Duże obciążenie procesora

[Lijke]

Witam,
tak jak w temacie obciazenie procka przy sam systemie wynosi 90%.
Logi
otl

Kod: Zaznacz wszystko

[code]OTL logfile created on: 2014-03-30 12:18:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Win\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,87 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 48,52% Memory free
3,74 Gb Paging File | 2,36 Gb Available in Paging File | 63,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,74 Gb Total Space | 88,09 Gb Free Space | 75,46% Space Free | Partition Type: NTFS
Drive D: | 116,05 Gb Total Space | 99,11 Gb Free Space | 85,41% Space Free | Partition Type: NTFS
Drive F: | 28,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: WIN-KOMPUTER | User Name: Win | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014-03-30 12:16:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Win\Downloads\OTL_[www.programosy.pl].exe
PRC - [2014-03-15 02:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-10-23 16:01:10 | 000,300,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2013-10-23 16:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013-10-23 16:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013-10-23 15:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012-11-23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012-09-22 04:32:40 | 000,655,744 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
PRC - [2012-08-06 09:08:48 | 000,515,072 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exe
PRC - [2011-05-11 17:31:24 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011-03-14 17:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2011-02-11 14:45:54 | 001,295,736 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2011-02-11 14:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2010-12-14 17:53:34 | 000,031,648 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2010-12-03 15:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010-08-27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2010-08-15 20:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010-07-28 19:23:14 | 001,493,608 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2010-02-05 18:41:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2010-02-05 18:40:44 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2010-01-28 17:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009-07-28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009-03-10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014-03-15 02:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014-03-15 02:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014-03-15 02:50:35 | 000,716,616 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
MOD - [2014-03-15 02:50:34 | 000,100,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\libegl.dll
MOD - [2014-03-15 02:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014-03-15 02:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2014-02-13 17:38:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll
MOD - [2014-02-13 17:33:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014-02-13 17:32:31 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014-02-13 17:31:14 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014-02-13 17:30:56 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f96e07044730442ee1f3dd90db984e6a\System.Configuration.ni.dll
MOD - [2014-02-13 17:30:49 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014-02-13 17:30:06 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2012-09-22 04:32:36 | 000,694,272 | ---- | M] () -- C:\Program Files\Mobile Partner\LiveUpdateInterface.dll
MOD - [2012-08-06 09:08:48 | 000,515,072 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exe
MOD - [2012-08-06 09:08:42 | 000,119,296 | ---- | M] () -- C:\Program Files\Mobile Partner\ConnectMgrUIPlugin.dll
MOD - [2012-08-06 09:07:18 | 000,493,568 | ---- | M] () -- C:\Program Files\Mobile Partner\NetInfoUIExPlugin.dll
MOD - [2012-08-06 09:07:08 | 000,302,592 | ---- | M] () -- C:\Program Files\Mobile Partner\DiagnosisPlugin.dll
MOD - [2012-08-06 09:06:58 | 000,330,752 | ---- | M] () -- C:\Program Files\Mobile Partner\MenuMgrPlugin.dll
MOD - [2012-08-06 09:06:58 | 000,219,648 | ---- | M] () -- C:\Program Files\Mobile Partner\ToolBarMgrPlugin.dll
MOD - [2012-08-06 09:06:50 | 000,359,936 | ---- | M] () -- C:\Program Files\Mobile Partner\NetConnectPlugin.dll
MOD - [2012-08-06 09:06:44 | 000,270,848 | ---- | M] () -- C:\Program Files\Mobile Partner\XFramePlugin.dll
MOD - [2012-08-06 09:06:42 | 000,117,248 | ---- | M] () -- C:\Program Files\Mobile Partner\LayoutPlugin.dll
MOD - [2012-08-06 09:06:34 | 000,581,120 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceMgrUIPlugin.dll
MOD - [2012-08-06 09:06:34 | 000,323,584 | ---- | M] () -- C:\Program Files\Mobile Partner\StatusBarMgrPlugin.dll
MOD - [2012-08-06 09:06:20 | 000,818,688 | ---- | M] () -- C:\Program Files\Mobile Partner\AddrBookUIPlugin.dll
MOD - [2012-08-06 09:06:06 | 000,097,792 | ---- | M] () -- C:\Program Files\Mobile Partner\NotifyServicePlugin.dll
MOD - [2012-08-06 09:06:04 | 000,854,528 | ---- | M] () -- C:\Program Files\Mobile Partner\SMSUIPlugin.dll
