Services.exe i 100% zużycia cpu

**Posty:** 83 · przez **szef1** 21 Lis 2012, 01:15

Witam. Od jakiegoś czasu mam następujący problem. Podczas grania w fifę 12 po ok 20 minutach od włączenia, proces services.exe zaczyna zabierać ok 15-30% CPU, co razem z grą cały czas daje 100% zużycia. Po ponownym włączeniu gry problem pozostaje, pomaga tylko restart komputera. Ostatnio zainstalowałem nową fifę 13 i okazało się, że problem pozostał. Przeczyściłem dyski CCleanerem, zrobiłem skanowania Malwarebytes Anti-Malware, usunąłem wszystko co było zainfekowane (kilka plików), jednak problem pozostaje. Przeskanowałem też plik services.exe na Jotti.org i nic nie wykryło. Wklejam logi Z HiJacka i ComboFixa. Z góry dziękuję za pomoc.

HiJackThis:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 02:42:47, on 2012-11-20 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\AVAST Software\Avast\AvastSvc.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\RTHDCPL.EXE D:\Program Files\AVAST Software\Avast\avastUI.exe D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\system32\ctfmon.exe D:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe D:\Program Files\K2T\WTW\wtw.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\wscntfy.exe D:\Program Files\FIFA 13\Game\fifa13.exe D:\WINDOWS\system32\taskmgr.exe D:\Program Files\Opera\opera.exe D:\WINDOWS\system32\msiexec.exe D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [avast] "D:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [XboxStat] "d:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: WTW.lnk = D:\Program Files\K2T\WTW\wtw.exe O4 - Global Startup: RtlWake.lnk = ? O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij &do programu OneNote - res://D:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe -- End of file - 5092 bytes

Combofix:

Kod: Zaznacz wszystko: ComboFix 12-11-19.03 - Mik 2012-11-20 2:52.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3327.2215 [GMT 1:00] Uruchomiony z: d:\documents and settings\Mik\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . d:\documents and settings\All Users\Dane aplikacji\AMMYY d:\documents and settings\All Users\Dane aplikacji\AMMYY\hr d:\documents and settings\All Users\Dane aplikacji\AMMYY\settings.bin d:\documents and settings\All Users\Dane aplikacji\hpe66D.dll d:\documents and settings\All Users\Dane aplikacji\TEMP d:\documents and settings\Mik\KMPlayer_EN_3.3.0.33(dobreprogramy.pl).exe d:\windows\system32\tmp76C.tmp d:\windows\system32\tmp76D.tmp . . ((((((((((((((((((((((((( Pliki utworzone od 2012-10-20 do 2012-11-20 ))))))))))))))))))))))))))))))) . . 2012-11-20 01:42 . 2012-11-20 01:42 388096 ----a-r- d:\documents and settings\Mik\Dane aplikacji\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-11-20 01:42 . 2012-11-20 01:42 -------- d-----w- d:\program files\Trend Micro 2012-11-12 22:29 . 2012-11-12 22:29 -------- d-----w- d:\program files\RaymanForever 2012-11-08 21:07 . 2012-11-08 21:07 -------- d-----w- d:\documents and settings\Mik\Ustawienia lokalne\Dane aplikacji\DOSBox 2012-11-06 13:12 . 2012-11-06 13:12 -------- d-----w- d:\windows\system32\config\systemprofile\Oracle 2012-11-05 13:30 . 2012-11-05 13:30 -------- d-----w- d:\documents and settings\Mik\Dane aplikacji\Subversion 2012-11-05 13:30 . 2012-11-05 13:30 -------- d-----w- d:\documents and settings\Mik\Dane aplikacji\SQL Developer 2012-11-05 13:23 . 2012-11-05 13:23 -------- d-----w- d:\documents and settings\Mik\Oracle 2012-11-05 13:22 . 2012-11-05 13:22 -------- d-----w- D:\oraclexe 2012-11-05 10:40 . 2012-11-05 10:40 -------- d-----w- d:\program files\EA GAMES 2012-10-25 18:04 . 2012-10-25 18:04 -------- d---a-w- d:\documents and settings\Mik\Ustawienia lokalne\Dane aplikacji\Rockstar Games 2012-10-25 17:02 . 2012-10-25 17:02 -------- d-----w- d:\windows\system32\xlive 2012-10-25 17:02 . 2012-10-25 17:02 -------- d-----w- d:\program files\Microsoft Games for Windows - LIVE 2012-10-25 16:43 . 2012-10-25 16:43 -------- d-----w- d:\windows\system32\XPSViewer 2012-10-25 16:43 . 2012-10-25 16:43 -------- d-----w- d:\program files\Reference Assemblies 2012-10-25 16:43 . 2006-10-14 14:43 27648 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2012-10-25 16:43 . 2006-06-29 11:07 14048 ------w- d:\windows\system32\spmsg2.dll 2012-10-25 16:42 . 2012-10-25 16:48 -------- d-----w- d:\program files\Rockstar Games 2012-10-23 21:40 . 2012-10-23 21:40 -------- d-----w- d:\program files\Fifa Master . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-20 00:23 . 2012-07-30 23:56 151552 ----a-w- d:\windows\KMSEmulator.exe 2012-10-25 22:34 . 2012-07-30 19:21 73656 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-25 22:34 . 2012-07-30 19:21 696760 ----a-w- d:\windows\system32\FlashPlayerApp.exe 2012-10-25 17:04 . 2012-09-03 22:44 107888 ----a-w- d:\windows\system32\CmdLineExt.dll 2012-10-16 21:10 . 2012-10-16 21:10 22 --sha-w- d:\documents and settings\Mik\Dane aplikacji\Windows1569_SettingsRepository.bin 2012-09-29 17:54 . 2012-09-28 14:04 22856 ----a-w- d:\windows\system32\drivers\mbam.sys 2012-09-23 14:28 . 2012-10-15 22:05 888168 ----a-w- d:\windows\system32\nvdispgenco32.dll 2012-09-23 14:28 . 2012-10-15 22:05 5947392 ----a-w- d:\windows\system32\nvopencl.dll 2012-09-07 05:10 . 2012-09-07 05:10 93672 ----a-w- d:\windows\system32\WindowsAccessBridge.dll 2012-09-07 05:10 . 2012-09-07 05:10 143872 ----a-w- d:\windows\system32\javacpl.cpl 2012-09-07 05:10 . 2012-08-08 16:58 821736 ----a-w- d:\windows\system32\npDeployJava1.dll 2012-09-07 05:10 . 2012-08-08 16:58 746984 ----a-w- d:\windows\system32\deployJava1.dll 2012-10-11 01:05 . 2012-10-11 19:10 261600 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:12 121528 ----a-w- d:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600] "avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728] "XboxStat"="d:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . d:\documents and settings\Mik\Menu Start\Programy\Autostart\ WTW.lnk - d:\program files\K2T\WTW\wtw.exe [2012-7-30 2129408] . d:\documents and settings\All Users\Menu Start\Programy\Autostart\ RtlWake.lnk - d:\program files\REALTEK Semiconductor Corp.\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe [2012-9-12 720896] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\D:^Documents and Settings^Mik^Menu Start^Programy^Autostart^Treston.lnk] path=d:\documents and settings\Mik\Menu Start\Programy\Autostart\Treston.lnk backup=d:\windows\pss\Treston.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 08:07 843712 ----a-r- d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-03-27 12:41 37296 ----a-w- d:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2012-04-04 04:09 446392 ------w- d:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager] 2012-03-09 14:26 1073312 ----a-w- d:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ------r- d:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-15 12:00 15360 ----a-w- d:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2012-04-17 15:19 3671872 ----a-w- d:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-08-12 22:51 116648 ----atw- d:\documents and settings\Mik\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2012-05-15 09:40 15504192 ----a-w- d:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2012-05-15 09:40 108352 ----a-w- d:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2012-05-15 10:18 1634112 ----a-w- d:\program files\NVIDIA Corporation\nview\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess] 2010-12-20 22:59 718720 ----a-w- d:\program files\Microsoft Office\Office14\MSOSYNC.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC] 2008-11-14 12:35 305064 ----a-r- d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-07-13 11:33 17418928 ----a-r- d:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 07:04 252848 ----a-w- d:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 11:37 517096 ----a-w- d:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "TunngleService"=3 (0x3) "SkypeUpdate"=2 (0x2) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) "OMSI download service"=2 (0x2) "MozillaMaintenance"=3 (0x3) "Microsoft SharePoint Workspace Audit Service"=3 (0x3) "JavaQuickStarterService"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Opera\\opera.exe"= "d:\\Program Files\\K2T\\WTW\\wtw.exe"= "d:\\Program Files\\FIFA 12\\Game\\fifa.exe"= "d:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "d:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "d:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "d:\\Program Files\\SopCast\\SopCast.exe"= "d:\\Program Files\\Codemasters\\GRID\\GRID.exe"= "d:\\Soldat\\Soldat.exe"= "d:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\Documents and Settings\\Mik\\Pulpit\\ghost recon\\GhostRecon.exe"= "d:\\Program Files\\Tunngle\\TnglCtrl.exe"= "d:\\Program Files\\Tunngle\\Tunngle.exe"= "c:\\wamp\\bin\\apache\\Apache2.2.21\\bin\\httpd.exe"= "d:\\Program Files\\Sony Ericsson\\Sony Ericsson PC Suite\\SEPCSuite.exe"= "d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2013\\pes2013.exe"= "d:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\Documents and Settings\\Mik\\Pulpit\\Q3Ademo\\quake3.exe"= "d:\\Documents and Settings\\Mik\\Pulpit\\Folder\\uTorrent 3 Portable\\uTorrent.exe"= "d:\\Program Files\\FIFA 13\\Game\\fifa13.exe"= "d:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "d:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"= "d:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "d:\\Program Files\\RaymanForever\\Rayman\\RAYMAN.EXE"= . R0 PCTCore;PCTools KDS;d:\windows\system32\drivers\PCTCore.sys [2012-09-28 207792] R1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [2012-07-30 729752] R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2012-07-30 355632] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;d:\windows\system32\drivers\dtsoftbus01.sys [2012-07-30 242240] R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [2012-08-02 158552] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [2012-08-02 91992] R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2012-07-30 21256] R2 EAPPkt;Realtek EAPPkt Protocol;d:\windows\system32\drivers\EAPPkt.sys [2012-09-12 8576] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;d:\windows\system32\drivers\VBoxNetFlt.sys [2012-06-05 116056] S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;d:\windows\system32\drivers\RTL8180.sys [2008-12-01 183680] S3 SwitchBoard;SwitchBoard;d:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);d:\windows\system32\drivers\tap0901t.sys [2012-08-28 27136] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [2012-06-05 104792] S4 OMSI download service;Sony Ericsson OMSI download service;d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2012-09-14 90112] S4 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [2012-09-28 359624] S4 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe [2012-07-13 160944] S4 TunngleService;TunngleService;d:\program files\Tunngle\TnglCtrl.exe [2012-08-28 738152] . Zawartość folderu 'Zaplanowane zadania' . 2012-11-20 d:\windows\Tasks\AutoKMS.job - d:\windows\AutoKMS\AutoKMS.exe [2012-07-30 23:56] . 2012-11-20 d:\windows\Tasks\avast! Emergency Update.job - d:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-30 09:12] . 2012-11-09 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-484061587-1801674531-1003Core.job - d:\documents and settings\Mik\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-08-12 22:51] . 2012-11-20 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-484061587-1801674531-1003UA.job - d:\documents and settings\Mik\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-08-12 22:51] . . ------- Skan uzupełniający ------- . IE: E&ksportuj do programu Microsoft Excel - d:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - d:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 8.8.8.8 188.122.20.62 FF - ProfilePath - d:\documents and settings\Mik\Dane aplikacji\Mozilla\Firefox\Profiles\k4172jyw.default\ FF - ExtSQL: 2012-10-11 21:12; {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}; d:\documents and settings\Mik\Dane aplikacji\Mozilla\Firefox\Profiles\k4172jyw.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi . - - - - USUNIĘTO PUSTE WPISY - - - - . MSConfigStartUp-Sony PC Companion - d:\program files\Sony\Sony PC Companion\PCCompanion.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-20 02:56 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . Czas ukończenia: 2012-11-20 02:57:30 ComboFix-quarantined-files.txt 2012-11-20 01:57 . Przed: 34 588 049 408 bajtów wolnych Po: 34 522 718 208 bajtów wolnych . - - End Of File - - F453D065DEDE52335CC72EB6590CD59D

