Wirus optimizer pro

**Posty:** 9 · przez **pablo222** 24 Sty 2014, 14:45

Proszę o sprawdzenie logów

Kod: Zaznacz wszystko: - GMER 2.1.19355 - http://www.gmer.net Rootkit scan 2014-01-24 14:22:28 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1237GSX rev.DL130M 111,79GB Running: 5lthwjij.exe; Driver: C:\Users\kasia\AppData\Local\Temp\kwtoqpod.sys --- Kernel code sections - GMER 2.1 ---- ? C:\Windows\system32\cpuvis.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtCreateFile + 6 76EE426A 4 Bytes [28, 54, 81, 00] {SUB [ECX+EAX*4+0x0], DL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtCreateFile + B 76EE426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtMapViewOfSection + 6 76EE49BA 4 Bytes [28, 57, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtMapViewOfSection + B 76EE49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenFile + 6 76EE4A4A 4 Bytes [68, 54, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenFile + B 76EE4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenProcess + 6 76EE4ACA 4 Bytes [A8, 55, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenProcess + B 76EE4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenProcessToken + 6 76EE4ADA 4 Bytes CALL 75EECC34 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenProcessToken + B 76EE4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenProcessTokenEx + 6 76EE4AEA 4 Bytes [A8, 56, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenProcessTokenEx + B 76EE4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenThread + 6 76EE4B3A 4 Bytes [68, 55, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenThread + B 76EE4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenThreadToken + 6 76EE4B4A 4 Bytes [68, 56, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenThreadToken + B 76EE4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenThreadTokenEx + 6 76EE4B5A 4 Bytes CALL 75EECCB5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenThreadTokenEx + B 76EE4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtQueryAttributesFile + 6 76EE4BEA 4 Bytes [A8, 54, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtQueryAttributesFile + B 76EE4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtQueryFullAttributesFile + 6 76EE4C9A 4 Bytes CALL 75EECDF3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtQueryFullAttributesFile + B 76EE4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtSetInformationFile + 6 76EE517A 4 Bytes [28, 55, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtSetInformationFile + B 76EE517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtSetInformationThread + 6 76EE51CA 4 Bytes [28, 56, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtSetInformationThread + B 76EE51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtUnmapViewOfSection + 6 76EE546A 4 Bytes [68, 57, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtUnmapViewOfSection + B 76EE546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtCreateFile + 6 76EE426A 4 Bytes [28, D8, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtCreateFile + B 76EE426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtMapViewOfSection + 6 76EE49BA 4 Bytes [28, DB, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtMapViewOfSection + B 76EE49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenFile + 6 76EE4A4A 4 Bytes [68, D8, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenFile + B 76EE4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcess + 6 76EE4ACA 4 Bytes [A8, D9, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcess + B 76EE4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcessToken + 6 76EE4ADA 4 Bytes CALL 75EE89B8 C:\Windows\system32\SHLWAPI.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcessToken + B 76EE4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcessTokenEx + 6 76EE4AEA 4 Bytes [A8, DA, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcessTokenEx + B 76EE4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThread + 6 76EE4B3A 4 Bytes [68, D9, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThread + B 76EE4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThreadToken + 6 76EE4B4A 4 Bytes [68, DA, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThreadToken + B 76EE4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThreadTokenEx + 6 76EE4B5A 4 Bytes CALL 75EE8A39 C:\Windows\system32\SHLWAPI.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThreadTokenEx + B 76EE4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtQueryAttributesFile + 6 76EE4BEA 4 Bytes [A8, D8, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtQueryAttributesFile + B 76EE4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtQueryFullAttributesFile + 6 76EE4C9A 4 Bytes CALL 75EE8B77 C:\Windows\system32\SHLWAPI.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtQueryFullAttributesFile + B 76EE4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtSetInformationFile + 6 76EE517A 4 Bytes [28, D9, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtSetInformationFile + B 76EE517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtSetInformationThread + 6 76EE51CA 4 Bytes [28, DA, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtSetInformationThread + B 76EE51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtUnmapViewOfSection + 6 76EE546A 4 Bytes [68, DB, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtUnmapViewOfSection + B 76EE546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtCreateFile + 6 76EE426A 4 Bytes [28, 48, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtCreateFile + B 76EE426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtMapViewOfSection + 6 76EE49BA 4 Bytes [28, 4B, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtMapViewOfSection + B 76EE49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenFile + 6 76EE4A4A 4 Bytes [68, 48, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenFile + B 76EE4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcess + 6 76EE4ACA 4 Bytes [A8, 49, FF, 00] {TEST AL, 0x49; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcess + B 76EE4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcessToken + 6 76EE4ADA 4 Bytes CALL 75EF4A28 C:\Windows\system32\urlmon.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcessToken + B 76EE4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcessTokenEx + 6 76EE4AEA 4 Bytes [A8, 4A, FF, 00] {TEST AL, 0x4a; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcessTokenEx + B 76EE4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThread + 6 76EE4B3A 4 Bytes [68, 49, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThread + B 76EE4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThreadToken + 6 76EE4B4A 4 Bytes [68, 4A, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThreadToken + B 76EE4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThreadTokenEx + 6 76EE4B5A 4 Bytes CALL 75EF4AA9 C:\Windows\system32\urlmon.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThreadTokenEx + B 76EE4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtQueryAttributesFile + 6 76EE4BEA 4 Bytes [A8, 48, FF, 00] {TEST AL, 0x48; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtQueryAttributesFile + B 76EE4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtQueryFullAttributesFile + 6 76EE4C9A 4 Bytes CALL 75EF4BE7 C:\Windows\system32\urlmon.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtQueryFullAttributesFile + B 76EE4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationFile + 6 76EE517A 4 Bytes [28, 49, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationFile + B 76EE517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationThread + 6 76EE51CA 4 Bytes [28, 4A, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationThread + B 76EE51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtUnmapViewOfSection + 6 76EE546A 4 Bytes [68, 4B, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtUnmapViewOfSection + B 76EE546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtCreateFile + 6 76EE426A 4 Bytes [28, 2C, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtCreateFile + B 76EE426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtMapViewOfSection + 6 76EE49BA 4 Bytes [28, 2F, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtMapViewOfSection + B 76EE49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtOpenFile + 6 76EE4A4A 4 Bytes [68, 2C, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtOpenFile + B 76EE4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtOpenProcess + 6 76EE4ACA 4 Bytes [A8, 2D, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtOpenProcess + B 76EE4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtOpenProcessToken + 6 76EE4ADA 4 Bytes CALL 75EEE40C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtOpenProcessToken + B 76EE4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtOpenProcessTokenEx + 6 76EE4AEA 4 Bytes [A8, 2E, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtOpenProcessTokenEx + B 76EE4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtOpenThread + 6 76EE4B3A 4 Bytes [68, 2D, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtOpenThread + B 76EE4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtOpenThreadToken + 6 76EE4B4A 4 Bytes [68, 2E, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtOpenThreadToken + B 76EE4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtOpenThreadTokenEx + 6 76EE4B5A 4 Bytes CALL 75EEE48D .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtOpenThreadTokenEx + B 76EE4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtQueryAttributesFile + 6 76EE4BEA 4 Bytes [A8, 2C, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtQueryAttributesFile + B 76EE4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtQueryFullAttributesFile + 6 76EE4C9A 4 Bytes CALL 75EEE5CB .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtQueryFullAttributesFile + B 76EE4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtSetInformationFile + 6 76EE517A 4 Bytes [28, 2D, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtSetInformationFile + B 76EE517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtSetInformationThread + 6 76EE51CA 4 Bytes [28, 2E, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtSetInformationThread + B 76EE51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtUnmapViewOfSection + 6 76EE546A 4 Bytes [68, 2F, 99, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2784] ntdll.dll!NtUnmapViewOfSection + B 76EE546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtCreateFile + 6 76EE426A 4 Bytes [28, 68, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtCreateFile + B 76EE426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtMapViewOfSection + 6 76EE49BA 4 Bytes [28, 6B, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtMapViewOfSection + B 76EE49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenFile + 6 76EE4A4A 4 Bytes [68, 68, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenFile + B 76EE4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcess + 6 76EE4ACA 4 Bytes [A8, 69, 1C, 00] {TEST AL, 0x69; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcess + B 76EE4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcessToken + 6 76EE4ADA 4 Bytes CALL 75EE6748 C:\Windows\system32\SHLWAPI.