MOD - [2012-08-06 09:05:54 | 000,592,896 | ---- | M] () -- C:\Program Files\Mobile Partner\DialupUIPlugin.dll
MOD - [2012-08-06 09:05:46 | 000,518,144 | ---- | M] () -- C:\Program Files\Mobile Partner\core.dll
MOD - [2012-08-06 09:05:40 | 000,569,344 | ---- | M] () -- C:\Program Files\Mobile Partner\CallLogSrvPlugin.dll
MOD - [2012-08-06 09:05:40 | 000,177,152 | ---- | M] () -- C:\Program Files\Mobile Partner\CallSrvPlugin.dll
MOD - [2012-08-06 09:05:38 | 000,729,088 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceSrvPlugin.dll
MOD - [2012-08-06 09:05:32 | 000,704,000 | ---- | M] () -- C:\Program Files\Mobile Partner\SmsAppPlugin.dll
MOD - [2012-08-06 09:05:30 | 000,286,720 | ---- | M] () -- C:\Program Files\Mobile Partner\sdk.dll
MOD - [2012-08-06 09:05:30 | 000,219,648 | ---- | M] () -- C:\Program Files\Mobile Partner\SmsSrvPlugin.dll
MOD - [2012-08-06 09:05:28 | 000,157,184 | ---- | M] () -- C:\Program Files\Mobile Partner\STKSrvPlugin.dll
MOD - [2012-08-06 09:05:28 | 000,142,336 | ---- | M] () -- C:\Program Files\Mobile Partner\USSDSrvPlugin.dll
MOD - [2012-08-06 09:05:26 | 001,124,352 | ---- | M] () -- C:\Program Files\Mobile Partner\AddrBookPlugin.dll
MOD - [2012-08-06 09:05:22 | 000,672,768 | ---- | M] () -- C:\Program Files\Mobile Partner\AddrBookSrvPlugin.dll
MOD - [2012-08-06 09:05:22 | 000,241,152 | ---- | M] () -- C:\Program Files\Mobile Partner\NetSrvPlugin.dll
MOD - [2012-08-06 09:05:20 | 000,646,144 | ---- | M] () -- C:\Program Files\Mobile Partner\AtCodec.dll
MOD - [2012-08-06 09:05:20 | 000,583,168 | ---- | M] () -- C:\Program Files\Mobile Partner\PluginContainer.dll
MOD - [2012-08-06 09:05:20 | 000,195,584 | ---- | M] () -- C:\Program Files\Mobile Partner\XCodec.dll
MOD - [2012-08-06 09:05:20 | 000,062,976 | ---- | M] () -- C:\Program Files\Mobile Partner\OSCall.dll
MOD - [2012-08-06 09:05:18 | 000,730,624 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceAppPlugin.dll
MOD - [2012-08-06 09:05:18 | 000,702,464 | ---- | M] () -- C:\Program Files\Mobile Partner\NetInfoSrvPlugin.dll
MOD - [2012-08-06 09:05:18 | 000,187,392 | ---- | M] () -- C:\Program Files\Mobile Partner\CallAppPlugin.dll
MOD - [2012-08-06 09:05:16 | 000,168,960 | ---- | M] () -- C:\Program Files\Mobile Partner\ATR2SMgr.dll
MOD - [2012-08-06 09:05:08 | 000,236,032 | ---- | M] () -- C:\Program Files\Mobile Partner\DialUpPlugin.dll
MOD - [2012-08-06 09:05:06 | 000,201,216 | ---- | M] () -- C:\Program Files\Mobile Partner\NDISPlugin.dll
MOD - [2012-08-06 09:05:04 | 000,405,504 | ---- | M] () -- C:\Program Files\Mobile Partner\Proxy.dll
MOD - [2012-08-06 09:05:04 | 000,158,720 | ---- | M] () -- C:\Program Files\Mobile Partner\NetConnectSrvPlugin.dll
MOD - [2012-08-06 09:05:02 | 000,164,864 | ---- | M] () -- C:\Program Files\Mobile Partner\OSDialup.dll
MOD - [2012-08-06 09:05:02 | 000,155,136 | ---- | M] () -- C:\Program Files\Mobile Partner\DataServicePlugin.dll
MOD - [2012-08-06 09:05:02 | 000,131,584 | ---- | M] () -- C:\Program Files\Mobile Partner\OSNDIS.dll
MOD - [2012-08-06 09:05:00 | 000,157,184 | ---- | M] () -- C:\Program Files\Mobile Partner\Trace.dll
MOD - [2012-08-06 09:05:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Mobile Partner\OSAdapt.dll
MOD - [2012-08-06 09:05:00 | 000,065,536 | ---- | M] () -- C:\Program Files\Mobile Partner\OSPowerMgr.dll
MOD - [2012-08-06 09:04:58 | 000,628,224 | ---- | M] () -- C:\Program Files\Mobile Partner\Common.dll
MOD - [2012-07-27 08:53:54 | 001,114,112 | ---- | M] () -- C:\Program Files\Mobile Partner\NDISAPI.dll
MOD - [2012-06-06 03:22:00 | 000,224,256 | ---- | M] () -- C:\Program Files\Mobile Partner\tdpcvoice.dll
MOD - [2012-06-06 03:22:00 | 000,155,648 | ---- | M] () -- C:\Program Files\Mobile Partner\Win7Support.dll
MOD - [2012-06-06 03:21:18 | 000,370,176 | ---- | M] () -- C:\Program Files\Mobile Partner\plugins\imageformats\qtiff4.dll
MOD - [2012-06-06 03:21:18 | 000,350,720 | ---- | M] () -- C:\Program Files\Mobile Partner\plugins\imageformats\qmng4.dll
MOD - [2012-06-06 03:21:18 | 000,192,000 | ---- | M] () -- C:\Program Files\Mobile Partner\plugins\imageformats\qjpeg4.dll
MOD - [2012-06-06 03:21:18 | 000,082,944 | ---- | M] () -- C:\Program Files\Mobile Partner\plugins\imageformats\qgif4.dll
MOD - [2012-06-06 03:21:18 | 000,081,920 | ---- | M] () -- C:\Program Files\Mobile Partner\plugins\imageformats\qico4.dll
MOD - [2011-07-13 13:51:51 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pl_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2011-04-13 16:30:47 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010-07-23 06:58:24 | 002,415,104 | ---- | M] () -- C:\Program Files\Mobile Partner\QtCore4.dll
MOD - [2010-02-10 16:43:38 | 009,515,520 | ---- | M] () -- C:\Program Files\Mobile Partner\QtGui4.dll
MOD - [2010-02-10 16:10:26 | 001,148,416 | ---- | M] () -- C:\Program Files\Mobile Partner\QtNetwork4.dll
MOD - [2010-02-10 16:06:52 | 000,398,336 | ---- | M] () -- C:\Program Files\Mobile Partner\QtXml4.dll
MOD - [2010-02-05 18:40:28 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2009-06-22 20:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files\Mobile Partner\libgcc_s_dw2-1.dll