**Posty:** 12734 · przez **Mikou@j** 21 Lis 2012, 09:33

szef1 napisał(a):Malwarebytes Anti-Malware, usunąłem wszystko co było zainfekowane (kilka plików)

Pokaż z tego log.

Wklej też wymagane u nas logi wszystko-o-logach-aktualizacja-30-01-2012-vt117887.html . ( HijackThis już się dawno nie używa, a Combofix'a tylko na wyraźne polecenie)

**Posty:** 83 · przez **szef1** 22 Lis 2012, 11:42

MBAM:

Kod: Zaznacz wszystko: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Wersja bazy: v2012.09.28.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Mik :: M [administrator] 2012-09-28 16:06:41 mbam-log-2012-09-28 (16-06-41).txt Typ skanowania: Pełne skanowanie (C:\|D:\|) Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM Odznaczone opcje skanowania: P2P Przeskanowano obiektów: 341630 Upłynęło: 1 godzin(y), 1 minut(y), 9 sekund(y) Wykrytych procesów w pamięci: 0 (Nie znaleziono zagrożeń) Wykrytych modułów w pamięci: 0 (Nie znaleziono zagrożeń) Wykrytych kluczy rejestru: 0 (Nie znaleziono zagrożeń) Wykrytych wartości rejestru: 0 (Nie znaleziono zagrożeń) Wykryte wpisy rejestru systemowego: 0 (Nie znaleziono zagrożeń) wykrytych folderów: 0 (Nie znaleziono zagrożeń) Wykrytych plików: 4 C:\System Volume Information\_restore{D40690BF-E011-44F7-B7C4-7F54D8EB9E2E}\RP259\A0071979.exe (Trojan.Downloader) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. C:\System Volume Information\_restore{D40690BF-E011-44F7-B7C4-7F54D8EB9E2E}\RP290\A0079177.exe (Adware.Onlinegames) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. C:\System Volume Information\_restore{D40690BF-E011-44F7-B7C4-7F54D8EB9E2E}\RP290\A0079876.exe (Malware.Packer.T) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. C:\System Volume Information\_restore{D40690BF-E011-44F7-B7C4-7F54D8EB9E2E}\RP290\A0079946.exe (Trojan.Dropper) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. (zakończone)

GMER:

