 | 006,582,226 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-54.dll

[2012-03-29 16:21:18 | 001,152,365 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-54.dll

[2012-03-29 16:21:18 | 000,374,152 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll

[2012-03-29 16:21:18 | 000,207,872 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll

[2012-03-29 16:21:18 | 000,144,523 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-2.dll

[2012-01-26 19:47:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Damian\Dane aplikacji\bibstats

[2011-12-07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll

[2011-11-29 17:11:19 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-11-26 15:58:46 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011-11-26 15:57:09 | 000,271,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011-11-26 12:00:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011-11-26 11:37:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011-11-26 11:32:26 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011-11-26 08:47:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2011-11-26 08:42:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011-09-19 09:07:46 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\bdmjpeg.dll

[2011-09-19 09:07:32 | 000,058,368 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll

[2011-09-08 16:00:52 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll

[2011-09-08 16:00:48 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll

[2011-09-08 16:00:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll

[2011-09-08 16:00:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll

[2011-09-08 16:00:24 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll

[2011-09-08 15:59:54 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll

[2011-09-08 15:59:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll

[2011-05-30 15:42:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011-05-23 09:46:30 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2011-03-03 13:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll

[2011-03-03 13:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll

[2011-03-03 13:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll

[2008-04-15 14:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{2c4b137b-0e83-4940-400a-51b9a2f5986e}\@

[2008-04-15 14:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\{2c4b137b-0e83-4940-400a-51b9a2f5986e}\@

 

========== LOP Check ==========

 

[2012-09-16 13:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software

[2012-01-14 19:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon

[2012-05-20 17:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite

[2012-04-20 14:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService

[2012-01-14 14:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10

[2012-08-13 17:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GG

[2012-05-29 20:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit

[2012-06-15 22:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sony

[2012-05-12 21:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TechSmith

[2012-06-04 20:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2012-09-09 19:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\.minecraft

[2012-08-02 18:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\.mineshaftersquared

[2012-05-20 09:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\BabylonToolbar

[2012-05-13 18:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\BANDISOFT

[2012-07-30 17:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\DAEMON Tools Lite

[2012-08-07 09:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\Downloaded Installations

[2012-08-29 19:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\FileZilla

[2012-04-21 08:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\Gadu-Gadu 10

[2012-08-13 17:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\GG

[2012-05-31 19:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\IObit

[2012-06-10 12:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\MAXON

[2012-07-26 19:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\Need for Speed World

[2012-04-21 11:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\Notepad++

[2012-05-13 11:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\Oracle

[2012-05-04 21:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\PLAY ONLINE

[2012-07-21 10:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\QuickScan

[2012-05-27 21:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\SeriousBit

[2012-05-13 17:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\Solveig Multimedia

[2012-06-04 18:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\TeamViewer

[2012-04-28 09:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\Toolbar4

[2012-08-14 20:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\TS3Client

[2012-08-16 20:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\ts3overlay

[2012-05-01 12:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\Unity

[2012-08-03 19:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Dane aplikacji\uTorrent

[2012-09-16 15:03:23 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\ASC5_AutoClean.job

[2012-09-14 17:10:21 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\ASC5_AutoUpdate.job

[2012-09-16 15:04:05 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:AF4CCAAD

 

< End of report >

 

 

 

OTL Extras

OTL Extras logfile created on: 2012-09-16 16:36:01 - Run 1

OTL by OldTimer - Version 3.2.61.5 Folder = E:\Downloads\Cinema 4D

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

1,37 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 57,93% Memory free

1,89 Gb Paging File | 1,31 Gb Available in Paging File | 69,50% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 9,77 Gb Total Space | 0,30 Gb Free Space | 3,03% Space Free | Partition Type: NTFS

Drive E: | 46,12 Gb Total Space | 24,75 Gb Free Space | 53,66% Space Free | Partition Type: NTFS

Drive F: | 38,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive H: | 676,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive I: | 647,83 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: PANCIU84 | User Name: Damian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- Reg Error: Value error. File not found

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.reg [@ = regfile] -- regedit.exe "%1"

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

chm.file [open] -- Reg Error: Value error.