MOD - [2009-01-10 12:32:40 | 000,011,362 | ---- | M] () -- C:\Program Files\Mobile Partner\mingwm10.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2014-03-11 22:28:02 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-03-01 05:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-10-23 16:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013-10-23 16:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013-05-27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012-09-22 04:32:40 | 000,655,744 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2012-01-18 15:16:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011-03-14 17:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2011-02-11 14:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010-08-27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010-02-05 18:41:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010-01-28 17:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-03-10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2014-03-30 12:19:05 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F299A0C2-321A-4E07-BE45-34F90BE6673D}\MpKsl1f0c0f89.sys -- (MpKsl1f0c0f89)
DRV - [2014-03-30 12:18:58 | 000,104,960 | ---- | M] (GMER) [Kernel | On_Demand | Running] -- C:\uwdirpow.sys -- (uwdirpow)
DRV - [2013-09-27 10:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012-08-20 02:54:19 | 000,027,520 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2012-08-20 02:54:18 | 000,096,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012-08-20 02:54:18 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012-08-20 02:54:18 | 000,069,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2012-01-18 13:58:50 | 000,017,520 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV - [2011-12-22 11:04:10 | 000,760,936 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV - [2010-11-20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010-07-27 03:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010-05-08 19:38:56 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2010-03-20 06:06:58 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010-01-07 10:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009-07-30 22:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2008-01-21 08:56:22 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
DRV - [2008-01-21 08:56:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007-11-14 00:29:22 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007-11-14 00:29:22 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007-11-14 00:29:21 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007-11-09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013-08-27 17:28:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[color=#E56717]========== Chrome  ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Win\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Szukaj w Google = C:\Users\Win\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Win\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Win\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files\PokerStars.EU\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.2.96.53 212.2.96.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02490024-ECFD-4652-BC0F-22A37BA8C9CF}: DhcpNameServer = 212.2.96.51 212.2.96.52
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16D7B765-1AD1-4E57-A38F-FD4730A1D6DA}: DhcpNameServer = 192.168.91.248
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ED72CDD-B172-4654-968C-2F47F9F1A0DC}: DhcpNameServer = 212.2.96.53 212.2.96.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A9506AF-700F-486B-B78F-562C92737F08}: DhcpNameServer = 212.2.96.53 212.2.96.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C172ED09-3937-47F6-B50A-B1ACDF44B30A}: DhcpNameServer = 212.2.96.51 212.2.96.52
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011-03-15 01:27:22 | 000,148,320 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008-10-01 11:12:34 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{45cd78b2-2910-11e3-af30-88ae1df5be5c}\Shell - "" = AutoRun
O33 - MountPoints2\{45cd78b2-2910-11e3-af30-88ae1df5be5c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011-03-15 01:27:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{67552e8a-3686-11e3-afda-88ae1df5be5c}\Shell - "" = AutoRun
O33 - MountPoints2\{67552e8a-3686-11e3-afda-88ae1df5be5c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011-03-15 01:27:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{6abd6ca8-214d-11e3-afe9-88ae1df5be5c}\Shell - "" = AutoRun
O33 - MountPoints2\{6abd6ca8-214d-11e3-afe9-88ae1df5be5c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011-03-15 01:27:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{90496461-1c7f-11e3-aa29-88252c8a7bc5}\Shell - "" = AutoRun
O33 - MountPoints2\{90496461-1c7f-11e3-aa29-88252c8a7bc5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011-03-15 01:27:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{90496471-1c7f-11e3-aa29-88ae1df5be5c}\Shell - "" = AutoRun
O33 - MountPoints2\{90496471-1c7f-11e3-aa29-88ae1df5be5c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011-03-15 01:27:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{bb0dcfea-ebd8-11e2-853b-88252c8a7bc5}\Shell - "" = AutoRun