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcessToken + B 76EE4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcessTokenEx + 6 76EE4AEA 4 Bytes [A8, 6A, 1C, 00] {TEST AL, 0x6a; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcessTokenEx + B 76EE4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThread + 6 76EE4B3A 4 Bytes [68, 69, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThread + B 76EE4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThreadToken + 6 76EE4B4A 4 Bytes [68, 6A, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThreadToken + B 76EE4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThreadTokenEx + 6 76EE4B5A 4 Bytes CALL 75EE67C9 C:\Windows\system32\SHLWAPI.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThreadTokenEx + B 76EE4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtQueryAttributesFile + 6 76EE4BEA 4 Bytes [A8, 68, 1C, 00] {TEST AL, 0x68; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtQueryAttributesFile + B 76EE4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtQueryFullAttributesFile + 6 76EE4C9A 4 Bytes CALL 75EE6907 C:\Windows\system32\SHLWAPI.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtQueryFullAttributesFile + B 76EE4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtSetInformationFile + 6 76EE517A 4 Bytes [28, 69, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtSetInformationFile + B 76EE517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtSetInformationThread + 6 76EE51CA 4 Bytes [28, 6A, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtSetInformationThread + B 76EE51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtUnmapViewOfSection + 6 76EE546A 4 Bytes [68, 6B, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtUnmapViewOfSection + B 76EE546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtCreateFile + 6 76EE426A 4 Bytes [28, 9C, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtCreateFile + B 76EE426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtMapViewOfSection + 6 76EE49BA 4 Bytes [28, 9F, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtMapViewOfSection + B 76EE49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenFile + 6 76EE4A4A 4 Bytes [68, 9C, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenFile + B 76EE4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcess + 6 76EE4ACA 4 Bytes [A8, 9D, DA, 00] {TEST AL, 0x9d; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcess + B 76EE4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessToken + 6 76EE4ADA 4 Bytes CALL 75EF257C C:\Windows\system32\urlmon.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessToken + B 76EE4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessTokenEx + 6 76EE4AEA 4 Bytes [A8, 9E, DA, 00] {TEST AL, 0x9e; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessTokenEx + B 76EE4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThread + 6 76EE4B3A 4 Bytes [68, 9D, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThread + B 76EE4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadToken + 6 76EE4B4A 4 Bytes [68, 9E, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadToken + B 76EE4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadTokenEx + 6 76EE4B5A 4 Bytes CALL 75EF25FD C:\Windows\system32\urlmon.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadTokenEx + B 76EE4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryAttributesFile + 6 76EE4BEA 4 Bytes [A8, 9C, DA, 00] {TEST AL, 0x9c; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryAttributesFile + B 76EE4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryFullAttributesFile + 6 76EE4C9A 4 Bytes CALL 75EF273B C:\Windows\system32\urlmon.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryFullAttributesFile + B 76EE4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationFile + 6 76EE517A 4 Bytes [28, 9D, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationFile + B 76EE517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationThread + 6 76EE51CA 4 Bytes [28, 9E, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationThread + B 76EE51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtUnmapViewOfSection + 6 76EE546A 4 Bytes [68, 9F, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtUnmapViewOfSection + B 76EE546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtCreateFile + 6 76EE426A 4 Bytes [28, 34, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtCreateFile + B 76EE426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtMapViewOfSection + 6 76EE49BA 4 Bytes [28, 37, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtMapViewOfSection + B 76EE49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenFile + 6 76EE4A4A 4 Bytes [68, 34, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenFile + B 76EE4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenProcess + 6 76EE4ACA 4 Bytes [A8, 35, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenProcess + B 76EE4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenProcessToken + 6 76EE4ADA 4 Bytes CALL 75EF1414 C:\Windows\system32\urlmon.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenProcessToken + B 76EE4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenProcessTokenEx + 6 76EE4AEA 4 Bytes [A8, 36, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenProcessTokenEx + B 76EE4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenThread + 6 76EE4B3A 4 Bytes [68, 35, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenThread + B 76EE4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenThreadToken + 6 76EE4B4A 4 Bytes [68, 36, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenThreadToken + B 76EE4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenThreadTokenEx + 6 76EE4B5A 4 Bytes CALL 75EF1495 C:\Windows\system32\urlmon.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenThreadTokenEx + B 76EE4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtQueryAttributesFile + 6 76EE4BEA 4 Bytes [A8, 34, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtQueryAttributesFile + B 76EE4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtQueryFullAttributesFile + 6 76EE4C9A 4 Bytes CALL 75EF15D3 C:\Windows\system32\urlmon.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtQueryFullAttributesFile + B 76EE4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtSetInformationFile + 6 76EE517A 4 Bytes [28, 35, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtSetInformationFile + B 76EE517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtSetInformationThread + 6 76EE51CA 4 Bytes [28, 36, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtSetInformationThread + B 76EE51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtUnmapViewOfSection + 6 76EE546A 4 Bytes [68, 37, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtUnmapViewOfSection + B 76EE546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtCreateFile + 6 76EE426A 4 Bytes [28, 64, 07, 01] {SUB [EDI+EAX+0x1], AH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtCreateFile + B 76EE426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtMapViewOfSection + 6 76EE49BA 4 Bytes [28, 67, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtMapViewOfSection + B 76EE49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenFile + 6 76EE4A4A 4 Bytes [68, 64, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenFile + B 76EE4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenProcess + 6 76EE4ACA 4 Bytes [A8, 65, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenProcess + B 76EE4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenProcessToken + 6 76EE4ADA 4 Bytes CALL 75EF5244 C:\Windows\system32\urlmon.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenProcessToken + B 76EE4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenProcessTokenEx + 6 76EE4AEA 4 Bytes [A8, 66, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenProcessTokenEx + B 76EE4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenThread + 6 76EE4B3A 4 Bytes [68, 65, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenThread + B 76EE4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenThreadToken + 6 76EE4B4A 4 Bytes [68, 66, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenThreadToken + B 76EE4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenThreadTokenEx + 6 76EE4B5A 4 Bytes CALL 75EF52C5 C:\Windows\system32\urlmon.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenThreadTokenEx + B 76EE4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtQueryAttributesFile + 6 76EE4BEA 4 Bytes [A8, 64, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtQueryAttributesFile + B 76EE4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtQueryFullAttributesFile + 6 76EE4C9A 4 Bytes CALL 75EF5403 C:\Windows\system32\urlmon.