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [open] -- regedit.exe "%1"

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Folder [open] -- Reg Error: Key error.

Folder [explore] -- Reg Error: Key error.

Drive [find] -- Reg Error: Key error.

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

========== Authorized Applications List ==========

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{036FD544-AED6-3F33-856D-A2292D0CF471}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK

"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = Panel sterowania ATI

"{0FB261F3-6F16-43FD-A404-F377C169B937}" = Madagascar ™

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{216729B6-014A-F413-814F-F17F74FBA113}_is1" = Google Books Downloader version 1.3

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4

"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{41563AE5-9452-415A-A809-A51F212E8722}" = Fresh RAM

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7

"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World

"{7C77393F-8237-3825-A88A-AFAF3C69C072}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PLK

"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12

"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007

"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007

"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007

"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007

"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007

"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007

"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007

"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007

"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007

"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007

"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A997829F-090A-06FC-ADDA-B907E0D2562E}" = AMD Catalyst Install Manager

"{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.1 - Polish

"{ADFD26A0-A5CB-4CC0-9C0F-A250D68904AF}" = Świadectwa

"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D7546BC3-8CE1-429C-AA6A-BC09DF32CF45}_is1" = Pliki serwerowe by BR3ND [1.3.2] V3.2 Free-Build wersja 3.2

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9

"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094

"{F31E509D-3597-324E-83CF-0C160B2320F0}" = Microsoft .NET Framework 3.5 Language Pack - plk

"69083DC58646DE46A09847A522A1CC487F918039" = Pakiet sterowników systemu Windows - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)

"9722CA1E8F72F362E93CBEC75A707FDABFC8D880" = Pakiet sterowników systemu Windows - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Advanced SystemCare 5_is1" = Advanced SystemCare 5

"All ATI Software" = Narzędzie Software Uninstall Utility firmy ATI

"ATI Display Driver" = ATI Display Driver

"avast" = avast! Internet Security

"BabylonToolbar" = Babylon toolbar on IE

"BandiMPEG1" = Bandisoft MPEG-1 Decoder

"CCleaner" = CCleaner

"CiDial 2.3" = CiDial 2.3

"CNXT_AUDIO" = Conexant AC-Link Audio

"DAEMON Tools Lite" = DAEMON Tools Lite

"DealBulldog Toolbar" = DealBulldog Toolbar

"DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3

"EnhanceMyXP_is1" = EnhanceMyXP

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"ffdshow" = ffdshow (remove only)

"FileZilla Client" = FileZilla Client 3.5.3

"Fraps" = Fraps (remove only)

"Game Booster_is1" = Game Booster 3

"GoogleBooks" = Google Books Download

"HMIP50_is1" = Hide My IP 5.3

"InstallShield_{0FB261F3-6F16-43FD-A404-F377C169B937}" = Madagascar

"IrfanView" = IrfanView (remove only)

"LogMeIn Hamachi" = LogMeIn Hamachi

"Mario Forever 5.08 Direct X" = Mario Forever 5.08 Direct X

"Media Player - Codec Pack" = Media Player Codec Pack 4.2.0

"Metin2_is1" = Metin2

"Microsoft .NET Framework 3.5 Language Pack - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 — PLK

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended

"Mozilla Firefox 14.0 (x86 en-US)" = Mozilla Firefox 14.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Nfs underground 2-spolszczenie by quarter27_is1" = 'spolszczenie tekstów do gry NFS Underground 2'

"Notepad++" = Notepad++

"PLAY ONLINE" = PLAY ONLINE

"RealAlt_is1" = Real Alternative 1.9.0

"SpeedFan" = SpeedFan (remove only)

"Tasker_is1" = Tasker version 3.13

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Update Engine" = Sony Ericsson Update Engine

"uTorrent" = µTorrent

"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinRAR archiver" = WinRAR 4.11 (32-bitowy)

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Counter-Strike 1.6: New Era" = Counter-Strike 1.6: New Era

"Google Chrome" = Google Chrome

"UnityWebPlayer" = Unity Web Player

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 2012-09-15 15:13:01 | Computer Name = LAPTOPIK | Source = MsiInstaller | ID = 11904

Description = Product: ATI AVIVO Codecs -- Error 1904.Module D:\Program Files\Common

Files\ATI Technologies\Multimedia\atimcenc.dll failed to register. HRESULT -2147010895.