O33 - MountPoints2\{bb0dcfea-ebd8-11e2-853b-88252c8a7bc5}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe
O33 - MountPoints2\{c397360e-43a1-11e1-864b-88ae1df5be5c}\Shell - "" = AutoRun
O33 - MountPoints2\{c397360e-43a1-11e1-864b-88ae1df5be5c}\Shell\AutoRun\command - "" = F:\MicroLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014-03-30 12:18:57 | 000,104,960 | ---- | C] (GMER) -- C:\uwdirpow.sys
[2014-03-30 12:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014-03-30 12:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014-03-30 12:00:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014-03-14 17:36:07 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014-03-14 17:36:07 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014-03-14 17:36:06 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014-03-14 17:36:06 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014-03-14 17:36:05 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014-03-14 17:36:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014-03-14 17:36:04 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014-03-14 17:36:04 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014-03-14 17:35:58 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014-03-14 17:35:57 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014-03-14 17:35:54 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014-03-14 17:35:46 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014-03-14 17:35:45 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014-03-14 17:35:43 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014-03-14 17:35:42 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014-03-14 17:35:41 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014-03-14 17:35:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014-03-14 17:35:30 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014-03-14 17:30:31 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014-03-14 17:30:29 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014-03-30 12:18:58 | 000,104,960 | ---- | M] (GMER) -- C:\uwdirpow.sys
[2014-03-30 12:17:16 | 000,025,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-03-30 12:17:16 | 000,025,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-03-30 12:11:57 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-03-30 12:10:11 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-03-30 12:09:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-03-30 12:09:06 | 1504,350,208 | -HS- | M] () -- C:\hiberfil.sys
[2014-03-30 12:08:01 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-03-30 12:04:24 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014-03-30 12:04:21 | 000,740,426 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2014-03-30 12:04:21 | 000,654,218 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014-03-30 12:04:21 | 000,155,968 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2014-03-30 12:04:21 | 000,122,090 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014-03-15 20:26:10 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014-03-15 08:47:55 | 000,267,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014-03-11 22:28:00 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014-03-11 22:28:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014-03-01 06:11:20 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014-03-01 06:10:48 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014-03-01 05:52:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014-03-01 05:51:53 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014-03-01 05:43:55 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014-03-01 05:43:28 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014-03-01 05:40:17 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014-03-01 05:38:26 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014-03-01 05:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014-03-01 05:37:35 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014-03-01 05:31:30 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014-03-01 05:25:29 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014-03-01 05:16:09 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014-03-01 05:14:15 | 004,244,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014-03-01 05:03:49 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014-03-01 05:00:08 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014-03-01 04:25:42 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014-03-30 12:04:24 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2013-08-23 16:23:29 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\APP_NAME_NON_STRING
[2014-02-13 00:38:47 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\AVG
[2012-01-18 13:05:32 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\GHISLER
[2013-08-23 16:26:29 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\PDF Software
[2012-01-18 14:19:03 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\Toshiba
[2013-08-29 20:28:41 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\TuneUp Software
[2012-01-18 13:36:48 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\WinBatch