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-11-22 10:21:51 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-12 SAMSUNG_HD502IJ rev.1AA01113 Running: gw2fzp4e.exe; Driver: D:\DOCUME~1\Mik\USTAWI~1\Temp\pxtdypow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB43D24BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB44A7C22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB43D2ED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB4414811] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB43DDFA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB43DDFF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB43DE176] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7458E52] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB43DDF16] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7439CDE] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7439ED0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB43DE038] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB43DDF5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB43D311C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB43DE130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB43D393E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB43D2508] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7459640] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF74598F4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB43D71C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB4414D42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB4414BAD] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB44A7CEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB43D2170] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB43D2556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB43D7534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB43D43A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB43DDFD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB43DE016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB43DE19A] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7457B44] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB43DDF3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB43D6C3E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB43DE0BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB43DDF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB43D6F14] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB43DE154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB44A7E4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB4414A28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB43D4272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB441487A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB43D3DD4] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7459D60] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB4413838] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB43D25A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB43D25F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB43D37BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB43D21FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB43D23AA] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF7459112] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB43D2350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB43D3AF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB43D3C54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB43D241A] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7439984] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB43D3636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xB44A641C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB43D2640] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB43D2F1A] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwYieldExecution + 3C2 804E4BEC 12 Bytes [A4, 25, 3D, B4, F2, 25, 3D, ...] .text ntoskrnl.exe!ZwYieldExecution + 46A 804E4C94 12 Bytes [F8, 3A, 3D, B4, 54, 3C, 3D, ...] PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP B44BF810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80575B10 4 Bytes CALL B43D4A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E6A62 5 Bytes JMP B44BDCF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text D:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6EB63C0, 0x9B091A, 0xE8000020] .text win32k.sys!EngFreeUserMem + 674 BF809FDF 5 Bytes JMP B43D8B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 3625 BF80CF90 5 Bytes JMP B43D8A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8138FE 5 Bytes JMP B43D89F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E743 5 Bytes JMP B43D7688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 199A BF820E6C 5 Bytes JMP B43D80A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 7657 BF82868B 5 Bytes JMP B43D77C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 698 BF838560 5 Bytes JMP B43D8CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + BB6 BF838A7E 5 Bytes JMP B43D88FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 3605 BF83B4CD 5 Bytes JMP B43D8EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + D9AB BF845873 5 Bytes JMP B43D7834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 113C6 BF84928E 5 Bytes JMP B43D8090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 2E60 BF852720 5 Bytes JMP B43D816A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 2F20 BF8527E0 5 Bytes JMP B43D7670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 84B4 BF857D74 5 Bytes JMP B43D8E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 23AD BF873983 5 Bytes JMP B43D8BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 37BB BF87882D 5 Bytes JMP B43D8A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 3617 BF88FFB6 5 Bytes JMP B43D7CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 413A BF890AD9 5 Bytes JMP B43D7E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF8ADD61 5 Bytes JMP B43D8182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 4B52 BF8B3770 5 Bytes JMP B43D7C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 4BDD BF8B37FB 5 Bytes JMP B43D7EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP B43D7944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8ED991 5 Bytes JMP B43D756A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 9006 BF8F4FC9 5 Bytes JMP B43D80C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + D4C6 BF8F9489 5 Bytes JMP B43D7A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + D746 BF8F9709 5 Bytes JMP B43D7B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1994 BF912612 5 Bytes JMP B43D7760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2568 BF9131E6 5 Bytes JMP B43D78F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F29 BF915BA7 5 Bytes JMP B43D7FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1931 BF9438F8 5 Bytes JMP B43D8D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text D:\Program Files\Opera\opera.exe[184] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003D01F8 .text D:\Program Files\Opera\opera.exe[184] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\Program Files\Opera\opera.exe[184] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003D03FC .text D:\Program Files\Opera\opera.exe[184] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\Program Files\Opera\opera.exe[184] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 009D1014 .text D:\Program Files\Opera\opera.exe[184] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 009D0804 .text D:\Program Files\Opera\opera.exe[184] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 009D0A08 .text D:\Program Files\Opera\opera.exe[184] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 009D0C0C .text D:\Program Files\Opera\opera.exe[184] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 009D0E10 .text D:\Program Files\Opera\opera.exe[184] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 009D01F8 .text D:\Program Files\Opera\opera.exe[184] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 009D03FC .text D:\Program Files\Opera\opera.exe[184] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 009D0600 .text D:\Program Files\Opera\opera.exe[184] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 02770804 .text D:\Program Files\Opera\opera.exe[184] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 02770A08 .text D:\Program Files\Opera\opera.exe[184] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 02770600 .text D:\Program Files\Opera\opera.exe[184] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 027701F8 .text D:\Program Files\Opera\opera.exe[184] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 027703FC .text D:\Program Files\foobar2000\foobar2000.exe[372] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003D01F8 .text D:\Program Files\foobar2000\foobar2000.exe[372] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\Program Files\foobar2000\foobar2000.exe[372] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003D03FC .text D:\Program Files\foobar2000\foobar2000.exe[372] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\Program Files\foobar2000\foobar2000.exe[372] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00D81014 .text D:\Program Files\foobar2000\foobar2000.exe[372] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00D80804 .text D:\Program Files\foobar2000\foobar2000.exe[372] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00D80A08 .text D:\Program Files\foobar2000\foobar2000.exe[372] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00D80C0C .text D:\Program Files\foobar2000\foobar2000.exe[372] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00D80E10 .text D:\Program Files\foobar2000\foobar2000.exe[372] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00D801F8 .text D:\Program Files\foobar2000\foobar2000.exe[372] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 00D803FC .text D:\Program Files\foobar2000\foobar2000.exe[372] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00D80600 .text D:\Documents and Settings\Mik\Pulpit\gw2fzp4e.exe[380] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003D01F8 .text D:\Documents and Settings\Mik\Pulpit\gw2fzp4e.exe[380] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\Documents and Settings\Mik\Pulpit\gw2fzp4e.exe[380] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003D03FC .text D:\Documents and Settings\Mik\Pulpit\gw2fzp4e.exe[380] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\Documents and Settings\Mik\Pulpit\gw2fzp4e.exe[380] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 009C1014 .text D:\Documents and Settings\Mik\Pulpit\gw2fzp4e.exe[380] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 009C0804 .text D:\Documents and Settings\Mik\Pulpit\gw2fzp4e.exe[380] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 009C0A08 .text D:\Documents and Settings\Mik\Pulpit\gw2fzp4e.exe[380] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 009C0C0C .text D:\Documents and Settings\Mik\Pulpit\gw2fzp4e.exe[380] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 009C0E10 .text D:\Documents and Settings\Mik\Pulpit\gw2fzp4e.exe[380] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 009C01F8 .text D:\Documents and Settings\Mik\Pulpit\gw2fzp4e.exe[380] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 009C03FC .text D:\Documents and Settings\Mik\Pulpit\gw2fzp4e.exe[380] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 009C0600 .text D:\Documents and Settings\Mik\Pulpit\gw2fzp4e.exe[380] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804 .text D:\Documents and Settings\Mik\Pulpit\gw2fzp4e.exe[380] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08 .text D:\Documents and Settings\Mik\Pulpit\gw2fzp4e.exe[380] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600 .text D:\Documents and Settings\Mik\Pulpit\gw2fzp4e.exe[380] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8 .text D:\Documents and Settings\Mik\Pulpit\gw2fzp4e.exe[380] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC .text D:\WINDOWS\RTHDCPL.EXE[684] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003C01F8 .text D:\WINDOWS\RTHDCPL.EXE[684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\WINDOWS\RTHDCPL.EXE[684] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003C03FC .text D:\WINDOWS\RTHDCPL.EXE[684] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\WINDOWS\RTHDCPL.EXE[684] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 01B11014 .text D:\WINDOWS\RTHDCPL.EXE[684] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 01B10804 .text D:\WINDOWS\RTHDCPL.EXE[684] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 01B10A08 .text D:\WINDOWS\RTHDCPL.EXE[684] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 01B10C0C .text D:\WINDOWS\RTHDCPL.EXE[684] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 01B10E10 .text D:\WINDOWS\RTHDCPL.EXE[684] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 01B101F8 .text D:\WINDOWS\RTHDCPL.EXE[684] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 01B103FC .text D:\WINDOWS\RTHDCPL.EXE[684] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 01B10600 .text D:\Program Files\AVAST Software\Avast\avastUI.exe[692] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\Program Files\AVAST Software\Avast\avastUI.exe[692] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[704] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003D01F8 .text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[704] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[704] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003D03FC .text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[704] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[704] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00A61014 .text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[704] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00A60804 .text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[704] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00A60A08 .text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[704] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00A60C0C .text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[704] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00A60E10 .text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[704] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00A601F8 .text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[704] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 00A603FC .text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[704] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00A60600 .text D:\WINDOWS\System32\smss.exe[832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\WINDOWS\system32\ctfmon.exe[868] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003201F8 .text D:\WINDOWS\system32\ctfmon.exe[868] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\WINDOWS\system32\ctfmon.exe[868] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003203FC .text