Contact your support personnel.

 

Error - 2012-09-15 17:30:34 | Computer Name = LAPTOPIK | Source = .NET Runtime Optimization Service | ID = 1103

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

- Tried to start a service that wasn't the latest version of CLR Optimization service.

Will shutdown

 

Error - 2012-09-16 09:03:12 | Computer Name = PANCIU84 | Source = WinMgmt | ID = 28

Description = Moduł WinMgmt nie może zainicjować części podstawowych. Powodem mogą

być: źle zainstalowana wersja modułu WinMgmt, awaria uaktualnienia repozytorium

modułu WinMgmt, za mało miejsca na dysku lub za mało pamięci.

 

[ System Events ]

Error - 2012-09-16 02:11:58 | Computer Name = PANCIU84 | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: giveio

 

Error - 2012-09-16 02:17:48 | Computer Name = PANCIU84 | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: giveio

 

Error - 2012-09-16 02:19:24 | Computer Name = PANCIU84 | Source = Dhcp | ID = 1002

Description = Adres IP połączenia 188.33.31.205 dla karty sieciowej o adresie 001E101F4824

został zabroniony przez serwer DHCP 31.175.204.97 (Serwer DHCP wysłał komunikat

DHCPNACK).

 

Error - 2012-09-16 02:21:38 | Computer Name = PANCIU84 | Source = Service Control Manager | ID = 7023

Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący

błąd: %%1460

 

Error - 2012-09-16 07:45:35 | Computer Name = PANCIU84 | Source = DCOM | ID = 10010

Description = Serwer {000C101C-0000-0000-C000-000000000046} nie zarejestrował się

w modelu DCOM w wymaganym czasie.

 

Error - 2012-09-16 07:56:25 | Computer Name = PANCIU84 | Source = DCOM | ID = 10010

Description = Serwer {000C101C-0000-0000-C000-000000000046} nie zarejestrował się

w modelu DCOM w wymaganym czasie.

 

Error - 2012-09-16 08:29:16 | Computer Name = PANCIU84 | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: giveio

 

Error - 2012-09-16 08:29:22 | Computer Name = PANCIU84 | Source = Dhcp | ID = 1002

Description = Adres IP połączenia 31.175.204.98 dla karty sieciowej o adresie 001E101F2E51

został zabroniony przez serwer DHCP 5.173.226.233 (Serwer DHCP wysłał komunikat

DHCPNACK).

 

Error - 2012-09-16 08:33:08 | Computer Name = PANCIU84 | Source = Service Control Manager | ID = 7023

Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący

błąd: %%1460

 

Error - 2012-09-16 09:13:17 | Computer Name = PANCIU84 | Source = Dhcp | ID = 1002

Description = Adres IP połączenia 5.173.226.236 dla karty sieciowej o adresie 001E101F3976

został zabroniony przez serwer DHCP 31.175.204.97 (Serwer DHCP wysłał komunikat

DHCPNACK).

 

 

< End of report >

 

 

[Pingwineq]

Gmer muszę dać tu bo nie chciało napisać tematu pisało coś tam "TOO LONG"

 

Gmer:

 

 