[color=#E56717]========== Purity Check ==========[/color]



< End of report >
[/code]

otl2

Kod: Zaznacz wszystko

OTL Extras logfile created on: 2014-03-30 12:18:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Win\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,87 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 48,52% Memory free
3,74 Gb Paging File | 2,36 Gb Available in Paging File | 63,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,74 Gb Total Space | 88,09 Gb Free Space | 75,46% Space Free | Partition Type: NTFS
Drive D: | 116,05 Gb Total Space | 99,11 Gb Free Space | 85,41% Space Free | Partition Type: NTFS
Drive F: | 28,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: WIN-KOMPUTER | User Name: Win | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E3030DD1-3117-462B-B0FA-F5FD457DEC24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04324D26-2E8D-4D5E-9060-F132C4F52976}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{4EA03212-E1AF-4985-AA7A-DE85688C2717}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{7072FBA3-BDB6-4C80-BAFD-329335A826F0}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{82F73B8E-E86C-48F9-A713-4B9357EAEA23}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{BF8D8C17-C094-44AB-9E82-D1BB25175E25}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |
"{BFEE899F-AE3A-4DE0-BF33-2D35F2CE5C1D}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}" = TOSHIBA ConfigFree
"{43592B2E-C393-433F-8D0E-5A4B15A8C786}" = Microsoft Antimalware Service PL-PL Language Pack
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client PL-PL Language Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CD0B97D-46E9-4293-B467-A24DB96DB6DB}" = TOSHIBA ReelTime
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045" = Microsoft .NET Framework 4.5.1 (Polski)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C83B8B35-C2C4-3302-9A6E-C2AF1A59E8D6}" = Microsoft .NET Framework 4.5.1 (PLK)
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = Program TOSHIBA HDD/SSD Alert
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"CCleaner" = CCleaner
"Google Chrome" = Google Chrome
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{8CD0B97D-46E9-4293-B467-A24DB96DB6DB}" = TOSHIBA ReelTime
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = Program TOSHIBA HDD/SSD Alert
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Full)
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Partner" = Mobile Partner
"PokerStars.eu" = PokerStars.eu
"WinRAR archiver" = WinRAR 4.01 (32-bitowy)