D:\WINDOWS\system32\ctfmon.exe[868] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\WINDOWS\system32\ctfmon.exe[868] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00A51014 .text D:\WINDOWS\system32\ctfmon.exe[868] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00A50804 .text D:\WINDOWS\system32\ctfmon.exe[868] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00A50A08 .text D:\WINDOWS\system32\ctfmon.exe[868] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00A50C0C .text D:\WINDOWS\system32\ctfmon.exe[868] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00A50E10 .text D:\WINDOWS\system32\ctfmon.exe[868] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00A501F8 .text D:\WINDOWS\system32\ctfmon.exe[868] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 00A503FC .text D:\WINDOWS\system32\ctfmon.exe[868] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00A50600 .text D:\WINDOWS\system32\csrss.exe[880] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\WINDOWS\system32\csrss.exe[880] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\WINDOWS\system32\winlogon.exe[904] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\WINDOWS\system32\winlogon.exe[904] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\WINDOWS\system32\services.exe[948] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\WINDOWS\system32\services.exe[948] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\WINDOWS\system32\lsass.exe[960] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\WINDOWS\system32\lsass.exe[960] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1788] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1788] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1788] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe[1896] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003D01F8 .text D:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe[1896] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe[1896] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003D03FC .text D:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe[1896] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\WINDOWS\Explorer.EXE[1976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\WINDOWS\Explorer.EXE[1976] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\WINDOWS\system32\spoolsv.exe[2012] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\WINDOWS\system32\nvsvc32.exe[2064] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003D01F8 .text D:\WINDOWS\system32\nvsvc32.exe[2064] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\WINDOWS\system32\nvsvc32.exe[2064] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003D03FC .text D:\WINDOWS\system32\nvsvc32.exe[2064] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\WINDOWS\system32\nvsvc32.exe[2064] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00BE1014 .text D:\WINDOWS\system32\nvsvc32.exe[2064] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00BE0804 .text D:\WINDOWS\system32\nvsvc32.exe[2064] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00BE0A08 .text D:\WINDOWS\system32\nvsvc32.exe[2064] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00BE0C0C .text D:\WINDOWS\system32\nvsvc32.exe[2064] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00BE0E10 .text D:\WINDOWS\system32\nvsvc32.exe[2064] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00BE01F8 .text D:\WINDOWS\system32\nvsvc32.exe[2064] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 00BE03FC .text D:\WINDOWS\system32\nvsvc32.exe[2064] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00BE0600 .text D:\Program Files\FIFA 13\Game\fifa13.exe[2088] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 043601F8 .text D:\Program Files\FIFA 13\Game\fifa13.exe[2088] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\Program Files\FIFA 13\Game\fifa13.exe[2088] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 043603FC .text D:\Program Files\FIFA 13\Game\fifa13.exe[2088] ntdll.dll!DbgUiRemoteBreakin 7C94FFE3 10 Bytes JMP 771194E7 D:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) .text D:\Program Files\FIFA 13\Game\fifa13.exe[2088] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\Program Files\FIFA 13\Game\fifa13.exe[2088] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 04870804 .text D:\Program Files\FIFA 13\Game\fifa13.exe[2088] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 04870A08 .text D:\Program Files\FIFA 13\Game\fifa13.exe[2088] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 04870600 .text D:\Program Files\FIFA 13\Game\fifa13.exe[2088] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 048701F8 .text D:\Program Files\FIFA 13\Game\fifa13.exe[2088] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 048703FC .text D:\Program Files\FIFA 13\Game\fifa13.exe[2088] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 04B81014 .text D:\Program Files\FIFA 13\Game\fifa13.exe[2088] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 04B80804 .text D:\Program Files\FIFA 13\Game\fifa13.exe[2088] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 04B80A08 .text D:\Program Files\FIFA 13\Game\fifa13.exe[2088] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 04B80C0C .text D:\Program Files\FIFA 13\Game\fifa13.exe[2088] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 04B80E10 .text D:\Program Files\FIFA 13\Game\fifa13.exe[2088] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 04B801F8 .text D:\Program Files\FIFA 13\Game\fifa13.exe[2088] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 04B803FC .text D:\Program Files\FIFA 13\Game\fifa13.exe[2088] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 04B80600 .text D:\WINDOWS\system32\svchost.exe[2112] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003101F8 .text D:\WINDOWS\system32\svchost.exe[2112] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[2112] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003103FC .text D:\WINDOWS\system32\svchost.exe[2112] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[2112] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00AC1014 .text D:\WINDOWS\system32\svchost.exe[2112] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00AC0804 .text D:\WINDOWS\system32\svchost.exe[2112] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00AC0A08 .text D:\WINDOWS\system32\svchost.exe[2112] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00AC0C0C .text D:\WINDOWS\system32\svchost.exe[2112] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00AC0E10 .text D:\WINDOWS\system32\svchost.exe[2112] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00AC01F8 .text D:\WINDOWS\system32\svchost.exe[2112] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 00AC03FC .text D:\WINDOWS\system32\svchost.exe[2112] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00AC0600 .text D:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe[2248] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003C01F8 .text D:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe[2248] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe[2248] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003C03FC .text D:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe[2248] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe[2248] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00DA1014 .text D:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe[2248] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00DA0804 .text D:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe[2248] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00DA0A08 .text D:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe[2248] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00DA0C0C .text D:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe[2248] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00DA0E10 .text D:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe[2248] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00DA01F8 .text D:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe[2248] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 00DA03FC .text D:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe[2248] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00DA0600 .text D:\Program Files\K2T\WTW\wtw.exe[2460] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003D01F8 .text D:\Program Files\K2T\WTW\wtw.exe[2460] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\Program Files\K2T\WTW\wtw.exe[2460] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003D03FC .text D:\Program Files\K2T\WTW\wtw.exe[2460] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\Program Files\K2T\WTW\wtw.exe[2460] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 010F1014 .text D:\Program Files\K2T\WTW\wtw.exe[2460] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 010F0804 .text D:\Program Files\K2T\WTW\wtw.exe[2460] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 010F0A08 .text D:\Program Files\K2T\WTW\wtw.exe[2460] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 010F0C0C .text D:\Program Files\K2T\WTW\wtw.exe[2460] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 010F0E10 .text D:\Program Files\K2T\WTW\wtw.exe[2460] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 010F01F8 .text D:\Program Files\K2T\WTW\wtw.exe[2460] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 010F03FC .text D:\Program Files\K2T\WTW\wtw.exe[2460] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 010F0600 .text D:\Program Files\K2T\WTW\wtw.exe[2460] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01110804 .text D:\Program Files\K2T\WTW\wtw.exe[2460] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01110A08 .text D:\Program Files\K2T\WTW\wtw.exe[2460] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01110600 .text D:\Program Files\K2T\WTW\wtw.exe[2460] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 011101F8 .text D:\Program Files\K2T\WTW\wtw.exe[2460] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 011103FC .text D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2764] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003101F8 .text D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2764] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2764] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003103FC .text D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2764] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2764] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00F91014 .text D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2764] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00F90804 .text D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2764] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00F90A08 .text D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2764] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00F90C0C .text D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2764] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00F90E10 .text D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2764] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00F901F8 .text D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2764] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 00F903FC .text D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2764] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00F90600 .text D:\WINDOWS\system32\wscntfy.exe[3328] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003101F8 .text D:\WINDOWS\system32\wscntfy.exe[3328] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\WINDOWS\system32\wscntfy.exe[3328] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003103FC .text D:\WINDOWS\system32\wscntfy.exe[3328] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\WINDOWS\System32\alg.exe[3416] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003101F8 .text D:\WINDOWS\System32\alg.exe[3416] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\WINDOWS\System32\alg.exe[3416] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003103FC .text D:\WINDOWS\System32\alg.exe[3416] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] ---- User IAT/EAT - GMER 1.0.15 ---- IAT D:\Program Files\AVAST Software\Avast\avastUI.exe[692] @ D:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] D:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT D:\WINDOWS\system32\services.exe[948] @ D:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003E0002 IAT D:\WINDOWS\system32\services.exe[948] @ D:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003E0000 IAT D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1788] @ D:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] D:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\user32.dll [KERNEL32.dll!CreateThread] [023B1DB0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\user32.dll [KERNEL32.dll!GetProcAddress] [023AEDA0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [023AEDA0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetVolumeInformationW] [023A7409] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [023B1DB0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [023AEDA0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [023AEDA0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [023B1DB0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [023AEDA0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [023AEDA0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [023B1DB0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\psapi.dll [KERNEL32.dll!GetProcAddress] [023AEDA0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [023AEDA0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!CreateThread] [023B1DB0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [023B1DB0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [023AEDA0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [023AEDA0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [023AEDA0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [023B1DB0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\ole32.dll [USER32.dll!SendMessageW] [023A76C1] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [023AEDA0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [023B1DB0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetVolumeInformationW] [023A7409] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\shell32.dll [USER32.dll!SendMessageA] [023A7556] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\shell32.dll [USER32.dll!SendMessageW] [023A76C1] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [023B1DB0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [023AEDA0] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SendMessageW] [023A76C1] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) IAT D:\Program Files\FIFA 13\Game\fifa13.exe[2088] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SendMessageA] [023A7556] D:\Program Files\FIFA 13\Game\fifa13.exe (FIFA 13/Electronic Arts) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- EOF - GMER 1.0.15 ----