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtQueryFullAttributesFile + B 76EE4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtSetInformationFile + 6 76EE517A 4 Bytes [28, 65, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtSetInformationFile + B 76EE517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtSetInformationThread + 6 76EE51CA 4 Bytes [28, 66, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtSetInformationThread + B 76EE51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtUnmapViewOfSection + 6 76EE546A 4 Bytes [68, 67, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtUnmapViewOfSection + B 76EE546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtCreateFile + 6 76EE426A 4 Bytes [28, 74, AB, 00] {SUB [EBX+EBP*4+0x0], DH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtCreateFile + B 76EE426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtMapViewOfSection + 6 76EE49BA 4 Bytes [28, 77, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtMapViewOfSection + B 76EE49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenFile + 6 76EE4A4A 4 Bytes [68, 74, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenFile + B 76EE4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenProcess + 6 76EE4ACA 4 Bytes [A8, 75, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenProcess + B 76EE4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenProcessToken + 6 76EE4ADA 4 Bytes CALL 75EEF654 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenProcessToken + B 76EE4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenProcessTokenEx + 6 76EE4AEA 4 Bytes [A8, 76, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenProcessTokenEx + B 76EE4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenThread + 6 76EE4B3A 4 Bytes [68, 75, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenThread + B 76EE4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenThreadToken + 6 76EE4B4A 4 Bytes [68, 76, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenThreadToken + B 76EE4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenThreadTokenEx + 6 76EE4B5A 4 Bytes CALL 75EEF6D5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenThreadTokenEx + B 76EE4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtQueryAttributesFile + 6 76EE4BEA 4 Bytes [A8, 74, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtQueryAttributesFile + B 76EE4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtQueryFullAttributesFile + 6 76EE4C9A 4 Bytes CALL 75EEF813 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtQueryFullAttributesFile + B 76EE4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtSetInformationFile + 6 76EE517A 4 Bytes [28, 75, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtSetInformationFile + B 76EE517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtSetInformationThread + 6 76EE51CA 4 Bytes [28, 76, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtSetInformationThread + B 76EE51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtUnmapViewOfSection + 6 76EE546A 4 Bytes [68, 77, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtUnmapViewOfSection + B 76EE546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtCreateFile + 6 76EE426A 4 Bytes [28, 78, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtCreateFile + B 76EE426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtMapViewOfSection + 6 76EE49BA 4 Bytes [28, 7B, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtMapViewOfSection + B 76EE49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenFile + 6 76EE4A4A 4 Bytes [68, 78, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenFile + B 76EE4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcess + 6 76EE4ACA 4 Bytes [A8, 79, E1, 00] {TEST AL, 0x79; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcess + B 76EE4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcessToken + 6 76EE4ADA 4 Bytes CALL 75EF2C58 C:\Windows\system32\urlmon.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcessToken + B 76EE4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcessTokenEx + 6 76EE4AEA 4 Bytes [A8, 7A, E1, 00] {TEST AL, 0x7a; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcessTokenEx + B 76EE4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThread + 6 76EE4B3A 4 Bytes [68, 79, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThread + B 76EE4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThreadToken + 6 76EE4B4A 4 Bytes [68, 7A, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThreadToken + B 76EE4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThreadTokenEx + 6 76EE4B5A 4 Bytes CALL 75EF2CD9 C:\Windows\system32\urlmon.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThreadTokenEx + B 76EE4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtQueryAttributesFile + 6 76EE4BEA 4 Bytes [A8, 78, E1, 00] {TEST AL, 0x78; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtQueryAttributesFile + B 76EE4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtQueryFullAttributesFile + 6 76EE4C9A 4 Bytes CALL 75EF2E17 C:\Windows\system32\urlmon.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtQueryFullAttributesFile + B 76EE4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtSetInformationFile + 6 76EE517A 4 Bytes [28, 79, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtSetInformationFile + B 76EE517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtSetInformationThread + 6 76EE51CA 4 Bytes [28, 7A, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtSetInformationThread + B 76EE51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtUnmapViewOfSection + 6 76EE546A 4 Bytes [68, 7B, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtUnmapViewOfSection + B 76EE546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtCreateFile + 6 76EE426A 2 Bytes [28, 44] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtCreateFile + 9 76EE426D 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtCreateFile + 9 76EE426D 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtMapViewOfSection + 6 76EE49BA 2 Bytes [28, 47] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtMapViewOfSection + 9 76EE49BD 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtMapViewOfSection + 9 76EE49BD 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenFile + 6 76EE4A4A 2 Bytes [68, 44] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenFile + 9 76EE4A4D 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenFile + 9 76EE4A4D 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcess + 6 76EE4ACA 2 Bytes [A8, 45] {TEST AL, 0x45} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcess + 9 76EE4ACD 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcess + 9 76EE4ACD 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessToken + 6 76EE4ADA 2 Bytes CALL 75EF4924 C:\Windows\system32\urlmon.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessToken + 9 76EE4ADD 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessToken + 9 76EE4ADD 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessTokenEx + 6 76EE4AEA 2 Bytes [A8, 46] {TEST AL, 0x46} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessTokenEx + 9 76EE4AED 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessTokenEx + 9 76EE4AED 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThread + 6 76EE4B3A 2 Bytes [68, 45] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThread + 9 76EE4B3D 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThread + 9 76EE4B3D 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadToken + 6 76EE4B4A 2 Bytes [68, 46] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadToken + 9 76EE4B4D 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadToken + 9 76EE4B4D 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadTokenEx + 6 76EE4B5A 2 Bytes CALL 75EF49A5 C:\Windows\system32\urlmon.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadTokenEx + 9 76EE4B5D 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadTokenEx + 9 76EE4B5D 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryAttributesFile + 6 76EE4BEA 2 Bytes [A8, 44] {TEST AL, 0x44} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryAttributesFile + 9 76EE4BED 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryAttributesFile + 9 76EE4BED 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryFullAttributesFile + 6 76EE4C9A 2 Bytes CALL 75EF4AE3 C:\Windows\system32\urlmon.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryFullAttributesFile + 9 76EE4C9D 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryFullAttributesFile + 9 76EE4C9D 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationFile + 6 76EE517A 2 Bytes [28, 45] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationFile + 9 76EE517D 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationFile + 9 76EE517D 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationThread + 6 76EE51CA 2 Bytes [28, 46] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationThread + 9 76EE51CD 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationThread + 9 76EE51CD 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtUnmapViewOfSection + 6 76EE546A 2 Bytes [68, 47] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtUnmapViewOfSection + 9 76EE546D 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtUnmapViewOfSection + 9 76EE546D 3 Bytes [00, FF, E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [72F57817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [72F9B4F1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [72F5BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [72F4F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [72F575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [72F4E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [72F873F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [72F5DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [72F4FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [72F4FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [72F471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [72FDCB00] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [72F7C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [72F4D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [72F46853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [72F4687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [72F52AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll ---- Processes - GMER 2.1 ---- Process C:\Program Files\My applications\Windows Defender Apps Control.exe (*** hidden *** ) 3164 Process C:\Program Files\My applications\Windows Defender Apps Control.exe (*** hidden *** ) 3780 ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 4E604DAF0AB029093149D006284255855E6EABB6DAB2D827E340A4B9E44A39533FBF57532EA8FEAC46302BB6607D967E685816BCCF4D7D3440C7B01EAFC9BAE4F5C21D509CB4306FEBA03B5EF7DBB12440DBA9E10C99F7FE21101E8307F0D76E68A5080D4430CFB78D77860ADF276757E617A901A6F2D6FEBB960CAB484D0AA29FEAB35464F6E590A9D6C4AF5E2FE91A6F6E8CD389B89A53D721CE3B22ED3E57BC5670D392EB6CA756A565258CC6E19604897CFCF4CE37BA55366D3D98E7D805EEF2C21FB6F3D1D1B78D09A458436B165E52D8807A1C179B23A2A49C83552E4BFD8C64AC0FF9F9840BFBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B5558EDD5E5BE2F6E667FEBC9E127BECC74C349556FCB87341C7E05996D6AF92AABB7469447D4E9C016E7B940CA542A89C812B0610F9E69392A902DCAB4152DDA3E33B4A9095B09003B118472C29F33CE066EFD3E0214A7D4B8697CD8FF5F1A1E3B692CE71EE5145D93A1C22BA27E01AC000764518A171A6AAC314FAF8F4AA2B9C39886F217C76024E4ED0E596A1A0233B76E3035AB15D29818A1A17ED450C6D9436DD06AC355EB1BAF9B5B774223CDC6135951B9F0904C2B8478238CC6F1800293C0852F513B765120DFD1ED8322F70D7ED9AFD33E4D05 ---- EOF - GMER 2.1 ----