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2014-03-26 14:00:41 | Computer Name = Win-Komputer | Source = WinMgmt | ID = 10
Description =

Error - 2014-03-27 14:55:54 | Computer Name = Win-Komputer | Source = WinMgmt | ID = 10
Description =

Error - 2014-03-28 13:35:48 | Computer Name = Win-Komputer | Source = WinMgmt | ID = 10
Description =

Error - 2014-03-28 15:54:05 | Computer Name = Win-Komputer | Source = WinMgmt | ID = 10
Description =

Error - 2014-03-28 17:18:21 | Computer Name = Win-Komputer | Source = WinMgmt | ID = 10
Description =

Error - 2014-03-29 14:57:09 | Computer Name = Win-Komputer | Source = WinMgmt | ID = 10
Description =

Error - 2014-03-29 17:05:30 | Computer Name = Win-Komputer | Source = WinMgmt | ID = 10
Description =

Error - 2014-03-30 05:45:09 | Computer Name = Win-Komputer | Source = WinMgmt | ID = 10
Description =

Error - 2014-03-30 05:57:10 | Computer Name = Win-Komputer | Source = WinMgmt | ID = 10
Description =

Error - 2014-03-30 06:10:57 | Computer Name = Win-Komputer | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2013-12-21 07:01:54 | Computer Name = Win-Komputer | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się.    Ścieżka
modułu: C:\Windows\system32\Rtlihvs.dll  Kod błędu: 126 

Error - 2013-12-21 07:02:04 | Computer Name = Win-Komputer | Source = Service Control Manager | ID = 7024
Description = Usługa AVGIDSAgent zakończyła działanie; wystąpił specyficzny dla
niej błąd %%-536753636.

Error - 2013-12-21 07:02:14 | Computer Name = Win-Komputer | Source = Service Control Manager | ID = 7009
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się
z usługą Mobile Partner. OUC.

Error - 2013-12-21 07:02:14 | Computer Name = Win-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Mobile Partner. OUC z powodu następującego
błędu:   %%1053

Error - 2013-12-21 07:02:21 | Computer Name = Win-Komputer | Source = Microsoft Antimalware | ID = 3002
Description = Funkcja ochrony w czasie rzeczywistym produktu %%860 napotkała błąd
i jej uruchomienie nie powiodło się.     Funkcja: %%835     Kod błędu: 0x80004005     Opis błędu:
Nieokreślony błąd.      Przyczyna: %%842

Error - 2013-12-21 07:20:51 | Computer Name = Win-Komputer | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się.    Ścieżka
modułu: C:\Windows\system32\Rtlihvs.dll  Kod błędu: 126 

Error - 2013-12-21 13:56:31 | Computer Name = Win-Komputer | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się.    Ścieżka
modułu: C:\Windows\system32\Rtlihvs.dll  Kod błędu: 126 

Error - 2013-12-21 13:56:39 | Computer Name = Win-Komputer | Source = Service Control Manager | ID = 7024
Description = Usługa AVGIDSAgent zakończyła działanie; wystąpił specyficzny dla
niej błąd %%-536753636.

Error - 2013-12-21 13:56:50 | Computer Name = Win-Komputer | Source = Service Control Manager | ID = 7009
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się
z usługą Mobile Partner. OUC.