OTL.txt:

Kod: Zaznacz wszystko: OTL logfile created on: 2012-11-22 10:24:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\Mik\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,25 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 71,50% Memory free 5,09 Gb Paging File | 4,32 Gb Available in Paging File | 84,76% Paging File free Paging file location(s): D:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 68,36 Gb Total Space | 2,60 Gb Free Space | 3,81% Space Free | Partition Type: NTFS Drive D: | 292,97 Gb Total Space | 23,98 Gb Free Space | 8,18% Space Free | Partition Type: NTFS Drive E: | 75,13 Gb Total Space | 11,77 Gb Free Space | 15,66% Space Free | Partition Type: NTFS Computer Name: M | User Name: Mik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-11-22 06:19:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Mik\Pulpit\OTL.exe PRC - [2012-11-22 03:32:01 | 000,878,480 | ---- | M] (Opera Software) -- D:\Program Files\Opera\opera.exe PRC - [2012-10-30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012-10-30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012-09-14 12:14:54 | 001,771,008 | ---- | M] (Peter Pawlowski) -- D:\Program Files\foobar2000\foobar2000.exe PRC - [2012-08-29 11:37:30 | 008,197,120 | ---- | M] () -- D:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe PRC - [2012-06-19 12:36:30 | 002,129,408 | ---- | M] (K2T.eu, Kaworu) -- D:\Program Files\K2T\WTW\wtw.exe PRC - [2008-04-15 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe PRC - [2003-12-15 19:42:24 | 000,720,896 | ---- | M] () -- D:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-11-22 03:32:18 | 000,312,832 | ---- | M] () -- D:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2012-11-22 03:32:18 | 000,158,208 | ---- | M] () -- D:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2012-11-22 03:32:18 | 000,101,888 | ---- | M] () -- D:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2012-11-22 03:32:18 | 000,096,256 | ---- | M] () -- D:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2012-11-22 03:32:18 | 000,094,208 | ---- | M] () -- D:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2012-11-22 03:32:18 | 000,073,728 | ---- | M] () -- D:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2012-11-22 03:32:18 | 000,067,072 | ---- | M] () -- D:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2012-11-22 03:32:18 | 000,062,976 | ---- | M] () -- D:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2012-11-22 03:32:18 | 000,057,344 | ---- | M] () -- D:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2012-11-22 03:32:18 | 000,038,912 | ---- | M] () -- D:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2012-11-22 03:32:17 | 000,835,584 | ---- | M] () -- D:\Program Files\Opera\gstreamer\gstreamer.dll MOD - [2012-11-22 03:32:17 | 000,093,696 | ---- | M] () -- D:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2012-11-21 23:10:44 | 002,032,640 | ---- | M] () -- D:\Program Files\AVAST Software\Avast\defs\12112101\algo.dll MOD - [2012-09-14 12:13:32 | 001,632,256 | ---- | M] () -- D:\Program Files\foobar2000\components\foo_input_std.dll MOD - [2012-09-14 12:13:32 | 000,359,936 | ---- | M] () -- D:\Program Files\foobar2000\components\foo_albumlist.dll MOD - [2012-09-14 12:13:28 | 000,278,528 | ---- | M] () -- D:\Program Files\foobar2000\components\foo_dsp_std.dll MOD - [2012-09-14 12:13:10 | 000,915,968 | ---- | M] () -- D:\Program Files\foobar2000\components\foo_ui_std.dll MOD - [2012-09-14 12:13:08 | 000,303,616 | ---- | M] () -- D:\Program Files\foobar2000\components\foo_cdda.dll MOD - [2012-09-14 12:12:50 | 000,287,744 | ---- | M] () -- D:\Program Files\foobar2000\components\foo_rgscan.dll MOD - [2012-09-14 12:12:44 | 000,491,008 | ---- | M] () -- D:\Program Files\foobar2000\components\foo_converter.dll MOD - [2012-09-14 12:11:24 | 000,150,016 | ---- | M] () -- D:\Program Files\foobar2000\shared.dll MOD - [2012-08-29 11:37:30 | 008,197,120 | ---- | M] () -- D:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe MOD - [2012-07-30 20:26:44 | 000,061,952 | ---- | M] () -- d:\Documents and Settings\Mik\Dane aplikacji\.wtw\profiles\giermo\Plugins32\sounds.plug MOD - [2012-06-19 12:33:08 | 000,082,432 | ---- | M] () -- D:\Program Files\K2T\WTW\libWTW.module MOD - [2012-06-19 12:32:56 | 000,375,808 | ---- | M] () -- D:\Program Files\K2T\WTW\libSQ3.module MOD - [2012-06-19 12:32:48 | 000,018,944 | ---- | M] () -- D:\Program Files\K2T\WTW\libCryptoLayer.module MOD - [2012-06-19 12:32:46 | 000,081,920 | ---- | M] () -- D:\Program Files\K2T\WTW\libCryptoWtw.module MOD - [2012-06-19 12:32:24 | 000,293,888 | ---- | M] () -- D:\Program Files\K2T\WTW\libLexer.module MOD - [2012-06-19 12:32:22 | 000,334,848 | ---- | M] () -- D:\Program Files\K2T\WTW\libImage.module MOD - [2012-06-19 12:32:01 | 000,107,008 | ---- | M] () -- D:\Program Files\K2T\WTW\libExpat.module MOD - [2012-06-19 12:31:58 | 000,078,848 | ---- | M] () -- D:\Program Files\K2T\WTW\libZlib.module MOD - [2012-01-08 14:41:12 | 000,093,696 | ---- | M] () -- D:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011-03-16 23:11:16 | 004,297,568 | ---- | M] () -- D:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010-04-21 13:48:00 | 000,066,560 | ---- | M] () -- D:\Program Files\foobar2000\zlib1.dll MOD - [2009-02-27 18:04:20 | 000,311,296 | ---- | M] () -- D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL MOD - [2008-04-15 13:00:00 | 000,014,336 | ---- | M] () -- D:\WINDOWS\system32\msdmo.dll MOD - [2003-12-15 19:42:24 | 000,720,896 | ---- | M] () -- D:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe MOD - [2003-07-24 15:31:20 | 000,114,688 | ---- | M] () -- D:\WINDOWS\system32\WakeResDll.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2012-11-20 07:16:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-10-30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012-10-03 08:52:06 | 000,077,312 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- D:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe -- (Tomcat7) SRV - [2012-09-07 06:10:25 | 000,161,768 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- D:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012-08-29 11:37:30 | 008,197,120 | ---- | M] () [Auto | Running] -- D:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL) SRV - [2012-07-19 17:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [Disabled | Stopped] -- D:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2012-07-13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-01-25 07:47:04 | 008,176,640 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe -- (wampmysqld) SRV - [2011-09-26 06:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache) SRV - [2010-12-27 22:50:30 | 031,124,344 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010-02-19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- D:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-11-06 13:29:22 | 001,141,712 | ---- | M] (PC Tools) [Disabled | Stopped] -- D:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2009-10-30 10:18:16 | 000,359,624 | ---- | M] (PC Tools) [Disabled | Stopped] -- D:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2009-04-30 10:23:26 | 000,090,112 | ---- | M] () [Disabled | Stopped] -- D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Disabled | Stopped] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Unknown] -- D:\DOCUME~1\Mik\USTAWI~1\Temp\pxtdypow.sys -- (pxtdypow) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- F:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\DOCUME~1\Mik\USTAWI~1\Temp\catchme.sys -- (catchme) DRV - [2012-10-30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- D:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012-10-30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012-10-30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012-10-30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012-10-30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012-10-30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012-10-30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- D:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012-06-05 15:33:00 | 000,158,552 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2012-06-05 15:33:00 | 000,116,056 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2012-06-05 15:33:00 | 000,104,792 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2012-06-05 15:33:00 | 000,091,992 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2011-03-18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- D:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2009-11-09 10:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2009-09-16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\tap0901t.sys -- (tap0901t) DRV - [2008-02-14 10:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2008-01-03 15:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2005-06-13 09:08:36 | 000,085,664 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex) DRV - [2005-06-13 09:06:58 | 000,087,792 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt) DRV - [2005-06-13 09:05:16 | 000,096,224 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm) DRV - [2005-06-13 09:05:08 | 000,009,264 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl) DRV - [2005-06-13 09:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) DRV - [2003-11-10 13:11:26 | 000,183,680 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\RTL8180.sys -- (rtl8180) DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\system32\giveio.sys -- (giveio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-823518204-484061587-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons: %7B9c51bd27-6ed8-4000-a2bf-36cb95c0c947%7D:11.0.1 FF - prefs.js..extensions.enabledAddons: yslow%40yahoo-inc.com:3.1.