**Posty:** 4765 · przez **ordynat** 24 Sty 2014, 15:40

>>GMER>>
Rozwiń>>>zakładka CMD>>zaznacz CMD ---w górne czarne pole wklej to:

5lthwjij -del service cpuvis
5lthwjij -del file C:\Program Files\My applications\Windows Defender Apps Control.exe
5lthwjij -del file C:\Program Files\My applications
5lthwjij -reboot

Kliknij „Uruchom” z prawej strony. Komputer powinien się samoczynnie wyłączyć i włączyć.

Zrób logi z OTL >http://forum.programosy.pl/otl-dds-combofix-vt117885.html

**Posty:** 9 · przez **pablo222** 25 Sty 2014, 11:14

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2014-01-24 16:18:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kasia\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1013,38 Mb Total Physical Memory | 159,00 Mb Available Physical Memory | 15,69% Memory free 2,43 Gb Paging File | 1,16 Gb Available in Paging File | 47,75% Paging File free Paging file location(s): c:\pagefile.sys 1519 1519 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55,89 Gb Total Space | 0,86 Gb Free Space | 1,55% Space Free | Partition Type: NTFS Drive E: | 54,43 Gb Total Space | 17,92 Gb Free Space | 32,92% Space Free | Partition Type: NTFS Computer Name: KASIA-PC | User Name: kasia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-3122865650-37063331-2333272892-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{005A82F8-5732-4CCE-AA07-2B8F1A82E9D3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{14AD7BFA-BC31-4F9A-B56A-B111F01AC247}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1BF2536E-A860-41BA-8B2A-7614B5662215}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{2010A00E-EEF6-4A29-9EDB-6F7319278F16}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{330BB148-F10C-466E-942B-DBE1D6F1937F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{588B140D-0005-48F9-A928-A6FAB2D95AC8}" = lport=8461 | protocol=6 | dir=in | name=god high port | "{64F6A499-6691-43EE-96E4-C7BA179020EC}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{687929ED-5D1F-4E1D-BE46-6042985967CC}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{6FC2C3A3-EDF9-4392-8059-908A0EE5C3E6}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{BD66BC28-FC73-4E09-B3A2-2B11404CE860}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{C2E8A7F7-B9F7-4E9B-A3FB-A54D1F78E92D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C5DB5BD0-2FD1-4EA2-91EC-2CF8F2A7918E}" = lport=8462 | protocol=6 | dir=in | name=god low port | "{D9206FA4-B7F7-4E1A-81A8-63C80E3B58C3}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{F70F2A1A-FB28-4D6A-AB64-B24197797280}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{F85CB8E1-0395-4D02-85C4-BFE439D64AAF}" = lport=8462 | protocol=6 | dir=in | name=god low port | "{FBA9E869-D2A4-4014-93F2-134B38D6B2DB}" = lport=8461 | protocol=6 | dir=in | name=god high port | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04D282B4-8E2C-409C-9CAB-C0BE3FF57A0F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3E3EDF10-E048-45D8-9BEE-0EF69DE9AC07}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{51E7361F-BB6D-47F2-841A-674803D43DC3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{57803A38-081D-40A4-9C07-B535A834F451}" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "{57A22A37-8785-4242-B906-A3066B1E0F5A}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{66123154-94E8-4895-9451-3A26A6598FE9}" = dir=in | app=c:\program files\hp\hp deskjet 2510 series\bin\usbsetup.exe | "{903178FE-8353-4A0F-B2D3-BA108243811C}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{918A18FB-17F8-4A76-A96F-1994F8C75FDB}" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "{91E3F551-6979-44FD-AC9A-1237850A358C}" = protocol=17 | dir=in | app=e:\autocad2006\autocad2006.exe | "{BF7D7A49-2E7A-4187-B202-73B8B451269B}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{C17F7C59-04C3-4716-B3EB-6CA3F918BE4B}" = protocol=6 | dir=in | app=e:\autocad2006\autocad2006.exe | "{DCC4941B-9AC7-4A35-895F-FB86A4946156}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "TCP Query User{0D05561A-9C35-47C1-9F48-BF1AF78B69A6}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{1ABB5A76-DAF6-42BF-B124-D2C37E979B0F}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{3E2EEECD-B661-4748-B6D6-AC7D87312D4E}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{4E7D158B-0744-464F-8FEF-E2984C1808D1}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{E2A68E37-2445-40E7-B9E9-87990C8EA19B}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{5E6F495D-C4B5-4D02-B6C8-074D5A10F842}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{A794FAF9-A553-4734-A836-27316923FA2F}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{AFD75667-5C74-48A0-A967-68FFF414156F}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{BDBD1BC0-4C38-4862-BAAC-198D0F031AE4}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{CE4A6DEB-1839-4516-9250-57A8BD390FA9}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ""SubEdit-Player"" = "SubEdit-Player" "{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" = "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{03F102FB-18C9-4B2A-B464-55FFD9AB2C2B}" = Kodak Dental Imaging Software Installation "{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI "{05CE1B02-00A5-475D-99EB-A2A292C06825}" = Kodak Dental Software "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{07A37BEB-8CEF-46E7-AFB7-C619A20EE020}" = Kodak Patient File "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{17BFC657-EC83-445E-859E-CB5843DAB4BB}" = HP Deskjet 2510 series — badanie mające na celu poprawę produktów "{19B72AA9-985A-11D4-9C8A-00D0B75D1498}" = Colin McRae Rally 2 "{1F701DBD-1660-4108-B10A-FB435EA63BF0}" = PostgreSQL 8.2 "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA "{216C7F38-4BBC-4E9A-8392-C9FA21B54386}" = HP Deskjet 2510 series Setup Guide "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{31BFEC6C-1F27-45B5-839C-BCBAE327993A}" = OpenOffice.org 3.0 "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing "{4820778D-AB0D-6D18-C316-52A6A0E1D507}" = YoutubeAdblocker "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5F189DF5-2D05-472B-9091-84D9848AE48B}{fe885e3d}" = GS-Supporter 1.80 "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6A8ECD4B-E279-4008-BC5C-39D068C5199E}" = MSXML4.0 component "{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01 "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.15 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Wyciszacz napędu CD/DVD "{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help "{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd "{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{BD366B89-6784-4636-9D01-291C2016912A}" = HP Deskjet 2510 series Pomoc "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree "{BF5ECEAF-E9BA-4F86-A70F-7C9D25BBA113}" = Pharmindex CD Kompendium 2007 "{C3857AE9-B016-404E-9E22-7D87A00625DE}" = EclipseDB "{CA41BB14-E67B-1653-C57B-5CA99418A866}" = greaaTsaveur "{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D239DFD4-44E1-4239-AD5F-0DC652320141}" = HP Deskjet 2510 series — podstawowe oprogramowanie urządzenia "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{ED6C5ECD-5AA4-4054-BF67-8F49526E5765}" = O&O Defrag Professional "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE "{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0 "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}" = Bing Bar "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "CCleaner" = CCleaner "Client Poczty Listonosz" = Listonosz : Klient Poczty 1.1.6.0 "Corel Applications" = Corel Applications "DiagModules" = CalibrationTool (remove only) "Driver CR" = CR Driver (remove only) "FastStone Capture" = FastStone Capture 6.1 "Gadu-Gadu 10" = Gadu-Gadu 10 "Google Chrome" = Google Chrome "HDMI" = Intel(R) Graphics Media Accelerator Driver "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Photo Creations" = HP Photo Creations "HP Photosmart Essential" = HP Photosmart Essential 2.01 "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "InstallShield_{03F102FB-18C9-4B2A-B464-55FFD9AB2C2B}" = Kodak Dental Imaging Software Installation "InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{05CE1B02-00A5-475D-99EB-A2A292C06825}" = "InstallShield_{07A37BEB-8CEF-46E7-AFB7-C619A20EE020}" = "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Hasło administratora "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = Sprzęt instalacyjny TOSHIBA "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "iPlus manager_is1" = iPlus manager 2.3 "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 3.8.0 Basic "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MMEDICA" = mMedica "NSS" = Norton Security Scan "NVIDIA Drivers" = NVIDIA Drivers "Optimizer Pro_is1" = Optimizer Pro v3.2 "RealAlt_is1" = Real Alternative 1.9.0 Lite "RVGInstaller" = RVGDriver (remove only) "S-5796188193" = GS-Enabler "Samochodowa mapa Polski_is1" = Samochodowa mapa Polski "TOSHIBA Software Modem" = TOSHIBA Software Modem "Totalcmd" = Total Commander (Remove or Repair) "Winamp" = Winamp (remove only) "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinRAR archiver" = Archiwizator WinRAR "WPM" = WPM17.8.0.3325 "XLViewer97" = Microsoft Excel Viewer 97 "XviD" = XviD MPEG-4 Codec [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3122865650-37063331-2333272892-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2014-01-24 10:30:23 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. Error - 2014-01-24 10:35:23 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. Error - 2014-01-24 10:45:39 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. Error - 2014-01-24 10:50:40 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. Error - 2014-01-24 11:09:14 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. Error - 2014-01-24 11:14:14 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. Error - 2014-01-24 11:19:16 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. Error - 2014-01-24 11:24:19 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. Error - 2014-01-24 11:29:21 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. Error - 2014-01-24 11:34:24 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. [ Services Events ] Error - 2013-01-16 08:00:57 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory Error - 2013-01-16 08:00:58 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory Error - 2013-01-16 08:00:59 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory Error - 2013-01-16 08:01:00 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory Error - 2013-01-16 08:01:01 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory Error - 2013-01-16 08:01:02 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory Error - 2013-01-21 02:03:47 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory Error - 2013-01-21 02:03:48 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory Error - 2013-01-21 02:03:49 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory Error - 2013-01-21 02:03:50 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory [ System Events ] Error - 2010-03-10 16:11:16 | Computer Name = kasia-PC | Source = Service Control Manager | ID = 7022 Description = Error - 2010-03-10 16:16:00 | Computer Name = kasia-PC | Source = HTTP | ID = 15016 Description = Error - 2010-03-10 16:17:38 | Computer Name = kasia-PC | Source = Service Control Manager | ID = 7022 Description = Error - 2010-03-11 15:55:41 | Computer Name = kasia-PC | Source = HTTP | ID = 15016 Description = Error - 2010-03-11 15:57:09 | Computer Name = kasia-PC | Source = Service Control Manager | ID = 7022 Description = Error - 2010-03-12 04:37:34 | Computer Name = kasia-PC | Source = HTTP | ID = 15016 Description = Error - 2010-03-12 04:39:13 | Computer Name = kasia-PC | Source = Service Control Manager | ID = 7022 Description = Error - 2010-03-12 10:48:08 | Computer Name = kasia-PC | Source = HTTP | ID = 15016 Description = Error - 2010-03-12 10:49:49 | Computer Name = kasia-PC | Source = Service Control Manager | ID = 7022 Description = Error - 2010-03-13 11:03:28 | Computer Name = kasia-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 16:01:57 na 2010-03-12 było nieoczekiwane. < End of report > OTL Extras logfile created on: 2014-01-24 16:18:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kasia\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1013,38 Mb Total Physical Memory | 159,00 Mb Available Physical Memory | 15,69% Memory free 2,43 Gb Paging File | 1,16 Gb Available in Paging File | 47,75% Paging File free Paging file location(s): c:\pagefile.sys 1519 1519 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55,89 Gb Total Space | 0,86 Gb Free Space | 1,55% Space Free | Partition Type: NTFS Drive E: | 54,43 Gb Total Space | 17,92 Gb Free Space | 32,92% Space Free | Partition Type: NTFS Computer Name: KASIA-PC | User Name: kasia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-3122865650-37063331-2333272892-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{005A82F8-5732-4CCE-AA07-2B8F1A82E9D3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{14AD7BFA-BC31-4F9A-B56A-B111F01AC247}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1BF2536E-A860-41BA-8B2A-7614B5662215}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{2010A00E-EEF6-4A29-9EDB-6F7319278F16}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{330BB148-F10C-466E-942B-DBE1D6F1937F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{588B140D-0005-48F9-A928-A6FAB2D95AC8}" = lport=8461 | protocol=6 | dir=in | name=god high port | "{64F6A499-6691-43EE-96E4-C7BA179020EC}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{687929ED-5D1F-4E1D-BE46-6042985967CC}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{6FC2C3A3-EDF9-4392-8059-908A0EE5C3E6}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{BD66BC28-FC73-4E09-B3A2-2B11404CE860}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{C2E8A7F7-B9F7-4E9B-A3FB-A54D1F78E92D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C5DB5BD0-2FD1-4EA2-91EC-2CF8F2A7918E}" = lport=8462 | protocol=6 | dir=in | name=god low port | "{D9206FA4-B7F7-4E1A-81A8-63C80E3B58C3}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{F70F2A1A-FB28-4D6A-AB64-B24197797280}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{F85CB8E1-0395-4D02-85C4-BFE439D64AAF}" = lport=8462 | protocol=6 | dir=in | name=god low port | "{FBA9E869-D2A4-4014-93F2-134B38D6B2DB}" = lport=8461 | protocol=6 | dir=in | name=god high port | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04D282B4-8E2C-409C-9CAB-C0BE3FF57A0F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3E3EDF10-E048-45D8-9BEE-0EF69DE9AC07}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{51E7361F-BB6D-47F2-841A-674803D43DC3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{57803A38-081D-40A4-9C07-B535A834F451}" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "{57A22A37-8785-4242-B906-A3066B1E0F5A}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{66123154-94E8-4895-9451-3A26A6598FE9}" = dir=in | app=c:\program files\hp\hp deskjet 2510 series\bin\usbsetup.exe | "{903178FE-8353-4A0F-B2D3-BA108243811C}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{918A18FB-17F8-4A76-A96F-1994F8C75FDB}" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "{91E3F551-6979-44FD-AC9A-1237850A358C}" = protocol=17 | dir=in | app=e:\autocad2006\autocad2006.exe | "{BF7D7A49-2E7A-4187-B202-73B8B451269B}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{C17F7C59-04C3-4716-B3EB-6CA3F918BE4B}" = protocol=6 | dir=in | app=e:\autocad2006\autocad2006.exe | "{DCC4941B-9AC7-4A35-895F-FB86A4946156}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "TCP Query