Error - 2013-12-21 13:56:50 | Computer Name = Win-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Mobile Partner. OUC z powodu następującego
błędu:   %%1053


< End of report >


gmer

Kod: Zaznacz wszystko

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-30 13:16:10
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB2O 232,89GB
Running: jvwczm5q.exe; Driver: C:\Users\Win\AppData\Local\Temp\uwdirpow.sys


---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                             82E87A15 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                               82EC1212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  C:\Windows\system32\DRIVERS\tos_sps32.sys                                                            section is writeable [0x88F54000, 0x3C849, 0xE8000020]
.dsrt  C:\Windows\system32\DRIVERS\tos_sps32.sys                                                            unknown last section [0x88F99000, 0x3DC, 0x48000040]

---- User code sections - GMER 2.1 ----

.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtCreateFile + 6               7741560E 4 Bytes  [28, F4, 4D, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtCreateFile + B               77415613 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtMapViewOfSection + 6         77415C6E 4 Bytes  [28, F7, 4D, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtMapViewOfSection + B         77415C73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtOpenFile + 6                 77415D1E 4 Bytes  [68, F4, 4D, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtOpenFile + B                 77415D23 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtOpenProcess + 6              77415DCE 4 Bytes  [A8, F5, 4D, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtOpenProcess + B              77415DD3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtOpenProcessToken + 6         77415DDE 4 Bytes  CALL 7641ABD8 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtOpenProcessToken + B         77415DE3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtOpenProcessTokenEx + 6       77415DEE 4 Bytes  [A8, F6, 4D, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtOpenProcessTokenEx + B       77415DF3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtOpenThread + 6               77415E4E 4 Bytes  [68, F5, 4D, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtOpenThread + B               77415E53 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtOpenThreadToken + 6          77415E5E 4 Bytes  [68, F6, 4D, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtOpenThreadToken + B          77415E63 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtOpenThreadTokenEx + 6        77415E6E 4 Bytes  CALL 7641AC69 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtOpenThreadTokenEx + B        77415E73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtQueryAttributesFile + 6      77415F7E 4 Bytes  [A8, F4, 4D, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtQueryAttributesFile + B      77415F83 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtQueryFullAttributesFile + 6  7741602E 4 Bytes  CALL 7641AE27 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtQueryFullAttributesFile + B  77416033 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtSetInformationFile + 6       7741667E 4 Bytes  [28, F5, 4D, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtSetInformationFile + B       77416683 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtSetInformationThread + 6     774166DE 4 Bytes  [28, F6, 4D, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtSetInformationThread + B     774166E3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtUnmapViewOfSection + 6       774169FE 4 Bytes  [68, F7, 4D, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[1484] ntdll.dll!NtUnmapViewOfSection + B       77416A03 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtCreateFile + 6               7741560E 4 Bytes  [28, F4, 40, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtCreateFile + B               77415613 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtMapViewOfSection + 6         77415C6E 4 Bytes  [28, F7, 40, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtMapViewOfSection + B         77415C73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenFile + 6                 77415D1E 4 Bytes  [68, F4, 40, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenFile + B                 77415D23 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenProcess + 6              77415DCE 4 Bytes  [A8, F5, 40, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenProcess + B              77415DD3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenProcessToken + 6         77415DDE 4 Bytes  CALL 76419ED8 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenProcessToken + B         77415DE3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenProcessTokenEx + 6       77415DEE 4 Bytes  [A8, F6, 40, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenProcessTokenEx + B       77415DF3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenThread + 6               77415E4E 4 Bytes  [68, F5, 40, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenThread + B               77415E53 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenThreadToken + 6          77415E5E 4 Bytes  [68, F6, 40, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenThreadToken + B          77415E63 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenThreadTokenEx + 6        77415E6E 4 Bytes  CALL 76419F69 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenThreadTokenEx + B        77415E73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtQueryAttributesFile + 6      77415F7E 4 Bytes  [A8, F4, 40, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtQueryAttributesFile + B      77415F83 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtQueryFullAttributesFile + 6  7741602E 4 Bytes  CALL 7641A127 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtQueryFullAttributesFile + B  77416033 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtSetInformationFile + 6       7741667E 4 Bytes  [28, F5, 40, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtSetInformationFile + B       