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 8080 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: D:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: d:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Documents and Settings\Mik\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Documents and Settings\Mik\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: D:\Documents and Settings\Mik\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: D:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-20 23:15:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012-11-21 01:22:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012-10-11 20:10:30 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Mik\Dane aplikacji\Mozilla\Extensions [2012-11-22 02:51:45 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Mik\Dane aplikacji\Mozilla\Firefox\Profiles\k4172jyw.default\extensions [2012-11-22 02:51:45 | 002,042,908 | ---- | M] () (No name found) -- D:\Documents and Settings\Mik\Dane aplikacji\Mozilla\Firefox\Profiles\k4172jyw.default\extensions\firebug@software.joehewitt.com.xpi [2012-11-22 02:50:41 | 000,200,692 | ---- | M] () (No name found) -- D:\Documents and Settings\Mik\Dane aplikacji\Mozilla\Firefox\Profiles\k4172jyw.default\extensions\yslow@yahoo-inc.com.xpi [2012-10-11 20:12:19 | 000,080,872 | ---- | M] () (No name found) -- D:\Documents and Settings\Mik\Dane aplikacji\Mozilla\Firefox\Profiles\k4172jyw.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2012-11-21 01:22:37 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions [2012-11-20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll [2012-11-20 09:04:07 | 000,002,767 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-11-20 09:04:08 | 000,001,406 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-11-20 09:04:08 | 000,000,917 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-11-20 09:04:07 | 000,000,858 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-11-20 09:04:07 | 000,001,183 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-11-20 09:04:07 | 000,001,683 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = D:\Documents and Settings\Mik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = D:\Documents and Settings\Mik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = D:\Documents and Settings\Mik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Documents and Settings\Mik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = D:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = D:\Documents and Settings\Mik\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = D:\WINDOWS\system32\npDeployJava1.dll CHR - plugin: VLC Web Plugin (Enabled) = D:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Silverlight Plug-In (Enabled) = d:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll O1 HOSTS File: ([2012-11-20 02:56:00 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-823518204-484061587-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - Startup: D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\RtlWake.lnk = D:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe () O4 - Startup: D:\Documents and Settings\Mik\Menu Start\Programy\Autostart\WTW.lnk = D:\Program Files\K2T\WTW\wtw.exe (K2T.eu, Kaworu) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-823518204-484061587-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-823518204-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-823518204-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-823518204-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Wyślij &do programu OneNote - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 188.122.20.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6C49B4B-6C76-465E-9533-BEF0ABA664D0}: DhcpNameServer = 8.8.8.8 188.122.20.62 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: D:\Documents and Settings\Mik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: D:\Documents and Settings\Mik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-12-01 21:17:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-11-22 06:19:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Mik\Pulpit\OTL.exe [2012-11-21 20:00:39 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Mik\Recent [2012-11-21 16:42:37 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mik\Pulpit\apache-jmeter-2.8 [2012-11-21 01:23:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mik\Moje dokumenty\Pobieranie [2012-11-21 00:39:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mik\Pulpit\sem7 [2012-11-20 18:06:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mik\Dane aplikacji\MySQL [2012-11-20 18:05:37 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Start\Programy\MySQL [2012-11-20 18:02:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mik\Menu Start\Programy\MySQL [2012-11-20 18:01:47 | 000,000,000 | ---D | C] -- D:\Program Files\MySQL [2012-11-20 18:01:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\MySQL [2012-11-20 17:55:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mik\Menu Start\Programy\Apache Tomcat 7.0 Tomcat7 [2012-11-20 17:55:40 | 000,000,000 | ---D | C] -- D:\Program Files\Apache Software Foundation [2012-11-20 03:38:57 | 000,000,000 | -HSD | C] -- D:\RECYCLER [2012-11-20 02:50:26 | 000,060,416 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe [2012-11-20 02:50:25 | 000,518,144 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe [2012-11-20 02:50:25 | 000,406,528 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe [2012-11-20 02:50:25 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe [2012-11-20 02:48:37 | 000,000,000 | ---D | C] -- D:\Qoobox [2012-11-20 02:48:13 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Mik\Menu Start\Programy\Narzędzia administracyjne [2012-11-20 02:47:31 | 000,000,000 | ---D | C] -- D:\WINDOWS\erdnt [2012-11-20 02:42:19 | 000,000,000 | ---D | C] -- D:\Program Files\Trend Micro [2012-11-20 02:42:19 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mik\Menu Start\Programy\HiJackThis [2012-11-12 23:29:33 | 000,000,000 | ---D | C] -- D:\Program Files\RaymanForever [2012-11-08 22:07:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mik\Ustawienia lokalne\Dane aplikacji\DOSBox [2012-11-08 11:35:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mik\Moje dokumenty\Kopia FIFA 13 [2012-11-05 14:30:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mik\Dane aplikacji\Subversion [2012-11-05 14:30:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mik\Dane aplikacji\SQL Developer [2012-11-05 14:23:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mik\Oracle [2012-11-05 11:46:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mik\Moje dokumenty\NFS Most Wanted [2012-11-05 11:43:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Start\Programy\EA GAMES [2012-11-05 11:40:19 | 000,000,000 | ---D | C] -- D:\Program Files\EA GAMES [2012-10-25 19:04:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mik\Ustawienia lokalne\Dane aplikacji\Rockstar Games [2012-10-25 18:13:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mik\Moje dokumenty\Rockstar Games [2012-10-25 18:07:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dokumenty\microsoft [2012-10-25 18:02:04 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\xlive [2012-10-25 18:02:03 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Games for Windows - LIVE [2012-10-25 17:43:52 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\XPSViewer [2012-10-25 17:43:21 | 000,000,000 | ---D | C] -- D:\Program Files\Reference Assemblies [2012-10-25 17:43:04 | 000,014,048 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\spmsg2.dll [2012-10-25 17:42:12 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Start\Programy\Rockstar Games [2012-10-25 17:42:09 | 000,000,000 | ---D | C] -- D:\Program Files\Rockstar Games [2012-10-23 22:40:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Start\Programy\Fifa Master 12 [2012-10-23 22:40:34 | 000,000,000 | ---D | C] -- D:\Program Files\Fifa Master [5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ] [1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-11-22 10:06:00 | 000,001,124 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-484061587-1801674531-1003UA.job [2012-11-22 06:20:13 | 000,302,592 | ---- | M] () -- D:\Documents and Settings\Mik\Pulpit\gw2fzp4e.exe [2012-11-22 06:19:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Mik\Pulpit\OTL.exe [2012-11-22 05:40:40 | 000,000,292 | ---- | M] () -- D:\WINDOWS\tasks\AutoKMS.job [2012-11-22 05:40:29 | 000,151,552 | ---- | M] () -- D:\WINDOWS\KMSEmulator.exe [2012-11-22 05:39:45 | 000,000,316 | -H-- | M] () -- D:\WINDOWS\tasks\avast! Emergency Update.job [2012-11-22 05:39:38 | 000,013,646 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2012-11-22 05:39:35 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2012-11-22 03:08:33 | 000,844,615 | ---- | M] () -- D:\Documents and Settings\Mik\Moje dokumenty\nowa Rekonfigurowalność e-systemów.pdf [2012-11-22 01:54:55 | 000,213,454 | ---- | M] () -- D:\graf.csv [2012-11-22 00:11:06 | 000,032,039 | ---- | M] () -- D:\Documents and Settings\Mik\Pulpit\Graph Results.png [2012-11-21 18:57:44 | 000,053,076 | ---- | M] () -- D:\Documents and Settings\Mik\Pulpit\test.jmx [2012-11-21 01:22:41 | 000,000,724 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2012-11-20 23:15:49 | 000,002,644 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT [2012-11-20 23:05:52 | 003,628,256 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT [2012-11-20 02:56:00 