User{0D05561A-9C35-47C1-9F48-BF1AF78B69A6}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{1ABB5A76-DAF6-42BF-B124-D2C37E979B0F}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{3E2EEECD-B661-4748-B6D6-AC7D87312D4E}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{4E7D158B-0744-464F-8FEF-E2984C1808D1}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{E2A68E37-2445-40E7-B9E9-87990C8EA19B}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{5E6F495D-C4B5-4D02-B6C8-074D5A10F842}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{A794FAF9-A553-4734-A836-27316923FA2F}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{AFD75667-5C74-48A0-A967-68FFF414156F}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{BDBD1BC0-4C38-4862-BAAC-198D0F031AE4}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{CE4A6DEB-1839-4516-9250-57A8BD390FA9}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ""SubEdit-Player"" = "SubEdit-Player" "{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" = "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{03F102FB-18C9-4B2A-B464-55FFD9AB2C2B}" = Kodak Dental Imaging Software Installation "{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI "{05CE1B02-00A5-475D-99EB-A2A292C06825}" = Kodak Dental Software "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{07A37BEB-8CEF-46E7-AFB7-C619A20EE020}" = Kodak Patient File "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{17BFC657-EC83-445E-859E-CB5843DAB4BB}" = HP Deskjet 2510 series — badanie mające na celu poprawę produktów "{19B72AA9-985A-11D4-9C8A-00D0B75D1498}" = Colin McRae Rally 2 "{1F701DBD-1660-4108-B10A-FB435EA63BF0}" = PostgreSQL 8.2 "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA "{216C7F38-4BBC-4E9A-8392-C9FA21B54386}" = HP Deskjet 2510 series Setup Guide "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{31BFEC6C-1F27-45B5-839C-BCBAE327993A}" = OpenOffice.org 3.0 "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing "{4820778D-AB0D-6D18-C316-52A6A0E1D507}" = YoutubeAdblocker "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5F189DF5-2D05-472B-9091-84D9848AE48B}{fe885e3d}" = GS-Supporter 1.80 "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6A8ECD4B-E279-4008-BC5C-39D068C5199E}" = MSXML4.0 component "{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01 "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.15 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Wyciszacz napędu CD/DVD "{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help "{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd "{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{BD366B89-6784-4636-9D01-291C2016912A}" = HP Deskjet 2510 series Pomoc "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree "{BF5ECEAF-E9BA-4F86-A70F-7C9D25BBA113}" = Pharmindex CD Kompendium 2007 "{C3857AE9-B016-404E-9E22-7D87A00625DE}" = EclipseDB "{CA41BB14-E67B-1653-C57B-5CA99418A866}" = greaaTsaveur "{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D239DFD4-44E1-4239-AD5F-0DC652320141}" = HP Deskjet 2510 series — podstawowe oprogramowanie urządzenia "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{ED6C5ECD-5AA4-4054-BF67-8F49526E5765}" = O&O Defrag Professional "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE "{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0 "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}" = Bing Bar "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "CCleaner" = CCleaner "Client Poczty Listonosz" = Listonosz : Klient Poczty 1.1.6.0 "Corel Applications" = Corel Applications "DiagModules" = CalibrationTool (remove only) "Driver CR" = CR Driver (remove only) "FastStone Capture" = FastStone Capture 6.1 "Gadu-Gadu 10" = Gadu-Gadu 10 "Google Chrome" = Google Chrome "HDMI" = Intel(R) Graphics Media Accelerator Driver "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Photo Creations" = HP Photo Creations "HP Photosmart Essential" = HP Photosmart Essential 2.01 "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "InstallShield_{03F102FB-18C9-4B2A-B464-55FFD9AB2C2B}" = Kodak Dental Imaging Software Installation "InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{05CE1B02-00A5-475D-99EB-A2A292C06825}" = "InstallShield_{07A37BEB-8CEF-46E7-AFB7-C619A20EE020}" = "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Hasło administratora "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = Sprzęt instalacyjny TOSHIBA "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "iPlus manager_is1" = iPlus manager 2.3 "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 3.8.0 Basic "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MMEDICA" = mMedica "NSS" = Norton Security Scan "NVIDIA Drivers" = NVIDIA Drivers "Optimizer Pro_is1" = Optimizer Pro v3.2 "RealAlt_is1" = Real Alternative 1.9.0 Lite "RVGInstaller" = RVGDriver (remove only) "S-5796188193" = GS-Enabler "Samochodowa mapa Polski_is1" = Samochodowa mapa Polski "TOSHIBA Software Modem" = TOSHIBA Software Modem "Totalcmd" = Total Commander (Remove or Repair) "Winamp" = Winamp (remove only) "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinRAR archiver" = Archiwizator WinRAR "WPM" = WPM17.8.0.3325 "XLViewer97" = Microsoft Excel Viewer 97 "XviD" = XviD MPEG-4 Codec [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3122865650-37063331-2333272892-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2014-01-24 10:30:23 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. Error - 2014-01-24 10:35:23 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. Error - 2014-01-24 10:45:39 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. Error - 2014-01-24 10:50:40 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. Error - 2014-01-24 11:09:14 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. Error - 2014-01-24 11:14:14 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. Error - 2014-01-24 11:19:16 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. Error - 2014-01-24 11:24:19 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. Error - 2014-01-24 11:29:21 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. Error - 2014-01-24 11:34:24 | Computer Name = kasia-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Poziom informacji: error Błąd podczas uruchamiania automatycznej usługi LiveUpdate: err:0x2; Nie można odnaleźć określonego pliku. [ Services Events ] Error - 2013-01-16 08:00:57 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory Error - 2013-01-16 08:00:58 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory Error - 2013-01-16 08:00:59 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory Error - 2013-01-16 08:01:00 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory Error - 2013-01-16 08:01:01 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory Error - 2013-01-16 08:01:02 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory Error - 2013-01-21 02:03:47 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory Error - 2013-01-21 02:03:48 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory Error - 2013-01-21 02:03:49 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory Error - 2013-01-21 02:03:50 | Computer Name = kasia-PC | Source = RVG Network Configuration Service | ID = 0 Description = Out of memory [ System Events ] Error - 2010-03-10 16:11:16 | Computer Name = kasia-PC | Source = Service Control Manager | ID = 7022 Description = Error - 2010-03-10 16:16:00 | Computer Name = kasia-PC | Source = HTTP | ID = 15016 Description = Error - 2010-03-10 16:17:38 | Computer Name = kasia-PC | Source = Service Control Manager | ID = 7022 Description = Error - 2010-03-11 15:55:41 | Computer Name = kasia-PC | Source = HTTP | ID = 15016 Description = Error - 2010-03-11 15:57:09 | Computer Name = kasia-PC | Source = Service Control Manager | ID = 7022 Description = Error - 2010-03-12 04:37:34 | Computer Name = kasia-PC | Source = HTTP | ID = 15016 Description = Error - 2010-03-12 04:39:13 | Computer Name = kasia-PC | Source = Service Control Manager | ID = 7022 Description = Error - 2010-03-12 10:48:08 | Computer Name = kasia-PC | Source = HTTP | ID = 15016 Description = Error - 2010-03-12 10:49:49 | Computer Name = kasia-PC | Source = Service Control Manager | ID = 7022 Description = Error - 2010-03-13 11:03:28 | Computer Name = kasia-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 16:01:57 na 2010-03-12 było nieoczekiwane. < End of report >