77416683 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtSetInformationThread + 6     774166DE 4 Bytes  [28, F6, 40, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtSetInformationThread + B     774166E3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtUnmapViewOfSection + 6       774169FE 4 Bytes  [68, F7, 40, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtUnmapViewOfSection + B       77416A03 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtCreateFile + 6               7741560E 4 Bytes  [28, A8, DC, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtCreateFile + B               77415613 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtMapViewOfSection + 6         77415C6E 4 Bytes  [28, AB, DC, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtMapViewOfSection + B         77415C73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenFile + 6                 77415D1E 4 Bytes  [68, A8, DC, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenFile + B                 77415D23 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcess + 6              77415DCE 4 Bytes  [A8, A9, DC, 00] {TEST AL, 0xa9; FADD QWORD [EAX]}
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcess + B              77415DD3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessToken + 6         77415DDE 4 Bytes  CALL 76423A8C C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessToken + B         77415DE3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessTokenEx + 6       77415DEE 4 Bytes  [A8, AA, DC, 00] {TEST AL, 0xaa; FADD QWORD [EAX]}
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessTokenEx + B       77415DF3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThread + 6               77415E4E 4 Bytes  [68, A9, DC, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThread + B               77415E53 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadToken + 6          77415E5E 4 Bytes  [68, AA, DC, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadToken + B          77415E63 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadTokenEx + 6        77415E6E 4 Bytes  CALL 76423B1D C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadTokenEx + B        77415E73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryAttributesFile + 6      77415F7E 4 Bytes  [A8, A8, DC, 00] {TEST AL, 0xa8; FADD QWORD [EAX]}
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryAttributesFile + B      77415F83 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryFullAttributesFile + 6  7741602E 4 Bytes  CALL 76423CDB C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryFullAttributesFile + B  77416033 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationFile + 6       7741667E 4 Bytes  [28, A9, DC, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationFile + B       77416683 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationThread + 6     774166DE 4 Bytes  [28, AA, DC, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationThread + B     774166E3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtUnmapViewOfSection + 6       774169FE 4 Bytes  [68, AB, DC, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtUnmapViewOfSection + B       77416A03 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtCreateFile + 6               7741560E 4 Bytes  [28, 68, F1, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtCreateFile + B               77415613 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtMapViewOfSection + 6         77415C6E 4 Bytes  [28, 6B, F1, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtMapViewOfSection + B         77415C73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenFile + 6                 77415D1E 4 Bytes  [68, 68, F1, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenFile + B                 77415D23 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenProcess + 6              77415DCE 4 Bytes  [A8, 69, F1, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenProcess + B              77415DD3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenProcessToken + 6         77415DDE 4 Bytes  CALL 76424F4C C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenProcessToken + B         77415DE3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenProcessTokenEx + 6       77415DEE 4 Bytes  [A8, 6A, F1, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenProcessTokenEx + B       77415DF3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenThread + 6               77415E4E 4 Bytes  [68, 69, F1, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenThread + B               77415E53 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenThreadToken + 6          77415E5E 4 Bytes  [68, 6A, F1, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenThreadToken + B          77415E63 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenThreadTokenEx + 6        77415E6E 4 Bytes  CALL 76424FDD C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenThreadTokenEx + B        77415E73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtQueryAttributesFile + 6      77415F7E 4 Bytes  [A8, 68, F1, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtQueryAttributesFile + B      77415F83 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtQueryFullAttributesFile + 6  7741602E 4 Bytes  CALL 7642519B C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtQueryFullAttributesFile + B  77416033 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtSetInformationFile + 6       7741667E 4 Bytes  [28, 69, F1, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtSetInformationFile + B       77416683 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtSetInformationThread + 6     774166DE 4 Bytes  [28, 6A, F1, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtSetInformationThread + B     774166E3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtUnmapViewOfSection + 6       774169FE 4 Bytes  [68, 6B, F1, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtUnmapViewOfSection + B       77416A03 1 Byte  [E2]

---- EOF - GMER 2.1 ----


dodac jeszcze logi z czegos innego?

[NieWiem]

Pobierz FRST w wersji zgodnej z Twoim systemem - 32bit.
Zapisz na pulpicie, uruchom, kliknij scan.
Wygeneruje dwa logi. Obydwa załączyć na forum.