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts [2012-11-20 02:42:29 | 000,002,439 | ---- | M] () -- D:\Documents and Settings\Mik\Pulpit\HiJackThis.lnk [2012-11-20 02:11:28 | 000,552,408 | ---- | M] () -- D:\WINDOWS\System32\perfh015.dat [2012-11-20 02:11:28 | 000,491,248 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat [2012-11-20 02:11:28 | 000,104,042 | ---- | M] () -- D:\WINDOWS\System32\perfc015.dat [2012-11-20 02:11:28 | 000,083,602 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat [2012-11-09 20:08:18 | 000,002,286 | ---- | M] () -- D:\Documents and Settings\Mik\Pulpit\Google Chrome.lnk [2012-11-09 11:06:03 | 000,001,072 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-484061587-1801674531-1003Core.job [2012-11-08 22:19:26 | 000,000,000 | ---- | M] () -- D:\WINDOWS\MAPPER.INI [2012-11-05 11:43:37 | 000,001,822 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Need for Speed™ Most Wanted.lnk [2012-10-31 01:44:32 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat [2012-10-30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswSnx.sys [2012-10-30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswSP.sys [2012-10-30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys [2012-10-30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys [2012-10-30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys [2012-10-30 23:51:57 | 000,089,752 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswmon.sys [2012-10-30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys [2012-10-30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys [2012-10-30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- D:\WINDOWS\avastSS.scr [2012-10-30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\aswBoot.exe [2012-10-29 22:41:07 | 001,075,584 | ---- | M] () -- D:\WINDOWS\System32\nvdrsdb1.bin [2012-10-29 22:41:07 | 000,000,001 | ---- | M] () -- D:\WINDOWS\System32\nvdrssel.bin [2012-10-29 22:41:04 | 001,075,584 | ---- | M] () -- D:\WINDOWS\System32\nvdrsdb0.bin [2012-10-25 23:34:54 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS\System32\FlashPlayerApp.exe [2012-10-25 23:34:54 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012-10-25 18:04:44 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- D:\WINDOWS\System32\CmdLineExt.dll [2012-10-25 17:42:09 | 000,001,733 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Rockstar Games Social Club.lnk [2012-10-25 00:29:00 | 000,313,484 | ---- | M] () -- D:\Documents and Settings\Mik\Moje dokumenty\Rekonfigurowalność e-systemów.pdf [2012-10-23 22:47:56 | 000,000,740 | ---- | M] () -- D:\Documents and Settings\Mik\Pulpit\fifa13.lnk [2012-10-23 16:13:08 | 000,000,784 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk [5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ] [1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-11-22 06:20:13 | 000,302,592 | ---- | C] () -- D:\Documents and Settings\Mik\Pulpit\gw2fzp4e.exe [2012-11-22 03:08:30 | 000,844,615 | ---- | C] () -- D:\Documents and Settings\Mik\Moje dokumenty\nowa Rekonfigurowalność e-systemów.pdf [2012-11-22 01:54:27 | 000,213,454 | ---- | C] () -- D:\graf.csv [2012-11-21 17:31:12 | 000,032,039 | ---- | C] () -- D:\Documents and Settings\Mik\Pulpit\Graph Results.png [2012-11-21 02:13:25 | 000,053,076 | ---- | C] () -- D:\Documents and Settings\Mik\Pulpit\test.jmx [2012-11-20 02:50:26 | 000,208,896 | ---- | C] () -- D:\WINDOWS\MBR.exe [2012-11-20 02:50:25 | 000,256,000 | ---- | C] () -- D:\WINDOWS\PEV.exe [2012-11-20 02:50:25 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe [2012-11-20 02:50:25 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe [2012-11-20 02:50:25 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe [2012-11-20 02:42:20 | 000,002,439 | ---- | C] () -- D:\Documents and Settings\Mik\Pulpit\HiJackThis.lnk [2012-11-08 22:19:26 | 000,000,000 | ---- | C] () -- D:\WINDOWS\MAPPER.INI [2012-11-05 11:43:37 | 000,001,822 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\Need for Speed™ Most Wanted.lnk [2012-10-25 18:24:55 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat [2012-10-25 17:45:52 | 002,207,720 | ---- | C] () -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2012-10-25 17:42:09 | 000,001,733 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\Rockstar Games Social Club.lnk [2012-10-25 00:14:17 | 000,313,484 | ---- | C] () -- D:\Documents and Settings\Mik\Moje dokumenty\Rekonfigurowalność e-systemów.pdf [2012-10-23 22:47:56 | 000,000,740 | ---- | C] () -- D:\Documents and Settings\Mik\Pulpit\fifa13.lnk [2012-10-16 22:10:27 | 000,000,022 | -HS- | C] () -- D:\Documents and Settings\Mik\Dane aplikacji\Windows1569_SettingsRepository.bin [2012-10-16 22:10:27 | 000,000,022 | -HS- | C] () -- D:\WINDOWS\90C7D912BE2316.sys [2012-10-15 14:20:25 | 000,000,227 | ---- | C] () -- D:\WINDOWS\PowerReg.dat [2012-10-15 14:20:24 | 000,045,568 | ---- | C] () -- D:\WINDOWS\UniFish3.exe [2012-10-09 22:31:23 | 000,000,032 | ---- | C] () -- D:\WINDOWS\CD_Start.INI [2012-09-12 17:58:19 | 000,114,688 | ---- | C] () -- D:\WINDOWS\System32\WakeResDll.dll [2012-09-12 17:58:19 | 000,110,592 | ---- | C] () -- D:\WINDOWS\System32\EnumDevLib.dll [2012-08-28 22:17:57 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\Access.dat [2012-08-06 19:16:23 | 003,596,941 | ---- | C] () -- D:\Documents and Settings\Mik\FIFACrashDump_CL942004_2012.08.06_18.16.23.dmp [2012-08-03 23:06:58 | 003,596,941 | ---- | C] () -- D:\Documents and Settings\Mik\FIFACrashDump_CL942004_2012.08.03_22.06.58.dmp [2012-08-01 09:08:05 | 003,596,941 | ---- | C] () -- D:\Documents and Settings\Mik\FIFACrashDump_CL942004_2012.08.01_08.08.05.dmp [2012-07-31 00:56:01 | 000,151,552 | ---- | C] () -- D:\WINDOWS\KMSEmulator.exe [2012-07-30 21:25:43 | 000,004,293 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI [2012-07-30 21:23:04 | 003,628,256 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT [2012-07-30 19:56:10 | 000,178,688 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll [2012-07-30 19:45:51 | 000,049,152 | R--- | C] () -- D:\WINDOWS\System32\ChCfg.exe [2012-07-30 19:38:01 | 001,075,584 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb1.bin [2012-07-30 19:38:01 | 001,075,584 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb0.bin [2012-07-30 19:38:01 | 000,000,001 | ---- | C] () -- D:\WINDOWS\System32\nvdrssel.bin [2012-07-30 19:37:53 | 002,807,708 | ---- | C] () -- D:\WINDOWS\System32\nvdata.data [2012-07-30 19:35:03 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat [2012-07-30 19:31:15 | 000,021,856 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2012-07-30 22:31:12 | 000,000,227 | RHS- | M] () -- D:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-15 13:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2008-04-15 13:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008-04-15 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2012-08-13 22:53:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\.mono [2012-10-03 23:12:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\ashampoo [2012-09-04 11:02:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Ask [2012-07-30 20:01:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2012-08-29 18:22:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\BVRP Software [2012-08-21 21:13:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Codemasters [2012-07-30 20:59:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2012-09-19 14:03:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\KONAMI [2012-11-20 18:01:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\MySQL [2012-10-02 21:30:38 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\regid.1986-12.com.adobe [2012-08-28 22:20:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Tunngle [2012-07-31 00:58:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Dane aplikacji\Softland [2012-08-13 22:53:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\.mono [2012-09-29 18:45:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\.Torrent Stream [2012-07-30 20:12:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\.wtw [2012-11-20 02:09:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\AIMP3 [2012-10-03 23:17:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\Ashampoo [2012-10-10 18:23:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\BESTplayer [2012-11-22 02:04:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\DAEMON Tools Lite [2012-09-24 00:17:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\FileZilla [2012-11-22 05:40:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\foobar2000 [2012-08-25 20:55:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\Mumble [2012-11-20 18:06:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\MySQL [2012-07-30 23:04:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\NapiProjekt [2012-09-07 17:52:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\Notepad++ [2012-07-30 19:41:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\Opera [2012-08-08 17:59:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\Oracle [2012-07-31 00:58:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\Softland [2012-08-25 20:45:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\Soldat [2012-11-05 14:30:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\SQL Developer [2012-11-05 14:30:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\Subversion [2012-08-28 23:07:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\Tunngle [2012-08-13 23:03:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\Unity [2012-11-22 03:19:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mik\Dane aplikacji\uTorrent [color=#E56717]========== Purity Check ==========[/color] < End of report >