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-09-16 19:36:31

Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK6034GSX rev.AH101A

Running: gmer.exe; Driver: C:\DOCUME~1\Damian\USTAWI~1\Temp\pfdiapog.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAF1A9708]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAF27C7C8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xAF1AA11C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAF1EB401]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAF1B4F28]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAF1B4F74]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAF1B50F6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAF1EADB5]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAF1B4E96]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAF1B4FB8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAF1B4EDE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xAF1AA310]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAF1B50B0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xAF1AAA9C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAF1A9756]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAF1EBAC7]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAF1EBD7D]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAF1AE0E4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAF1EB932]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAF1EB79D]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAF27C8AC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAF1A93BE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAF1A97A4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAF1AE456]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAF1AB464]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAF1B4F52]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAF1B4F96]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAF1B511A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAF1EB111]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAF1B4EBC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAF1ADC5A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAF1B503A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAF1B4F06]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAF1ADE8C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAF1B50D4]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAF27CA2C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAF1EB618]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAF1AB330]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAF1EB46A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xAF1AAEDA]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAF28830E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAF1EA428]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAF1A97F2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAF1A9840]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xAF1AA91C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAF1A9448]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAF1A95F8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAF1EBBCE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAF1A959E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xAF1AABFE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xAF1AAD5A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAF1A9668]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xAF1AA632]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xAF1AA794]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAF1A988E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xAF1AA160]

 

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAF294966]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text ntoskrnl.exe!_abnormal_termination + 398 804E29F4 12 Bytes [F2, 97, 1A, AF, 40, 98, 1A, ...]

.text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [FE, AB, 1A, AF, 5A, AD, 1A, ...]

PAGE ntoskrnl.exe!ObInsertObject 805641A3 5 Bytes JMP AF293320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80569D33 4 Bytes CALL AF1ABAF1 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

PAGE ntoskrnl.exe!ZwCreateProcessEx 8058041A 7 Bytes JMP AF29496A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059D946 5 Bytes JMP AF291806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

.text win32k.sys!EngFreeUserMem + 674 BF80BB6A 1 Byte [E9]

.text win32k.sys!EngFreeUserMem + 674 BF80BB6A 5 Bytes JMP AF1AFA6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFreeUserMem + E5B BF80C351 5 Bytes JMP AF1AF95E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSurface + 45 BF810293 5 Bytes JMP AF1AF918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D0 BF81C171 5 Bytes JMP AF1AEFCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngSetLastError + 757E BF8238B7 5 Bytes JMP AF1AE6E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateBitmap + 698 BF833898 5 Bytes JMP AF1AFBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateBitmap + 3213 BF836413 5 Bytes JMP AF1AFDE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateBitmap + C7BA BF83F9BA 5 Bytes JMP AF1AF81E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateBitmap + FF93 BF843193 5 Bytes JMP AF1AEFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngMultiByteToWideChar + 44B7 BF84C303 5 Bytes JMP AF1AFD3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGetCurrentCodePage + 3637 BF8853A3 5 Bytes JMP AF1AEC00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGetCurrentCodePage + 415A BF885EC6 5 Bytes JMP AF1AEDC0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGetLastError + 1606 BF8A313A 5 Bytes JMP AF1AF0A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGradientFill + 1899 BF8A5890 5 Bytes JMP AF1AE592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGradientFill + 5972 BF8A9969 5 Bytes JMP AF1AFB20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBltROP + 4033 BF8ADEF1 5 Bytes JMP AF1AEB40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBltROP + 40BE BF8ADF7C 3 Bytes JMP AF1AEE06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBltROP + 40C2 BF8ADF80 1 Byte [EF]

.text win32k.sys!EngStretchBltROP + 45FA BF8AE4B8 5 Bytes JMP AF1AE756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBltROP + A168 BF8B4026 5 Bytes JMP AF1AE5AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngMulDiv + C3C1 BF8C115D 5 Bytes JMP AF1AF08C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngMulDiv + D14B BF8C1EE7 5 Bytes JMP AF1AF9A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngAlphaBlend + 3E8 BF8C35B4 5 Bytes JMP AF1AE866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 2B41 BF8E1AEF 5 Bytes JMP AF1AE93E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 2DC1 BF8E1D6F 5 Bytes JMP AF1AEA6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSemaphore + 3B5F BF8F2C27 3 Bytes JMP AF1AE48C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSemaphore + 3B63 BF8F2C2B 1 Byte [EF]

.text win32k.sys!EngDeleteSemaphore + 4B5F BF8F3C27 3 Bytes JMP AF1AEFE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSemaphore + 4B63 BF8F3C2B 1 Byte [EF]