**Posty:** 4765 · przez **ordynat** 25 Sty 2014, 12:22

OTL zrobił dwa logi - nie dałeś OTL.txt

**Posty:** 4765 · przez **ordynat** 26 Sty 2014, 09:39

1) Użyj >Adw-cleaner (aby pobrać kliknij na dużą zieloną strzałkę po prawej).
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

2) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
[2014-01-17 16:00:51 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\Optimizer Pro
[2014-01-17 15:45:29 | 000,000,864 | ---- | C] () -- C:\Users\kasia\Desktop\Optimizer Pro.lnk
[2014-01-17 15:44:51 | 000,000,440 | -H-- | C] () -- C:\Windows\tasks\GS-Enabler-S-5796188193.job
[2014-01-17 16:00:57 | 000,000,000 | ---D | C] -- C:\Users\kasia\Documents\Optimizer Pro
[2014-01-17 16:00:51 | 000,000,000 | ---D | C] -- C:\Users\kasia\AppData\Roaming\Optimizer Pro
[2014-01-17 16:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014-01-17 15:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\WPM
[2014-01-17 15:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014-01-17 15:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2014-01-17 15:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\GS-Enabler
[2014-01-17 15:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\YoutubeAdblocker
[2014-01-17 15:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\YoutubeAdblocker
[2014-01-17 15:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\greaaTsaveur
[2014-01-17 15:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\greaaTsaveur
[2014-01-17 15:43:40 | 000,000,000 | ---D | C] -- C:\Users\kasia\AppData\Local\Torch
[2014-01-17 15:43:40 | 000,000,000 | ---D | C] -- C:\Users\kasia\AppData\Local\Comodo
[2014-01-17 15:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\94d39f732329d68e
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (c:\progra~1\gs-ena~1\assist~1.dll) - c:\Program Files\GS-Enabler\Assistant.dll ()
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL File not found
O4 - HKU\S-1-5-21-3122865650-37063331-2333272892-1000..\Run: [LiveSupport] "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log਀ File not found
O4 - HKU\S-1-5-21-3122865650-37063331-2333272892-1000..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" -"http://www.fabdent.pl/panorama/fsPL02.htm" File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3122865650-37063331-2333272892-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0\bin\jp2ssv.dll File not found
O2 - BHO: (YoutubeAdblocker) - {8E1B637C-0F76-C97A-E2C9-4F35CD54929C} - C:\Program Files\YoutubeAdblocker\07fg.dll ()
O2 - BHO: (greaaTsaveur) - {32FA3899-7246-50C5-E7FB-273181E3933F} - C:\Program Files\greaaTsaveur\KP6UZ.dll ()
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Sacm2A.sys -- (USBCM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\UNDPX2A.SYS -- (UNDPX2A)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\system32\cpuvis.sys -- (cpuvis)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
SRV - [2014-01-17 15:46:19 | 000,493,568 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\WPM\wprotectmanager.exe -- (Wpm)

:Files
C:\Users\kasia\AppData\Local\Temp*.html
C:\Users\kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhdfgeepnjmdnbgihjfnacaajnkfiloo
C:\Users\kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe
C:\Users\kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeccfhmdofojahoagkobofohdklaedln
C:\Users\kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

F.