Extras.txt:

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2012-11-22 10:24:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\Mik\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,25 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 71,50% Memory free 5,09 Gb Paging File | 4,32 Gb Available in Paging File | 84,76% Paging File free Paging file location(s): D:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 68,36 Gb Total Space | 2,60 Gb Free Space | 3,81% Space Free | Partition Type: NTFS Drive D: | 292,97 Gb Total Space | 23,98 Gb Free Space | 8,18% Space Free | Partition Type: NTFS Drive E: | 75,13 Gb Total Space | 11,77 Gb Free Space | 15,66% Space Free | Partition Type: NTFS Computer Name: M | User Name: Mik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- D:\Program Files\Opera\Opera.exe (Opera Software) .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-823518204-484061587-1801674531-1003\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- D:\Program Files\Opera\Opera.exe (Opera Software) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. https [open] -- "D:\Program Files\Opera\Opera.exe" "%1" (Opera Software) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "D:\Program Files\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "D:\Program Files\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "D:\Program Files\Opera\opera.exe" = D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "D:\Program Files\K2T\WTW\wtw.exe" = D:\Program Files\K2T\WTW\wtw.exe:*:Enabled:WTW Instant Messenger -- (K2T.eu, Kaworu) "D:\Program Files\FIFA 12\Game\fifa.exe" = D:\Program Files\FIFA 12\Game\fifa.exe:*:Disabled:FIFA 12 -- (Electronic Arts) "D:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = D:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "D:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = D:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation) "D:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = D:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "D:\Program Files\SopCast\SopCast.exe" = D:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com) "D:\Program Files\Codemasters\GRID\GRID.exe" = D:\Program Files\Codemasters\GRID\GRID.exe:*:Enabled:GRID -- (Codemasters) "D:\Soldat\Soldat.exe" = D:\Soldat\Soldat.exe:*:Enabled:http://soldat.pl "D:\Program Files\Skype\Phone\Skype.exe" = D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "D:\Documents and Settings\Mik\Pulpit\ghost recon\GhostRecon.exe" = D:\Documents and Settings\Mik\Pulpit\ghost recon\GhostRecon.exe:*:Enabled:GhostRecon -- () "D:\Program Files\Tunngle\TnglCtrl.exe" = D:\Program Files\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH) "D:\Program Files\Tunngle\Tunngle.exe" = D:\Program Files\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH) "C:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe" = C:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation) "D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" = D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe:*:Enabled:Sony Ericsson PC Suite -- (Sony Ericsson Mobile Communications AB) "D:\Program Files\KONAMI\Pro Evolution Soccer 2013\pes2013.exe" = D:\Program Files\KONAMI\Pro Evolution Soccer 2013\pes2013.exe:*:Enabled:Pro Evolution Soccer 2013 -- (Konami Digital Entertainment Co., Ltd.) "D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "D:\Documents and Settings\Mik\Pulpit\Q3Ademo\quake3.exe" = D:\Documents and Settings\Mik\Pulpit\Q3Ademo\quake3.exe:*:Enabled:quake3 -- () "D:\Documents and Settings\Mik\Pulpit\Folder\uTorrent 3 Portable\uTorrent.exe" = D:\Documents and Settings\Mik\Pulpit\Folder\uTorrent 3 Portable\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "D:\Program Files\FIFA 13\Game\fifa13.exe" = D:\Program Files\FIFA 13\Game\fifa13.exe:*:Disabled:FIFA 13 -- (Electronic Arts) "D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.) "D:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = D:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.) "D:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = D:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG) "D:\Program Files\RaymanForever\Rayman\RAYMAN.EXE" = D:\Program Files\RaymanForever\Rayman\RAYMAN.EXE:*:Enabled:RAYMAN.EXE -- () "D:\WINDOWS\system32\java.exe" = D:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0 "{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2 "{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}" = Komunikator WTW 0.9.10.3377 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23C3EF87-AD08-4F76-982D-1AE137485F08}" = MySQL Workbench 5.2 CE "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{2FFE93F0-\Documents and Settings\Mik\Dane aplikacji\AIMP3 BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00 "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable "{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID "{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{6B714273-F9B5-4C11-A920-F06FC5B4DA80}" = Rollercoaster Tycoon 2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 14 "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010 "{90140000-0015-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010 "{90140000-0016-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010 "{90140000-0018-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010 "{90140000-0019-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010 "{90140000-001A-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010 "{90140000-001B-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010 "{90140000-001F-0415-0000-0000000FF1CE}_Office14.PROPLUS_{1D751709-BA6C-49E2-844B-4F4F20F410C9}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010 "{90140000-002C-0415-0000-0000000FF1CE}_Office14.PROPLUS_{6606F321-8216-466E-981E-B75A14C46894}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010 "{90140000-0044-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010 "{90140000-006E-0415-0000-0000000FF1CE}_Office14.PROPLUS_{6AF8887A-72F7-4FA0-ABE4-396172B64550}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010 "{90140000-00A1-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010 "{90140000-00BA-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted "{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.1 - Polish "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B41F5ED6-4D67-4FAA-B787-D5DF1DD0EC80}" = REALTEK RTL8180 Wireless LAN Driver and Utility "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013 "{D3F9003B-7D17-4317-B61B-0694FF5333F8}" = Oracle VM VirtualBox 4.1.18 "{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FFD35D1F-F7C8-47AE-AF3E-E569F025CD7D}" = MySQL Server 5.5 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AIMP3" = AIMP3 "Apache Tomcat 7.0 Tomcat7" = Apache Tomcat 7.0 Tomcat7 (remove only) "Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v10.0.15 "avast" = avast! Free Antivirus "CCleaner" = CCleaner "doPDF 7 printer_is1" = doPDF 7.3 printer "FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1 "File Master 12_is1" = File Master 12 Beta 1 "FileZilla Client" = FileZilla Client 3.5.3 "foobar2000" = foobar2000 v1.1.15 "Gordon's Gate Flash Driver" = Gordon's Gate Flash Driver 2.2.0.3 "HashTab Shell Extension" = HashTab Shell Extension 1.10 for x32 "jv16 PowerTools 2011" = jv16 PowerTools 2012 "KLiteCodecPack_is1" = K-Lite Codec Pack 9.1.0 (Full) "Łatka polonizacyjna GTA IV v1.0" = Łatka polonizacyjna GTA IV v1.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.65.1.1000 "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "Miczelov Touge Mod [MTM] 0.9.8 beta 7 LITE" = Miczelov Touge Mod [MTM] 0.9.8 beta 7 LITE "Mozilla Firefox 17.0 (x86 pl)" = Mozilla Firefox 17.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NapiProjekt_is1" = NapiProjekt 2.0.0 (build 2151) "Notepad++" = Notepad++ "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "OpenAL" = OpenAL "Opera 12.11.1661" = Opera 12.11 "Rayman: Forever (c) Ubisoft_is1" = Rayman: Forever (c) Ubisoft "RollerCoaster Tycoon Setup" = Roll "Sony Ericsson W800" = Sony Ericsson W800 Software "SopCast" = SopCast 3.5.0 "SpeedFan" = SpeedFan (remove only) "Spyware Doctor" = Spyware Doctor 7.0 "SubEdit-Player_is1" = SubEdit-Player "Tunngle beta_is1" = Tunngle beta "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.3 "WampServer 2_is1" = WampServer 2.2 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = WinRAR 4.20 (32-bitowy) "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-823518204-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "UnityWebPlayer" = Unity Web Player [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-11-19 21:54:43 | Computer Name = M | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: Nie można określić nazwy serwera lub adresu [ System Events ] Error - 2012-11-19 20:22:58 | Computer Name = M | Source = Service Control Manager | ID = 7034 Description = Usługa OracleXETNSListener niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2012-11-19 21:26:29 | Computer Name = M | Source = Service Control Manager | ID = 7034 Description = Usługa Office Software Protection Platform niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2012-11-21 10:21:13 | Computer Name = M | Source = W32Time | ID = 39452689 Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera DNS ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji, wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751) Error - 2012-11-21 10:21:13 | Computer Name = M | Source = W32Time | ID = 39452701 Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne. Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego czasu. Error - 2012-11-21 10:21:28 | Computer Name = M | Source = W32Time | ID = 39452689 Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera DNS ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji, wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751) Error - 2012-11-21 10:21:28 | Computer Name = M | Source = W32Time | ID = 39452701 Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne. Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego czasu. Error - 2012-11-21 10:27:44 | Computer Name = M | Source = W32Time | ID = 39452689 Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera DNS ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji, wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751) Error - 2012-11-21 10:27:44 | Computer Name = M | Source = W32Time | ID = 39452701 Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne. Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego czasu. Error - 2012-11-21 10:29:15 | Computer Name = M | Source = W32Time | ID = 39452689 Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera DNS ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji, wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751) Error - 2012-11-21 10:29:15 | Computer Name = M | Source = W32Time | ID = 39452701 Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne. Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego czasu. < End of report >

**Posty:** 18165 · przez **wojtas** 22 Lis 2012, 22:27

odinstaluj:
Mozilla Maintenance Service

zaktualizuj:
>>> Avast 7 (odinstaluj starszą wersję i zainstaluj nową)

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* wykonaj kroki finalizujące temat