.text win32k.sys!EngCreateClip + 1994 BF911381 5 Bytes JMP AF1AE682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 2568 BF911F55 5 Bytes JMP AF1AE812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 4EC2 BF9148AF 5 Bytes JMP AF1AEF20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngPlgBlt + 1931 BF942257 5 Bytes JMP AF1AFC96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\WINDOWS\System32\svchost.exe[348] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[348] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\WINDOWS\system32\spoolsv.exe[404] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\WINDOWS\system32\spoolsv.exe[404] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text E:\Downloads\Cinema 4D\OTL.exe[440] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text E:\Downloads\Cinema 4D\OTL.exe[440] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\WINDOWS\System32\smss.exe[652] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\WINDOWS\system32\csrss.exe[712] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\WINDOWS\system32\csrss.exe[712] KERNEL32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\WINDOWS\system32\services.exe[796] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\WINDOWS\system32\lsass.exe[808] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\WINDOWS\system32\explorer.exe[924] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\WINDOWS\system32\explorer.exe[924] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 3A, 00] {SUB [EAX], AL; CMP AL, [EAX]}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 3A, 00] {SUB [EBX], AL; CMP AL, [EAX]}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 3A, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 3A, 00] {TEST AL, 0x1; CMP AL, [EAX]}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B91179C

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 3A, 00] {TEST AL, 0x2; CMP AL, [EAX]}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 3A, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 3A, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B911830

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 3A, 00] {TEST AL, 0x0; CMP AL, [EAX]}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B9119BD

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 3A, 00] {SUB [ECX], AL; CMP AL, [EAX]}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 3A, 00] {SUB [EDX], AL; CMP AL, [EAX]}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 3A, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text E:\Advanced SystemCare 5\ASCService.exe[956] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text E:\Advanced SystemCare 5\ASCService.exe[956] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\WINDOWS\system32\Ati2evxx.exe[988] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\WINDOWS\system32\Ati2evxx.exe[988] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[1028] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[1028] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[1028] USER32.dll!GetSysColor 77D38E88 5 Bytes JMP 0045B9C0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[1028] USER32.dll!GetSysColorBrush 77D38EBB 5 Bytes JMP 0045BA20 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[1028] USER32.dll!SetScrollInfo 77D39066 7 Bytes JMP 0045B8B0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[1028] USER32.dll!GetScrollInfo 77D40E1A 7 Bytes JMP 0045B800 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[1028] USER32.dll!ShowScrollBar 77D4F2D5 5 Bytes JMP 0045B980 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[1028] USER32.dll!GetScrollPos 77D4F6E4 5 Bytes JMP 0045B840 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[1028] USER32.dll!SetScrollPos 77D4F730 5 Bytes JMP 0045B8F0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[1028] USER32.dll!GetScrollRange 77D4F767 5 Bytes JMP 0045B870 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[1028] USER32.dll!SetScrollRange 77D4F97B 5 Bytes JMP 0045B930 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[1028] USER32.dll!EnableScrollBar 77D87BCD 7 Bytes JMP 0045B7C0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[1248] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1372] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1372] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1392] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1392] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[1400] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[1400] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\WINDOWS\system32\Ati2evxx.exe[1468] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\WINDOWS\system32\Ati2evxx.exe[1468] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text E:\Avast\AvastSvc.exe[1812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text E:\Avast\AvastSvc.exe[1812] kernel32.dll!SetUnhandledExceptionFilter 7C8447B5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

.text E:\Avast\AvastSvc.exe[1812] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1900] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1900] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\DOCUME~1\Damian\USTAWI~1\Temp\Rar$EXa0.717\gmer.exe[1912] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\DOCUME~1\Damian\USTAWI~1\Temp\Rar$EXa0.717\gmer.exe[1912] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1948] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1948] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 31, 00] {SUB [EAX], AL; XOR [EAX], EAX}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 31, 00] {SUB [EBX], AL; XOR [EAX], EAX}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 31, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 31, 00] {TEST AL, 0x1; XOR [EAX], EAX}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B910E9C