**Posty:** 9 · przez **pablo222** 26 Sty 2014, 22:26

tutaj jest raport z adw-cleaner

Kod: Zaznacz wszystko: # AdwCleaner v3.017 - Log utworzony 26/01/2014 o 20:54:20 # Aktualizacja 12/01/2014 przez Xplode # System operacyjny : Windows Vista (TM) Home Basic Service Pack 2 (32 bits) # Użytkownik : kasia - KASIA-PC # Ścieżka : C:\Users\kasia\Downloads\adwcleaner.exe # Opcja : Usuń ***** [ Usługi ] ***** Usługa Usunięto : fe885e3d Usługa Usunięto : Wpm ***** [ Pliki / Foldery ] ***** Folder Usunięto : C:\ProgramData\Ask Folder Usunięto : C:\ProgramData\StarApp Folder Usunięto : C:\ProgramData\WPM Folder Usunięto : C:\ProgramData\YoutubeAdblocker Folder Usunięto : C:\ProgramData\greaaTsaveur Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2 Folder Usunięto : C:\Program Files\Ask.com Folder Usunięto : C:\Program Files\optimizer pro Folder Usunięto : C:\Program Files\YoutubeAdblocker Folder Usunięto : C:\Program Files\greaaTsaveur Folder Usunięto : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe} Folder Usunięto : C:\Users\kasia\AppData\Local\apn Folder Usunięto : C:\Users\kasia\AppData\Local\torch Folder Usunięto : C:\Users\kasia\AppData\LocalLow\AskToolbar Folder Usunięto : C:\Users\kasia\AppData\Roaming\optimizer pro Folder Usunięto : C:\Users\kasia\Documents\optimizer pro Folder Usunięto : C:\Users\pawel\AppData\Local\torch Folder Usunięto : C:\Users\postgres\AppData\Local\torch Folder Usunięto : C:\Users\kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo Plik Usunięto : C:\Users\kasia\Desktop\Optimizer Pro.lnk Plik Usunięto : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar ***** [ Skróty ] ***** Skrót Wyleczono : C:\Users\Public\Desktop\Google Chrome.lnk Skrót Wyleczono : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk Skrót Wyleczono : C:\Users\kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Skrót Wyleczono : C:\Users\kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Skrót Wyleczono : C:\Users\kasia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk Skrót Wyleczono : C:\Users\kasia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ***** [ Rejestr ] ***** Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [#] Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CBA9F00-7DDC-4E16-A5F6-9027992A19F2} [#] Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CBA9F00-7DDC-4E16-A5F6-9027992A19F2} Wartość Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [livesupport] Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Klucz Usunięto : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Klucz Usunięto : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Dane Przywrócono : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command Dane Przywrócono : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command Klucz Usunięto : HKCU\Software\APN Klucz Usunięto : HKCU\Software\Ask.com Klucz Usunięto : HKCU\Software\FLEXnet Klucz Usunięto : HKCU\Software\LiveSupport Klucz Usunięto : HKCU\Software\Optimizer Pro Klucz Usunięto : HKCU\Software\AppDataLow\Software\AskToolbar Klucz Usunięto : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Klucz Usunięto : HKLM\Software\APN Klucz Usunięto : HKLM\Software\AskToolbar Klucz Usunięto : HKLM\Software\GS-Enabler Klucz Usunięto : HKLM\Software\ImInstaller Klucz Usunięto : HKLM\Software\supWPM Klucz Usunięto : HKLM\Software\sweet-pageSoftware Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CA41BB14-E67B-1653-C57B-5CA99418A866} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Klucz Usunięto : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Klucz Usunięto : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 ***** [ Przeglądarki internetowe ] ***** -\\ Internet Explorer v9.0.8112.16526 Ustawienie Przywrócono : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] -\\ Google Chrome v32.0.1700.76 [ Plik : C:\Users\kasia\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [13245 octets] - [26/01/2014 20:52:16] AdwCleaner[S0].txt - [11492 octets] - [26/01/2014 20:54:20] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11553 octets] ##########

**Posty:** 4765 · przez **ordynat** 26 Sty 2014, 22:53

Przejdź do następnych kroków

Logi wklejaj na http://wklejto.pl/, a w poście daj tylko linki.(czyli skopiuj adres z paska adresów).

**Posty:** 9 · przez **pablo222** 26 Sty 2014, 23:48

tutaj jest raport po załadowaniu skryptu http://www.wklejto.pl/189633

a to nowe skanowanie otl
http://wklejto.pl/189632

**Posty:** 4765 · przez **ordynat** 27 Sty 2014, 00:03

W dalszym ciągu jest usługa Rootkita

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\system32\cpuvis.sys -- (cpuvis)

:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[-HKEY_USERS\S-1-5-21-3122865650-37063331-2333272892-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D084F0D6-C950-4A0B-B6A4-2FD374267C18}]

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

Zrób log z GMER, na ustawieniu:
>>gmer>>Rootkit>>zaznacz tylko "Usługi" i "Pokaż wszystko">>Szukaj>

**Posty:** 9 · przez **pablo222** 27 Sty 2014, 14:08

tutaj jest raport ze skryptu
http://www.wklejto.pl/189666

Dodano Dzisiaj, 13:20:
a tutaj raport z gmer
http://www.wklejto.pl/189668

**Posty:** 4765 · przez **ordynat** 27 Sty 2014, 16:39

>>GMER>>
Rozwiń>>>zakładka CMD>>zaznacz CMD ---w górne czarne pole wklej to:

nkso9xd3 -del cpuvis
nkso9xd3 -del C:/Windows/system32/cpuvis.sys
nkso9xd3 -reboot

Kliknij „Uruchom” z prawej strony. Komputer powinien się samoczynnie wyłączyć i włączyć.

Zrób nowy log z GMER - ustawienie takie samo, jak ostatnio.
.

**Posty:** 9 · przez **pablo222** 27 Sty 2014, 19:13

nowy log z gmer
http://www.wklejto.pl/189725

**Posty:** 4765 · przez **ordynat** 27 Sty 2014, 20:23

Tak dawno tej infekcji nie widziałem, że już nie pamiętam, jak ją trzeba usuwać.

Start > w polu szukania wpisz regedit > wejdź do klucza:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

Dwuklik w wartość Startup i zastąp obecny tam ciąg prawidłową ścieżką:

%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Do >SystemLook wklej:

:filefind
cpuvis.*
Windows Defender Apps Control.exe

:regfind
cpuvis.sys

folderfind:
My applications

Naciśnij Look i pokaż raport.

**Posty:** 9 · przez **pablo222** 28 Sty 2014, 14:07

tutaj jest raport bedzie dobrze
http://www.wklejto.pl/189824

**Posty:** 4765 · przez **ordynat** 28 Sty 2014, 14:36

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:Files
C:\Program Files\My applications\Windows Defender Apps Control.exe
C:\Program Files\My applications
C:\Windows\system32\cpuvis.sys

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cpuvis]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cpuvis]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cpuvis]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Program Files^My applications^Wi]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Program Files^My applications^Windows Live Control.exe]

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

Zrób log z SystemLook - ustawienie jak poprzednio.
.

**Posty:** 9 · przez **pablo222** 29 Sty 2014, 22:23

to jest raport ze skryptu
http://www.wklejto.pl/190008

Dodano Dzisiaj, 21:53:
a tutaj raport z SystemLook tylko nie wiem czy dobrze zrobilem bo wkleilem to samo polecenie co poprzednio
http://www.wklejto.pl/190016

**Posty:** 4765 · przez **ordynat** 29 Sty 2014, 23:11

OK, możemy kończyć:
W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.
W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL)
SystemLook - usuń ręcznie.
.

Autor postu otrzymał pochwałę

**Posty:** 9 · przez **pablo222** 30 Sty 2014, 00:24

ok wszystko odinstalowałem
to co gitara?

Dodano Dzisiaj, 15:14:
Jeśli tak to wielkie dzięki za pomoc sam bym się z tym bujał nie wiadomo ile :papryczka:

Kto jest na forum