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 31, 00] {TEST AL, 0x2; XOR [EAX], EAX}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 31, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 31, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B910F30

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 31, 00] {TEST AL, 0x0; XOR [EAX], EAX}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B9110BD

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 31, 00] {SUB [ECX], AL; XOR [EAX], EAX}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 31, 00] {SUB [EDX], AL; XOR [EAX], EAX}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 31, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 23, 00] {SUB [EAX], AL; AND EAX, [EAX]}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 23, 00] {SUB [EBX], AL; AND EAX, [EAX]}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 23, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 23, 00] {TEST AL, 0x1; AND EAX, [EAX]}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B91009C

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 23, 00] {TEST AL, 0x2; AND EAX, [EAX]}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 23, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 23, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B910130

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 23, 00] {TEST AL, 0x0; AND EAX, [EAX]}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B9102BD

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 23, 00] {SUB [ECX], AL; AND EAX, [EAX]}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 23, 00] {SUB [EDX], AL; AND EAX, [EAX]}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 23, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2440] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2440] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2584] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2584] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 3F, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 3F, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 3F, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 3F, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B911C9C

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 3F, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 3F, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 3F, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B911D30

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 3F, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B911EBD

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 3F, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 3F, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 3F, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text E:\Avast\avastUI.exe[2884] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text E:\Avast\avastUI.exe[2884] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[2920] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[2920] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\Program Files\Hide My IP\HideMyIpSrv.exe[3024] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\Program Files\Hide My IP\HideMyIpSrv.exe[3024] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text E:\Advanced SystemCare 5\ASCTray.exe[3380] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text E:\Advanced SystemCare 5\ASCTray.exe[3380] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 19, 00] {SUB [EAX], AL; SBB [EAX], EAX}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 19, 00] {SUB [EBX], AL; SBB [EAX], EAX}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 19, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 19, 00] {TEST AL, 0x1; SBB [EAX], EAX}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F69C

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 19, 00] {TEST AL, 0x2; SBB [EAX], EAX}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 19, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 19, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F730

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 19, 00] {TEST AL, 0x0; SBB [EAX], EAX}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F8BD

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 19, 00] {SUB [ECX], AL; SBB [EAX], EAX}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 19, 00] {SUB [EDX], AL; SBB [EAX], EAX}

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 19, 00]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

.text C:\Program Files\USB TV\EM28XX\BDARemote.exe[3744] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]

.text C:\Program Files\USB TV\EM28XX\BDARemote.exe[3744] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]

 

---- User IAT/EAT - GMER 1.0.15 ----

 

IAT C:\WINDOWS\system32\services.exe[796] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002

IAT C:\WINDOWS\system32\services.exe[796] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000

IAT C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[928] @ C:\WINDOWS\system32\MPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 003D0010

IAT E:\Avast\AvastSvc.exe[1812] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] E:\Avast\aswCmnBS.dll (Common functions/AVAST Software)

IAT C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2144] @ C:\WINDOWS\system32\MPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00380010

IAT C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2400] @ C:\WINDOWS\system32\MPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00390010

IAT C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2692] @ C:\WINDOWS\system32\MPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 006A0010

IAT E:\Avast\avastUI.exe[2884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] E:\Avast\aswCmnBS.dll (Common functions/AVAST Software)

IAT C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3588] @ C:\WINDOWS\system32\MPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

 

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

 

---- Threads - GMER 1.0.15 ----

 

Thread System [4:1324] AB97F1F0

 

---- EOF - GMER 1.0.15 ----

 

[Landuss]

Logi wstawia się opcją załączniki na forum tak na przyszłość. Raporty wskazują na infekcję ZeroAccess.

 

1. Uruchom SystemLook, w oknie wklej:

 

:reg
HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
 
:filefind
services.exe

 

Klik w Look. Przedstaw wynikowy raport.

 

2. Wykonaj raport z Farbar Service Scanner i załącz do posta.

Edytowane 17 Października 2012 przez picasso
17.10.2012 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso