Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3900: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3902: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3903: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3904: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
Tdss.d!mem - prosba o pomoc • programosy.pl
Aktualizacje na programosy.pl: PotPlayerProgDVBMicrosoft Safety ScannerKaspersky Virus Removal ToolDr.WEB CureIt!Visual Studio CodeXYplorerWebSite-WatcherSoftware Ideas Modeler Standard Portable  

  • Ogłoszenie:

Tdss.d!mem - prosba o pomoc

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

Tdss.d!mem - prosba o pomoc

Postprzez magdat 13 Maj 2011, 23:21

reklama
Witam,
od kilku dni przy wlaczaniu komputera musze czekac prawie 15 min zanim zaloguje sie Windows. Po przeskanwaniu McAfee'm pokazal mi, ze zostal wykryty wirus tdss.d!mem. NIe wiem co dalej robic - McAffee nie chce go usunac. Prosba o pomoc.

Dodano Dzisiaj, 23:48:
Kod: Zaznacz wszystko
OTL logfile created on: 2011-05-13 23:38:05 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\Magda\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 022,00 Mb Total Physical Memory | 328,00 Mb Available Physical Memory | 32,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 6,40 Gb Free Space | 32,75% Space Free | Partition Type: NTFS
Drive D: | 92,25 Gb Total Space | 65,95 Gb Free Space | 71,50% Space Free | Partition Type: NTFS

Computer Name: MADZIA | User Name: Magda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-05-13 23:37:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Magda\Pulpit\OTL.exe
PRC - [2011-05-09 01:04:45 | 000,128,000 | ---- | M] () -- C:\Program Files\updater.exe
PRC - [2011-04-14 18:59:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-04-14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011-04-14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011-04-14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011-04-05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009-03-05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-01-02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005-10-28 16:25:44 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011-05-13 23:37:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Magda\Pulpit\OTL.exe
MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] --  -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011-04-14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011-04-14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011-04-14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010-10-07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010-04-27 13:43:48 | 000,611,840 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-04-14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011-04-14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011-04-14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011-04-14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011-04-14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011-04-14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011-04-14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011-04-14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011-04-14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011-04-14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010-02-27 18:00:55 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2010-02-27 17:45:19 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-02-26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010-02-26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010-02-26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010-02-26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010-02-11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-04-13 20:40:50 | 000,149,376 | ---- | M] (M-Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tffsport.sys -- (tffsport)
DRV - [2006-10-12 10:52:04 | 004,387,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-05-23 23:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006-03-18 04:24:59 | 000,026,844 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005-09-30 12:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1614895754-515967899-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKU\S-1-5-21-1614895754-515967899-839522115-1004\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1614895754-515967899-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011-05-04 19:45:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-05-13 22:32:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-05-08 21:05:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010-02-27 17:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Extensions
[2011-05-04 19:51:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Firefox\Profiles\a8cy9ez8.default\extensions
[2010-04-28 22:28:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Firefox\Profiles\a8cy9ez8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-11-04 19:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Firefox\Profiles\a8cy9ez8.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010-04-17 09:35:23 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Firefox\Profiles\a8cy9ez8.default\searchplugins\askcom.xml
[2011-05-04 23:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-07-20 23:18:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-13 19:17:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-11-01 14:22:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-02-09 22:44:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011-03-06 19:37:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2010-03-01 20:32:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-05-04 19:45:50 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011-04-14 18:59:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011-04-14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010-02-21 12:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2011-02-02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011-03-22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2011-01-24 21:08:06 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2011-05-13 17:19:32 | 000,434,018 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 14939 more lines...
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -  File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {78DB67FF-6109-61E9-4179-572C5A544B95} - C:\WINDOWS\system32\d3dx100_40.dll (OYKmeNfW BSomCS)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110513223249.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [wmupdater] C:\Program Files\updater.exe ()
O4 - HKU\S-1-5-21-1614895754-515967899-839522115-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1614895754-515967899-839522115-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-515967899-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (mghlbpfy.dll) - C:\WINDOWS\System32\mghlbpfy.dll (Vyjpb Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-02-27 16:13:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-05-13 23:36:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Magda\Pulpit\OTL.exe
[2011-05-13 22:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\McAfee
[2011-05-10 21:51:38 | 000,023,040 | ---- | C] (Vyjpb Software) -- C:\WINDOWS\System32\mghlbpfy.dll
[2011-05-10 21:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Dane aplikacji\playmink
[2011-05-09 14:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Dane aplikacji\Meridian93
[2011-05-09 14:19:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Magic Life
[2011-05-08 20:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2011-05-08 20:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Menu Start\Programy\Detektor Winampa
[2011-05-08 20:11:52 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2011-05-08 20:11:52 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2011-05-08 20:11:50 | 000,059,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwma.dll
[2011-04-28 16:35:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2011-04-28 16:35:04 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2011-04-25 10:49:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3023
[2011-04-23 19:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Dane aplikacji\Ph03nixNewMedia
[2011-04-21 22:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Menu Start\Programy\Zuma's Revenge!
[2011-04-21 22:34:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Zuma's Revenge!
[2011-04-21 22:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Zuma's Revenge!
[2011-04-21 22:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Components Installer
[2011-04-21 22:22:36 | 000,209,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Tabctl32.ocx
[2011-04-21 22:22:35 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2011-04-21 22:22:35 | 000,102,400 | ---- | C] (Nelco Software) -- C:\WINDOWS\System32\nslock15vb6.ocx
[2011-04-21 22:22:35 | 000,057,344 | ---- | C] (DMS Solutions, Inc.) -- C:\WINDOWS\System32\DMSXPButton.ocx
[2011-04-21 22:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\www.research-lab.com
[2011-04-21 22:22:31 | 000,796,672 | ---- | C] (Qsc) -- C:\WINDOWS\GPInstall.exe
[2011-04-21 22:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\Temp
[2011-04-21 22:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\Google
[2011-04-21 21:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound
[2011-04-21 21:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Dane aplikacji\NCH Swift Sound
[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-05-13 23:39:36 | 004,347,339 | ---- | M] () -- C:\Documents and Settings\Magda\Pulpit\ComboFix.exe
[2011-05-13 23:37:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Magda\Pulpit\OTL.exe
[2011-05-13 22:49:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011-05-13 22:49:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-05-13 22:33:34 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Magda\Pulpit\skso4bgl.exe
[2011-05-13 17:19:32 | 000,434,018 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-05-13 17:14:12 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Magda\Pulpit\Skrót do Frozen Throne.exe.lnk
[2011-05-13 17:14:06 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Magda\Pulpit\Skrót do Warcraft III.exe.lnk
[2011-05-13 16:53:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-05-11 21:27:55 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\Magda\NTUSER.DAT
[2011-05-11 21:27:55 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Magda\ntuser.ini
[2011-05-11 21:26:37 | 002,106,364 | -H-- | M] () -- C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2011-05-10 21:51:38 | 000,023,040 | ---- | M] (Vyjpb Software) -- C:\WINDOWS\System32\mghlbpfy.dll
[2011-05-09 13:13:58 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Magda\Pulpit\Skrót do MyFarmLife.exe.lnk
[2011-05-09 01:04:45 | 000,128,000 | ---- | M] () -- C:\Program Files\updater.exe
[2011-05-07 16:33:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011-05-05 22:42:16 | 000,433,912 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110513-171932.backup
[2011-05-04 23:01:05 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2011-04-28 18:12:46 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-21 22:35:10 | 000,001,639 | ---- | M] () -- C:\Documents and Settings\Magda\Pulpit\Zuma's Revenge!.lnk
[2011-04-21 22:22:31 | 000,796,672 | ---- | M] (Qsc) -- C:\WINDOWS\GPInstall.exe
[2011-04-21 21:05:12 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-04-19 20:13:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-04-19 20:12:22 | 001,080,644 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011-04-19 20:12:22 | 000,503,756 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2011-04-19 20:12:22 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-04-19 20:12:22 | 000,090,292 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2011-04-19 20:12:22 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-04-14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2011-04-14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2011-04-14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2011-04-14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2011-04-14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2011-04-14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2011-04-14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2011-04-14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2011-04-14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2011-04-14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2011-04-14 14:01:38 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-05-13 23:39:02 | 004,347,339 | ---- | C] () -- C:\Documents and Settings\Magda\Pulpit\ComboFix.exe
[2011-05-13 22:33:33 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Magda\Pulpit\skso4bgl.exe
[2011-05-13 17:14:12 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Magda\Pulpit\Skrót do Frozen Throne.exe.lnk
[2011-05-13 17:14:06 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Magda\Pulpit\Skrót do Warcraft III.exe.lnk
[2011-05-13 17:11:37 | 000,128,000 | ---- | C] () -- C:\Program Files\updater.exe
[2011-05-04 23:01:05 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
[2011-04-21 22:35:10 | 000,001,639 | ---- | C] () -- C:\Documents and Settings\Magda\Pulpit\Zuma's Revenge!.lnk
[2011-03-15 23:50:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Nancy Drew 1 Secrets Can Kill.INI
[2011-02-01 20:53:11 | 000,000,142 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2010-11-11 13:01:29 | 000,001,651 | ---- | C] () -- C:\WINDOWS\System32\netmsmqa.exe
[2010-10-17 16:06:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010-09-05 19:53:34 | 000,000,234 | ---- | C] () -- C:\WINDOWS\Fakturka.ini
[2010-08-22 20:34:09 | 002,106,364 | -H-- | C] () -- C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-08-16 18:44:58 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010-06-29 22:32:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-06-23 15:16:41 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010-06-13 09:00:11 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010-03-13 21:21:05 | 000,000,980 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010-03-07 02:51:10 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-27 18:21:24 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-02-27 18:21:21 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-02-27 18:21:21 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010-02-27 18:10:41 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-02-27 18:00:55 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2010-02-27 17:45:19 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-02-27 17:04:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-02-27 17:02:19 | 001,080,644 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-02-27 17:02:18 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-02-27 17:01:11 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-02-27 16:50:33 | 000,046,856 | ---- | C] () -- C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-02-27 16:47:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010-02-27 16:42:04 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-02-27 16:31:59 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2010-02-27 16:28:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-02-27 16:19:41 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010-02-27 16:13:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2010-02-27 16:11:14 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010-02-27 16:11:00 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010-02-27 16:07:58 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-02-27 16:07:55 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2010-02-27 16:07:55 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2010-02-27 16:06:11 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2010-02-27 16:06:09 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2009-06-07 16:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-06-07 16:16:12 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-01-28 20:50:44 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2004-08-04 14:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2004-08-04 14:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2004-08-04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-04 14:00:00 | 000,503,756 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2004-08-04 14:00:00 | 000,444,362 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-04 14:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2004-08-04 14:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2004-08-04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-04 14:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004-08-04 14:00:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2004-08-04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-04 14:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2004-08-04 14:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004-08-04 14:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2004-08-04 14:00:00 | 000,090,292 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2004-08-04 14:00:00 | 000,072,238 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-04 14:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2004-08-04 14:00:00 | 000,070,622 | ---- | C] () -- C:\WINDOWS\System32\edit.com
[2004-08-04 14:00:00 | 000,053,920 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe
[2004-08-04 14:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2004-08-04 14:00:00 | 000,051,823 | ---- | C] () -- C:\WINDOWS\System32\command.com
[2004-08-04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-04 14:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2004-08-04 14:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2004-08-04 14:00:00 | 000,039,434 | ---- | C] () -- C:\WINDOWS\System32\mem.exe
[2004-08-04 14:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004-08-04 14:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004-08-04 14:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2004-08-04 14:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004-08-04 14:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004-08-04 14:00:00 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004-08-04 14:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2004-08-04 14:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2004-08-04 14:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2004-08-04 14:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2004-08-04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-04 14:00:00 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2004-08-04 14:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2004-08-04 14:00:00 | 000,020,986 | ---- | C] () -- C:\WINDOWS\System32\debug.exe
[2004-08-04 14:00:00 | 000,019,806 | ---- | C] () -- C:\WINDOWS\System32\graphics.com
[2004-08-04 14:00:00 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2004-08-04 14:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2004-08-04 14:00:00 | 000,014,913 | ---- | C] () -- C:\WINDOWS\System32\kb16.com
[2004-08-04 14:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2004-08-04 14:00:00 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2004-08-04 14:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2004-08-04 14:00:00 | 000,012,866 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe
[2004-08-04 14:00:00 | 000,012,594 | ---- | C] () -- C:\WINDOWS\System32\append.exe
[2004-08-04 14:00:00 | 000,011,859 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2004-08-04 14:00:00 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2004-08-04 14:00:00 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe
[2004-08-04 14:00:00 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe
[2004-08-04 14:00:00 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2004-08-04 14:00:00 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2004-08-04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-04 14:00:00 | 000,003,346 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2004-08-04 14:00:00 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2004-08-04 14:00:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2004-08-04 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-04 14:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2004-08-04 14:00:00 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2004-08-04 14:00:00 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com
[2004-08-04 14:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2004-08-04 14:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe
[2004-08-04 14:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe
[2004-08-04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004-08-04 14:00:00 | 000,000,493 | ---- | C] () -- C:\WINDOWS\win.ini
[2004-08-04 14:00:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2004-08-04 14:00:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003-07-30 11:48:28 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003-07-30 10:49:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-10-26 19:29:54 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe
[2001-10-26 19:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2001-03-30 22:58:36 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\Property.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-09-22 19:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper
[2011-04-03 10:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\aliasworlds
[2011-04-12 20:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Artist Colony
[2011-04-23 19:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Big Fish Games
[2010-09-20 22:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Big Splash Games
[2010-09-04 17:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\blg
[2010-11-01 14:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CrioGames
[2010-11-13 20:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Elephant Games
[2010-12-25 14:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2011-03-14 17:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Fenomen Games
[2010-09-04 17:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\fillup2-daxygames-eng
[2010-06-20 18:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Floodlight Games
[2010-05-03 20:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\freshgames
[2011-04-25 10:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Fugazo
[2010-11-28 17:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Funny Bear Studio
[2010-08-26 18:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GabCab
[2010-02-27 18:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-07-04 23:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gamers Digital
[2010-03-27 17:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Happyville__
[2011-02-13 14:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\HipSoft
[2011-01-26 22:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\HouseDemo
[2010-06-20 17:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2010-05-28 21:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Islands
[2010-09-04 18:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\iWin
[2011-03-06 20:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ludia
[2011-04-21 21:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound
[2010-03-01 21:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NevoSoft Games
[2010-06-20 18:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2010-06-20 18:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2011-03-26 14:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PlayFirst
[2010-05-13 19:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Playrix Entertainment
[2011-05-07 11:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\rionix
[2010-11-13 19:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Robin Hood
[2011-01-12 20:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sandlot Games
[2011-05-09 13:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2010-11-04 19:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TikGames
[2010-10-31 23:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\VirtualFarm
[2010-03-22 20:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\XLab
[2010-08-26 18:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\AlderGames
[2011-04-03 10:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\aliasworlds
[2010-09-22 19:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Artifex Mundi
[2010-11-26 23:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Avenue Flo - Special Delivery Strategy Guide
[2010-06-25 20:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\AVI ReComp
[2010-10-10 20:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Bear's dream
[2010-11-09 18:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Big Fish Games
[2010-09-20 22:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Big Splash Games
[2010-08-16 18:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\BitComet
[2010-09-04 17:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\blg
[2010-09-04 17:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Boolat Games
[2010-02-27 17:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\DAEMON Tools Pro
[2011-01-31 14:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\DivoGames
[2010-10-15 19:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Dreamscape_Saves
[2010-11-13 20:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Elephant Games
[2010-11-12 21:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\ERS Game Studios
[2010-12-25 14:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\ESET
[2011-05-07 15:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Farm Mania 2.1
[2010-11-03 16:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\FarmerJane
[2010-06-20 18:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Floodlight Games
[2010-05-03 20:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\freshgames
[2010-09-20 22:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Friday's games
[2011-02-15 00:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Fugazo
[2010-02-27 18:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Gadu-Gadu 10
[2010-07-04 23:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Gamers Digital
[2011-03-23 21:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\HdO Adventure
[2011-01-26 22:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Islands
[2010-09-04 18:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\iWin
[2010-11-10 13:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Jetdogs Studios
[2010-08-16 18:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Jumb-O-Fun Games
[2010-09-04 17:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Lonely Troops
[2011-03-06 20:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Ludia
[2011-03-14 17:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Magic Seeds
[2011-05-09 14:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Meridian93
[2010-03-22 20:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\My Games
[2011-04-21 21:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\NCH Swift Sound
[2010-06-06 14:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\NevoSoft Games
[2010-06-20 18:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\PC Suite
[2010-12-16 00:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\PCToolsFirewallPlus
[2010-02-27 20:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\PCToolsSpamMonitorPlus
[2010-05-14 21:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Peace Craft
[2010-09-01 12:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\PeaceCraft2
[2011-04-23 19:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Ph03nixNewMedia
[2011-03-26 14:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\PlayFirst
[2011-05-10 21:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\playmink
[2010-09-04 17:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Rabbit's Magic Adventures
[2010-11-28 19:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Roads Of Rome
[2010-11-13 19:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Robin Hood
[2010-11-04 16:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Sahmon Games
[2010-04-03 18:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Scrabble Plus
[2010-12-16 00:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Spam Monitor
[2010-12-28 19:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Spark Plug Games
[2010-12-05 18:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Supermarket Mania 2
[2010-11-04 19:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\TikGames
[2010-11-09 18:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Ubisoft
[2011-05-10 20:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\uTorrent
[2011-02-24 21:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\ViquaSoft
[2011-01-09 18:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\YoudaGames
[2011-05-07 16:33:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:AAA14AF9
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:78DEA3A4
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:831C6B2D
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:159A493A
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:430C6D84
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:2DD32145
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EAEE7554
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E6A96BE9
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:AF24D911
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:FD38E906
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05F547A9
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7E239580
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5C0940F1
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3A0561F3
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:AA0BC725
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:08801FDB
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E9900C74
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:983B4DC0
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EA7D76BE
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:BA5EEDA7
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4B1CFD78
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:18BFD8F8
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E5B6B9C5
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:38FF076E
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3B07E6F4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0915A718
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D9771F40
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:92FE8A60
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1CA73D29
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:F760FD47
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4A966CC2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5EB551C8
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CFF6B3FF
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:517B507A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:F7F6E6CB
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:10D45FC3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A5264343
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:99AC3203
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:348A3734
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:073139EC
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9B2BD056
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BFA43EB
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:2ADF9928
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:73461BFA
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:751D6870
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:13765436
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:68A56598
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:F6E5C7FB
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:BE6DC701
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:15752405
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:F1DEA771
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0ED4AC2F
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:ADF211B1

< End of report >


Dodano Dzisiaj, 23:48:
Kod: Zaznacz wszystko
OTL Extras logfile created on: 2011-05-13 23:38:05 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\Magda\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 022,00 Mb Total Physical Memory | 328,00 Mb Available Physical Memory | 32,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 6,40 Gb Free Space | 32,75% Space Free | Partition Type: NTFS
Drive D: | 92,25 Gb Total Space | 65,95 Gb Free Space | 71,50% Space Free | Partition Type: NTFS

Computer Name: MADZIA | User Name: Magda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1614895754-515967899-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"27521:TCP" = 27521:TCP:*:Enabled:BitComet 27521 TCP
"27521:UDP" = 27521:UDP:*:Enabled:BitComet 27521 UDP
"16093:TCP" = 16093:TCP:*:Enabled:BitComet 16093 TCP
"16093:UDP" = 16093:UDP:*:Enabled:BitComet 16093 UDP
"49500:TCP" = 49500:TCP:*:Enabled:BitComet 49500 TCP
"49500:UDP" = 49500:UDP:*:Enabled:BitComet 49500 UDP
"6952:TCP" = 6952:TCP:*:Enabled:BitComet 6952
"6952:UDP" = 6952:UDP:*:Enabled:BitComet 6952
"26448:TCP" = 26448:TCP:*:Enabled:BitComet 26448 TCP
"26448:UDP" = 26448:UDP:*:Enabled:BitComet 26448 UDP
"14384:TCP" = 14384:TCP:*:Enabled:BitComet 14384 TCP
"14384:UDP" = 14384:UDP:*:Enabled:BitComet 14384 UDP
"6881:TCP" = 6881:TCP:*:Enabled:BitComet 6881 TCP
"6881:UDP" = 6881:UDP:*:Enabled:BitComet 6881 UDP
"63237:TCP" = 63237:TCP:*:Enabled:BitComet 63237 TCP
"63237:UDP" = 63237:UDP:*:Enabled:BitComet 63237 UDP
"21017:TCP" = 21017:TCP:*:Enabled:BitComet 21017 TCP
"21017:UDP" = 21017:UDP:*:Enabled:BitComet 21017 UDP
"23656:TCP" = 23656:TCP:*:Enabled:BitComet 23656 TCP
"23656:UDP" = 23656:UDP:*:Enabled:BitComet 23656 UDP

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\BitComet\BitComet.exe" = D:\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"D:\U_Torrent\uTorrent.exe" = D:\U_Torrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"D:\Downloads\bigfish\Warcraft III\Warcraft III\Warcraft III.exe" = D:\Downloads\bigfish\Warcraft III\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\WINDOWS\Temp\mwfr\setup.exe" = C:\WINDOWS\Temp\mwfr\setup.exe:*:Enabled:nnmadltb


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{386B6902-74AD-4579-B0BF-8841E886F041}" = ATI Catalyst Control Center
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D5219EC-BFF8-4B7F-AB92-6D827BB37CB0}" = Windows Live Messenger
"{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live
"{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BEE464A-5F56-46F8-0072-07B873751045}" = Nero 7 Demo
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.4 - Polish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C35FE07E-24B5-410F-85B7-122087A0C7DD}" = Poczta usługi Windows Live
"{C5096D00-8B9C-41DB-8472-9D721E982DF0}" = Podstawowe programy Windows Live
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DCD22647-6D31-479D-8F97-16D0AA934D9E}" = PC Connectivity Solution
"{E143D832-0B23-11D6-B58A-204C4F4F5020}" = Components Installer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVI ReComp" = AVI ReComp 1.5.1
"Avisynth" = AviSynth 2.5
"BFGC" = Big Fish Games: Game Manager
"Farm Mania Hot Vacation 1.00" = Farm Mania Hot Vacation 1.00
"Gadu-Gadu 10" = Gadu-Gadu 10
"HijackThis" = HijackThis 1.99.1
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Full)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 pl)" = Mozilla Firefox 4.0.1 (x86 pl)
"MSC" = McAfee AntiVirus Plus
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"SkanerOnline" = Skaner on-line mks_vir
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VobSub" = VobSub 2.23
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Podstawowe programy Windows Live
"WinRAR archiver" = Archiwizator WinRAR
"World Mosaics 3. Fairy Tales (english version)" = World Mosaics 3. Fairy Tales (english version)
"World Mosaics 41.0" = World Mosaics 4
"www.research-lab.com" = www.research-lab.com
"Xvid_is1" = Xvid 1.2.2
"Zuma's Revenge!1.0" = Zuma's Revenge!

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1614895754-515967899-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Detektor Winampa

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-09-06 05:33:38 | Computer Name = MADZIA | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu. 

Error - 2010-09-06 09:13:50 | Computer Name = MADZIA | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu. 

Error - 2010-09-07 03:36:06 | Computer Name = MADZIA | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu. 

Error - 2010-09-15 15:47:58 | Computer Name = MADZIA | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu. 

Error - 2010-09-20 13:35:34 | Computer Name = MADZIA | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca uTorrent.exe, wersja 2.0.4.21586, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-09-20 13:40:28 | Computer Name = MADZIA | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca uTorrent.exe, wersja 2.0.4.21586, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-10-03 04:48:56 | Computer Name = MADZIA | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu. 

Error - 2010-10-10 08:11:54 | Computer Name = MADZIA | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu. 

Error - 2010-10-10 15:48:04 | Computer Name = MADZIA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd wiaaccmgr.exe, wersja 0.0.0.0, moduł powodujący
błąd wiaaccmgr.exe, wersja 0.0.0.0, adres błędu 0x00001462.

Error - 2010-10-10 15:49:03 | Computer Name = MADZIA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd spupdwxpp.exe, wersja 0.0.0.0, moduł powodujący
błąd spupdwxpp.exe, wersja 0.0.0.0, adres błędu 0x00001462.

[ System Events ]
Error - 2011-05-13 17:43:30 | Computer Name = MADZIA | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
McAfee SiteAdvisor Service z argumentami „”  w celu uruchomienia serwera:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 2011-05-13 17:43:30 | Computer Name = MADZIA | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
McAfee SiteAdvisor Service z argumentami „”  w celu uruchomienia serwera:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 2011-05-13 17:43:39 | Computer Name = MADZIA | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
McAfee SiteAdvisor Service z argumentami „”  w celu uruchomienia serwera:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 2011-05-13 17:43:40 | Computer Name = MADZIA | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
McAfee SiteAdvisor Service z argumentami „”  w celu uruchomienia serwera:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 2011-05-13 17:43:55 | Computer Name = MADZIA | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
McAfee SiteAdvisor Service z argumentami „”  w celu uruchomienia serwera:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 2011-05-13 17:43:55 | Computer Name = MADZIA | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
McAfee SiteAdvisor Service z argumentami „”  w celu uruchomienia serwera:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 2011-05-13 17:44:02 | Computer Name = MADZIA | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
McAfee SiteAdvisor Service z argumentami „”  w celu uruchomienia serwera:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 2011-05-13 17:44:02 | Computer Name = MADZIA | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
McAfee SiteAdvisor Service z argumentami „”  w celu uruchomienia serwera:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 2011-05-13 17:45:03 | Computer Name = MADZIA | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
McAfee SiteAdvisor Service z argumentami „”  w celu uruchomienia serwera:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 2011-05-13 17:45:03 | Computer Name = MADZIA | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
McAfee SiteAdvisor Service z argumentami „”  w celu uruchomienia serwera:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}


< End of report >
magdat
~user
 
Posty: 6
Dołączenie: 13 Maj 2011, 23:11


Góra

Tdss.d!mem - prosba o pomoc

Postprzez wojtas 14 Maj 2011, 09:46

Brak loga z Gmera
pamiętaj o tym :


[Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)


odinstaluj : Spybot - Search & Destroy

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
[2010-04-17 09:35:23 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Firefox\Profiles\a8cy9ez8.default\searchplugins\askcom.xml
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [wmupdater] C:\Program Files\updater.exe ()
O29 - HKLM SecurityProviders - (mghlbpfy.dll) - C:\WINDOWS\System32\mghlbpfy.dll (Vyjpb Software)
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:AAA14AF9
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:78DEA3A4
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:831C6B2D
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:159A493A
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:430C6D84
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:2DD32145
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EAEE7554
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E6A96BE9
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:AF24D911
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:FD38E906
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05F547A9
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7E239580
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5C0940F1
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3A0561F3
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:AA0BC725
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:08801FDB
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E9900C74
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:983B4DC0
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EA7D76BE
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:BA5EEDA7
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4B1CFD78
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:18BFD8F8
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E5B6B9C5
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:38FF076E
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3B07E6F4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0915A718
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D9771F40
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:92FE8A60
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1CA73D29
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:F760FD47
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4A966CC2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5EB551C8
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CFF6B3FF
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:517B507A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:F7F6E6CB
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:10D45FC3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A5264343
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:99AC3203
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:348A3734
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:073139EC
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9B2BD056
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BFA43EB
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:2ADF9928
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:73461BFA
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:751D6870
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:13765436
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:68A56598
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:F6E5C7FB
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:BE6DC701
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:15752405
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:F1DEA771
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0ED4AC2F
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:ADF211B1

:Files
C:\WINDOWS\tasks\*.job


:Commands
[emptytemp]
[emptyflash]


Kliknij wykonaj skrypt. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie). + Gmer
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656


Góra

Tdss.d!mem - prosba o pomoc

Postprzez magdat 14 Maj 2011, 13:24

Kod: Zaznacz wszystko
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-14 13:24:23
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD12 rev.01.0
Running: 4x2ckviw.exe; Driver: C:\DOCUME~1\Magda\USTAWI~1\Temp\pwtdypoc.sys


---- System - GMER 1.0.15 ----

SSDT            sptd.sys                                                                                                             ZwCreateKey [0xF7438FA0]
SSDT            sptd.sys                                                                                                             ZwEnumerateKey [0xF746D018]
SSDT            sptd.sys                                                                                                             ZwEnumerateValueKey [0xF746D3A6]
SSDT            sptd.sys                                                                                                             ZwOpenKey [0xF7438F80]
SSDT            sptd.sys                                                                                                             ZwQueryKey [0xF746D47E]
SSDT            sptd.sys                                                                                                             ZwQueryValueKey [0xF746D2FE]
SSDT            sptd.sys                                                                                                             ZwSetValueKey [0xF746D510]

INT 0x62        ?                                                                                                                    86FCCCB8
INT 0x63        ?                                                                                                                    864C1CB8
INT 0x94        ?                                                                                                                    864C1CB8
INT 0xB4        ?                                                                                                                    86F9CCB8

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwDeleteKey [0xF722D22A]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwDeleteValueKey [0xF722D256]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwMapViewOfSection [0xF722D2AC]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwOpenProcess [0xF722D1D4]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwOpenThread [0xF722D1E8]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwRenameKey [0xF722D240]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwSetSecurityObject [0xF722D282]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwTerminateProcess [0xF722D2D6]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwUnmapViewOfSection [0xF722D2C2]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwYieldExecution [0xF722D296]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        NtMapViewOfSection
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        NtOpenProcess
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        NtOpenThread
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwYieldExecution                                                                                        80504B08 7 Bytes  JMP F722D29A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtMapViewOfSection                                                                                      805B203A 7 Bytes  JMP F722D2B0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwUnmapViewOfSection                                                                                    805B2E48 5 Bytes  JMP F722D2C6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtSetSecurityObject                                                                                     805C062E 5 Bytes  JMP F722D286 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtOpenProcess                                                                                           805CB440 5 Bytes  JMP F722D1D8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtOpenThread                                                                                            805CB6CC 5 Bytes  JMP F722D1EC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwTerminateProcess                                                                                      805D29E2 5 Bytes  JMP F722D2DA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwRenameKey                                                                                             80623B12 7 Bytes  JMP F722D244 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwDeleteKey                                                                                             8062458C 7 Bytes  JMP F722D22E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwDeleteValueKey                                                                                        8062475C 7 Bytes  JMP F722D25A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text           sptd.sys                                                                                                             F73FC000 28 Bytes  [30, 78, 6E, 80, A6, CB, 6E, ...]
.text           sptd.sys                                                                                                             F73FC01D 3 Bytes  [79, 6E, 80]
.text           sptd.sys                                                                                                             F73FC024 120 Bytes  [D8, 52, 53, 80, 68, B9, 54, ...]
.text           sptd.sys                                                                                                             F73FC09D 124 Bytes  [97, 53, 80, A0, 98, 53, 80, ...]
.text           sptd.sys                                                                                                             F73FC11A 178 Bytes  [4F, 80, 82, F8, 4E, 80, 3E, ...]
.text           ...                                                                                                                 
.sptd2          C:\WINDOWS\system32\drivers\sptd.sys                                                                                 entry point in ".sptd2" section [0xF74A69E3]
?               C:\WINDOWS\system32\drivers\sptd.sys                                                                                 Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
.text           USBPORT.SYS!DllUnload                                                                                                F5F0A8AC 5 Bytes  JMP 864C11C8

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\svchost.exe[172] ntdll.dll!NtCreateFile                                                          7C90D0AE 5 Bytes  JMP 0097000A
.text           C:\WINDOWS\system32\svchost.exe[172] ntdll.dll!NtCreateProcess                                                       7C90D14E 5 Bytes  JMP 00970FD4
.text           C:\WINDOWS\system32\svchost.exe[172] ntdll.dll!NtProtectVirtualMemory                                                7C90D6EE 5 Bytes  JMP 00970FE5
.text           C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!CreateFileA                                                        7C801A28 5 Bytes  JMP 00960FEF
.text           C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!VirtualProtectEx                                                   7C801A61 5 Bytes  JMP 0096005E
.text           C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!VirtualProtect                                                     7C801AD4 5 Bytes  JMP 00960F69
.text           C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!LoadLibraryExW                                                     7C801AF5 5 Bytes  JMP 00960F7A
.text           C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!LoadLibraryExA                                                     7C801D53 5 Bytes  JMP 00960039
.text           C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!LoadLibraryA                                                       7C801D7B 5 Bytes  JMP 00960FA8
.text           C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!GetStartupInfoW                                                    7C801E54 5 Bytes  JMP 0096008A
.text           C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!GetStartupInfoA                                                    7C801EF2 5 Bytes  JMP 00960F42
.text           C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!CreateProcessW                                                     7C802336 5 Bytes  JMP 0096009B
.text           C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!CreateProcessA                                                     7C80236B 5 Bytes  JMP 00960F0C
.text           C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!GetProcAddress                                                     7C80AE40 5 Bytes  JMP 00960EE7
.text           C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!LoadLibraryW                                                       7C80AEEB 5 Bytes  JMP 00960F97
.text           C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!CreateFileW                                                        7C810800 5 Bytes  JMP 00960FDE
.text           C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!CreatePipe                                                         7C81D83F 5 Bytes  JMP 00960079
.text           C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!CreateNamedPipeW                                                   7C82F0DD 5 Bytes  JMP 00960FC3
.text           C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!CreateNamedPipeA                                                   7C860CDC 5 Bytes  JMP 00960014
.text           C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!WinExec                                                            7C86250D 5 Bytes  JMP 00960F1D
.text           C:\WINDOWS\system32\svchost.exe[172] ADVAPI32.dll!RegOpenKeyExW                                                      77DC6AAF 5 Bytes  JMP 00C70FCA
.text           C:\WINDOWS\system32\svchost.exe[172] ADVAPI32.dll!RegCreateKeyExW                                                    77DC776C 5 Bytes  JMP 00C70F9E
.text           C:\WINDOWS\system32\svchost.exe[172] ADVAPI32.dll!RegOpenKeyExA                                                      77DC7852 5 Bytes  JMP 00C70FE5
.text           C:\WINDOWS\system32\svchost.exe[172] ADVAPI32.dll!RegOpenKeyW                                                        77DC7946 5 Bytes  JMP 00C7001B
.text           C:\WINDOWS\system32\svchost.exe[172] ADVAPI32.dll!RegCreateKeyExA                                                    77DCE9F4 5 Bytes  JMP 00C7005B
.text           C:\WINDOWS\system32\svchost.exe[172] ADVAPI32.dll!RegOpenKeyA                                                        77DCEFC8 5 Bytes  JMP 00C7000A
.text           C:\WINDOWS\system32\svchost.exe[172] ADVAPI32.dll!RegCreateKeyW                                                      77DEBA55 5 Bytes  JMP 00C70040
.text           C:\WINDOWS\system32\svchost.exe[172] ADVAPI32.dll!RegCreateKeyA                                                      77DEBCF3 5 Bytes  JMP 00C70FB9
.text           C:\WINDOWS\system32\svchost.exe[172] msvcrt.dll!_wsystem                                                             77C1931E 5 Bytes  JMP 00C60064
.text           C:\WINDOWS\system32\svchost.exe[172] msvcrt.dll!system                                                               77C193C7 5 Bytes  JMP 00C60049
.text           C:\WINDOWS\system32\svchost.exe[172] msvcrt.dll!_creat                                                               77C1D40F 5 Bytes  JMP 00C6002E
.text           C:\WINDOWS\system32\svchost.exe[172] msvcrt.dll!_open                                                                77C1F566 5 Bytes  JMP 00C60000
.text           C:\WINDOWS\system32\svchost.exe[172] msvcrt.dll!_wcreat                                                              77C1FC9B 5 Bytes  JMP 00C60FD9
.text           C:\WINDOWS\system32\svchost.exe[172] msvcrt.dll!_wopen                                                               77C20055 5 Bytes  JMP 00C6001D
.text           C:\WINDOWS\system32\svchost.exe[172] WININET.dll!InternetOpenA                                                       3FD1D690 5 Bytes  JMP 00980000
.text           C:\WINDOWS\system32\svchost.exe[172] WININET.dll!InternetOpenW                                                       3FD1DB09 5 Bytes  JMP 00980025
.text           C:\WINDOWS\system32\svchost.exe[172] WININET.dll!InternetOpenUrlA                                                    3FD1F3A4 5 Bytes  JMP 00980036
.text           C:\WINDOWS\system32\svchost.exe[172] WININET.dll!InternetOpenUrlW                                                    3FD66D5F 5 Bytes  JMP 00980FE5
.text           C:\WINDOWS\system32\svchost.exe[172] WS2_32.dll!socket                                                               71A54211 5 Bytes  JMP 00990FE5
.text           C:\WINDOWS\Explorer.EXE[452] ntdll.dll!NtCreateFile                                                                  7C90D0AE 5 Bytes  JMP 02A70FE5
.text           C:\WINDOWS\Explorer.EXE[452] ntdll.dll!NtCreateProcess                                                               7C90D14E 5 Bytes  JMP 02A70FAF
.text           C:\WINDOWS\Explorer.EXE[452] ntdll.dll!NtProtectVirtualMemory                                                        7C90D6EE 5 Bytes  JMP 02A70FD4
.text           C:\WINDOWS\Explorer.EXE[452] kernel32.dll!CreateFileA                                                                7C801A28 5 Bytes  JMP 02A60FEF
.text           C:\WINDOWS\Explorer.EXE[452] kernel32.dll!VirtualProtectEx                                                           7C801A61 5 Bytes  JMP 02A60071
.text           C:\WINDOWS\Explorer.EXE[452] kernel32.dll!VirtualProtect                                                             7C801AD4 5 Bytes  JMP 02A60F7C
.text           C:\WINDOWS\Explorer.EXE[452] kernel32.dll!LoadLibraryExW                                                             7C801AF5 5 Bytes  JMP 02A6004A
.text           C:\WINDOWS\Explorer.EXE[452] kernel32.dll!LoadLibraryExA                                                             7C801D53 5 Bytes  JMP 02A60F97
.text           C:\WINDOWS\Explorer.EXE[452] kernel32.dll!LoadLibraryA                                                               7C801D7B 5 Bytes  JMP 02A60FC3
.text           C:\WINDOWS\Explorer.EXE[452] kernel32.dll!GetStartupInfoW                                                            7C801E54 5 Bytes  JMP 02A6009D
.text           C:\WINDOWS\Explorer.EXE[452] kernel32.dll!GetStartupInfoA                                                            7C801EF2 5 Bytes  JMP 02A60F61
.text           C:\WINDOWS\Explorer.EXE[452] kernel32.dll!CreateProcessW                                                             7C802336 5 Bytes  JMP 02A60F04
.text           C:\WINDOWS\Explorer.EXE[452] kernel32.dll!CreateProcessA                                                             7C80236B 5 Bytes  JMP 02A60F15
.text           C:\WINDOWS\Explorer.EXE[452] kernel32.dll!GetProcAddress                                                             7C80AE40 5 Bytes  JMP 02A600B8
.text           C:\WINDOWS\Explorer.EXE[452] kernel32.dll!LoadLibraryW                                                               7C80AEEB 5 Bytes  JMP 02A60FB2
.text           C:\WINDOWS\Explorer.EXE[452] kernel32.dll!CreateFileW                                                                7C810800 5 Bytes  JMP 02A6000A
.text           C:\WINDOWS\Explorer.EXE[452] kernel32.dll!CreatePipe                                                                 7C81D83F 5 Bytes  JMP 02A6008C
.text           C:\WINDOWS\Explorer.EXE[452] kernel32.dll!CreateNamedPipeW                                                           7C82F0DD 5 Bytes  JMP 02A60FD4
.text           C:\WINDOWS\Explorer.EXE[452] kernel32.dll!CreateNamedPipeA                                                           7C860CDC 5 Bytes  JMP 02A60025
.text           C:\WINDOWS\Explorer.EXE[452] kernel32.dll!WinExec                                                                    7C86250D 5 Bytes  JMP 02A60F30
.text           C:\WINDOWS\Explorer.EXE[452] ADVAPI32.dll!RegOpenKeyExW                                                              77DC6AAF 5 Bytes  JMP 02B40FD4
.text           C:\WINDOWS\Explorer.EXE[452] ADVAPI32.dll!RegCreateKeyExW                                                            77DC776C 5 Bytes  JMP 02B40076
.text           C:\WINDOWS\Explorer.EXE[452] ADVAPI32.dll!RegOpenKeyExA                                                              77DC7852 5 Bytes  JMP 02B40025
.text           C:\WINDOWS\Explorer.EXE[452] ADVAPI32.dll!RegOpenKeyW                                                                77DC7946 5 Bytes  JMP 02B4000A
.text           C:\WINDOWS\Explorer.EXE[452] ADVAPI32.dll!RegCreateKeyExA                                                            77DCE9F4 5 Bytes  JMP 02B40FB9
.text           C:\WINDOWS\Explorer.EXE[452] ADVAPI32.dll!RegOpenKeyA                                                                77DCEFC8 5 Bytes  JMP 02B40FEF
.text           C:\WINDOWS\Explorer.EXE[452] ADVAPI32.dll!RegCreateKeyW                                                              77DEBA55 5 Bytes  JMP 02B40051
.text           C:\WINDOWS\Explorer.EXE[452] ADVAPI32.dll!RegCreateKeyA                                                              77DEBCF3 5 Bytes  JMP 02B40040
.text           C:\WINDOWS\Explorer.EXE[452] msvcrt.dll!_wsystem                                                                     77C1931E 5 Bytes  JMP 02AA0F75
.text           C:\WINDOWS\Explorer.EXE[452] msvcrt.dll!system                                                                       77C193C7 5 Bytes  JMP 02AA0F86
.text           C:\WINDOWS\Explorer.EXE[452] msvcrt.dll!_creat                                                                       77C1D40F 5 Bytes  JMP 02AA0FC6
.text           C:\WINDOWS\Explorer.EXE[452] msvcrt.dll!_open                                                                        77C1F566 5 Bytes  JMP 02AA0FE3
.text           C:\WINDOWS\Explorer.EXE[452] msvcrt.dll!_wcreat                                                                      77C1FC9B 5 Bytes  JMP 02AA0FA1
.text           C:\WINDOWS\Explorer.EXE[452] msvcrt.dll!_wopen                                                                       77C20055 5 Bytes  JMP 02AA0000
.text           C:\WINDOWS\Explorer.EXE[452] WININET.dll!InternetOpenA                                                               3FD1D690 5 Bytes  JMP 02A80000
.text           C:\WINDOWS\Explorer.EXE[452] WININET.dll!InternetOpenW                                                               3FD1DB09 5 Bytes  JMP 02A80FE5
.text           C:\WINDOWS\Explorer.EXE[452] WININET.dll!InternetOpenUrlA                                                            3FD1F3A4 5 Bytes  JMP 02A80FCA
.text           C:\WINDOWS\Explorer.EXE[452] WININET.dll!InternetOpenUrlW                                                            3FD66D5F 5 Bytes  JMP 02A8001B
.text           C:\WINDOWS\Explorer.EXE[452] WS2_32.dll!socket                                                                       71A54211 5 Bytes  JMP 02A90FE5
.text           C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[568] kernel32.dll!LoadLibraryA                           7C801D7B 5 Bytes  JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text           C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[568] kernel32.dll!LoadLibraryW                           7C80AEEB 5 Bytes  JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text           C:\WINDOWS\system32\svchost.exe[732] ntdll.dll!NtCreateFile                                                          7C90D0AE 5 Bytes  JMP 00C50000
.text           C:\WINDOWS\system32\svchost.exe[732] ntdll.dll!NtCreateProcess                                                       7C90D14E 5 Bytes  JMP 00C50FCA
.text           C:\WINDOWS\system32\svchost.exe[732] ntdll.dll!NtProtectVirtualMemory                                                7C90D6EE 5 Bytes  JMP 00C50FDB
.text           C:\WINDOWS\system32\svchost.exe[732] kernel32.dll!CreateFileA                                                        7C801A28 5 Bytes  JMP 00C40000
.text           C:\WINDOWS\system32\svchost.exe[732] kernel32.dll!VirtualProtectEx                                                   7C801A61 5 Bytes  JMP 00C40064
.text           C:\WINDOWS\system32\svchost.exe[732] kernel32.dll!VirtualProtect                                                     7C801AD4 5 Bytes  JMP 00C40053
.text           C:\WINDOWS\system32\svchost.exe[732] kernel32.dll!LoadLibraryExW                                                     7C801AF5 5 Bytes  JMP 00C40042
.text           C:\WINDOWS\system32\svchost.exe[732] kernel32.dll!LoadLibraryExA                                                     7C801D53 5 Bytes  JMP 00C40F79
.text           C:\WINDOWS\system32\svchost.exe[732] kernel32.dll!LoadLibraryA                                                       7C801D7B 5 Bytes  JMP 00C40FAF
.text           C:\WINDOWS\system32\svchost.exe[732] kernel32.dll!GetStartupInfoW                                                    7C801E54 5 Bytes  JMP 00C400A6
.text           C:\WINDOWS\system32\svchost.exe[732] kernel32.dll!GetStartupInfoA                                                    7C801EF2 5 Bytes  JMP 00C4007F
.text           C:\WINDOWS\system32\svchost.exe[732] kernel32.dll!CreateProcessW                                                     7C802336 5 Bytes  JMP 00C400E3
.text           C:\WINDOWS\system32\svchost.exe[732] kernel32.dll!CreateProcessA                                                     7C80236B 5 Bytes  JMP 00C400D2
.text           C:\WINDOWS\system32\svchost.exe[732] kernel32.dll!GetProcAddress                                                     7C80AE40 5 Bytes  JMP 00C400F4
.text           C:\WINDOWS\system32\svchost.exe[732] kernel32.dll!LoadLibraryW                                                       7C80AEEB 5 Bytes  JMP 00C40F94
.text           C:\WINDOWS\system32\svchost.exe[732] kernel32.dll!CreateFileW                                                        7C810800 5 Bytes  JMP 00C4001B
.text           C:\WINDOWS\system32\svchost.exe[732] kernel32.dll!CreatePipe                                                         7C81D83F 5 Bytes  JMP 00C40F54
.text           C:\WINDOWS\system32\svchost.exe[732] kernel32.dll!CreateNamedPipeW                                                   7C82F0DD 5 Bytes  JMP 00C40FC0
.text           C:\WINDOWS\system32\svchost.exe[732] kernel32.dll!CreateNamedPipeA                                                   7C860CDC 5 Bytes  JMP 00C40FE5
.text           C:\WINDOWS\system32\svchost.exe[732] kernel32.dll!WinExec                                                            7C86250D 5 Bytes  JMP 00C400C1
.text           C:\WINDOWS\system32\svchost.exe[732] ADVAPI32.dll!RegOpenKeyExW                                                      77DC6AAF 5 Bytes  JMP 00C70FAF
.text           C:\WINDOWS\system32\svchost.exe[732] ADVAPI32.dll!RegCreateKeyExW                                                    77DC776C 5 Bytes  JMP 00C70F6F
.text           C:\WINDOWS\system32\svchost.exe[732] ADVAPI32.dll!RegOpenKeyExA                                                      77DC7852 5 Bytes  JMP 00C70000
.text           C:\WINDOWS\system32\svchost.exe[732] ADVAPI32.dll!RegOpenKeyW                                                        77DC7946 5 Bytes  JMP 00C70FCA
.text           C:\WINDOWS\system32\svchost.exe[732] ADVAPI32.dll!RegCreateKeyExA                                                    77DCE9F4 5 Bytes  JMP 00C70F94
.text           C:\WINDOWS\system32\svchost.exe[732] ADVAPI32.dll!RegOpenKeyA                                                        77DCEFC8 5 Bytes  JMP 00C70FE5
.text           C:\WINDOWS\system32\svchost.exe[732] ADVAPI32.dll!RegCreateKeyW                                                      77DEBA55 5 Bytes  JMP 00C70036
.text           C:\WINDOWS\system32\svchost.exe[732] ADVAPI32.dll!RegCreateKeyA                                                      77DEBCF3 5 Bytes  JMP 00C7001B
.text           C:\WINDOWS\system32\svchost.exe[732] msvcrt.dll!_wsystem                                                             77C1931E 5 Bytes  JMP 00C60FC0
.text           C:\WINDOWS\system32\svchost.exe[732] msvcrt.dll!system                                                               77C193C7 5 Bytes  JMP 00C6004B
.text           C:\WINDOWS\system32\svchost.exe[732] msvcrt.dll!_creat                                                               77C1D40F 5 Bytes  JMP 00C6003A
.text           C:\WINDOWS\system32\svchost.exe[732] msvcrt.dll!_open                                                                77C1F566 5 Bytes  JMP 00C6000C
.text           C:\WINDOWS\system32\svchost.exe[732] msvcrt.dll!_wcreat                                                              77C1FC9B 5 Bytes  JMP 00C60FDB
.text           C:\WINDOWS\system32\svchost.exe[732] msvcrt.dll!_wopen                                                               77C20055 5 Bytes  JMP 00C60029
.text           C:\WINDOWS\system32\services.exe[1204] ntdll.dll!NtCreateFile                                                        7C90D0AE 5 Bytes  JMP 00050FE5
.text           C:\WINDOWS\system32\services.exe[1204] ntdll.dll!NtCreateProcess                                                     7C90D14E 5 Bytes  JMP 0005000A
.text           C:\WINDOWS\system32\services.exe[1204] ntdll.dll!NtProtectVirtualMemory                                              7C90D6EE 5 Bytes  JMP 00050FD4
.text           C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateFileA                                                      7C801A28 5 Bytes  JMP 00040FEF
.text           C:\WINDOWS\system32\services.exe[1204] kernel32.dll!VirtualProtectEx                                                 7C801A61 5 Bytes  JMP 00040F83
.text           C:\WINDOWS\system32\services.exe[1204] kernel32.dll!VirtualProtect                                                   7C801AD4 5 Bytes  JMP 00040F9E
.text           C:\WINDOWS\system32\services.exe[1204] kernel32.dll!LoadLibraryExW                                                   7C801AF5 5 Bytes  JMP 00040078
.text           C:\WINDOWS\system32\services.exe[1204] kernel32.dll!LoadLibraryExA                                                   7C801D53 5 Bytes  JMP 0004005B
.text           C:\WINDOWS\system32\services.exe[1204] kernel32.dll!LoadLibraryA                                                     7C801D7B 5 Bytes  JMP 00040FB9
.text           C:\WINDOWS\system32\services.exe[1204] kernel32.dll!GetStartupInfoW                                                  7C801E54 5 Bytes  JMP 000400BF
.text           C:\WINDOWS\system32\services.exe[1204] kernel32.dll!GetStartupInfoA                                                  7C801EF2 5 Bytes  JMP 000400AE
.text           C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateProcessW                                                   7C802336 5 Bytes  JMP 00040106
.text           C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateProcessA                                                   7C80236B 5 Bytes  JMP 000400F5
.text           C:\WINDOWS\system32\services.exe[1204] kernel32.dll!GetProcAddress                                                   7C80AE40 5 Bytes  JMP 00040117
.text           C:\WINDOWS\system32\services.exe[1204] kernel32.dll!LoadLibraryW                                                     7C80AEEB 5 Bytes  JMP 00040040
.text           C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateFileW                                                      7C810800 5 Bytes  JMP 00040FDE
.text           C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreatePipe                                                       7C81D83F 5 Bytes  JMP 0004009D
.text           C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateNamedPipeW                                                 7C82F0DD 5 Bytes  JMP 0004002F
.text           C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateNamedPipeA                                                 7C860CDC 5 Bytes  JMP 00040014
.text           C:\WINDOWS\system32\services.exe[1204] kernel32.dll!WinExec                                                          7C86250D 5 Bytes  JMP 000400D0
.text           C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegOpenKeyExW                                                    77DC6AAF 5 Bytes  JMP 0070002F
.text           C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegCreateKeyExW                                                  77DC776C 5 Bytes  JMP 00700087
.text           C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegOpenKeyExA                                                    77DC7852 5 Bytes  JMP 00700FDE
.text           C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegOpenKeyW                                                      77DC7946 5 Bytes  JMP 00700FEF
.text           C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegCreateKeyExA                                                  77DCE9F4 5 Bytes  JMP 0070006C
.text           C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegOpenKeyA                                                      77DCEFC8 5 Bytes  JMP 00700000
.text           C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegCreateKeyW                                                    77DEBA55 5 Bytes  JMP 0070005B
.text           C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegCreateKeyA                                                    77DEBCF3 5 Bytes  JMP 0070004A
.text           C:\WINDOWS\system32\services.exe[1204] msvcrt.dll!_wsystem                                                           77C1931E 5 Bytes  JMP 00070FBC
.text           C:\WINDOWS\system32\services.exe[1204] msvcrt.dll!system                                                             77C193C7 5 Bytes  JMP 00070047
.text           C:\WINDOWS\system32\services.exe[1204] msvcrt.dll!_creat                                                             77C1D40F 5 Bytes  JMP 0007002C
.text           C:\WINDOWS\system32\services.exe[1204] msvcrt.dll!_open                                                              77C1F566 5 Bytes  JMP 00070000
.text           C:\WINDOWS\system32\services.exe[1204] msvcrt.dll!_wcreat                                                            77C1FC9B 5 Bytes  JMP 00070FD7
.text           C:\WINDOWS\system32\services.exe[1204] msvcrt.dll!_wopen                                                             77C20055 5 Bytes  JMP 00070011
.text           C:\WINDOWS\system32\services.exe[1204] WS2_32.dll!socket                                                             71A54211 5 Bytes  JMP 00060000
.text           C:\WINDOWS\system32\lsass.exe[1216] ntdll.dll!NtCreateFile                                                           7C90D0AE 5 Bytes  JMP 00C5000A
.text           C:\WINDOWS\system32\lsass.exe[1216] ntdll.dll!NtCreateProcess                                                        7C90D14E 5 Bytes  JMP 00C50025
.text           C:\WINDOWS\system32\lsass.exe[1216] ntdll.dll!NtProtectVirtualMemory                                                 7C90D6EE 5 Bytes  JMP 00C50FEF
.text           C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateFileA                                                         7C801A28 5 Bytes  JMP 00C40000
.text           C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!VirtualProtectEx                                                    7C801A61 5 Bytes  JMP 00C400C2
.text           C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!VirtualProtect                                                      7C801AD4 5 Bytes  JMP 00C40FC3
.text           C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!LoadLibraryExW                                                      7C801AF5 5 Bytes  JMP 00C40091
.text           C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!LoadLibraryExA                                                      7C801D53 5 Bytes  JMP 00C40FD4
.text           C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!LoadLibraryA                                                        7C801D7B 5 Bytes  JMP 00C4005B
.text           C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!GetStartupInfoW                                                     7C801E54 5 Bytes  JMP 00C400F5
.text           C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!GetStartupInfoA                                                     7C801EF2 5 Bytes  JMP 00C400E4
.text           C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateProcessW                                                      7C802336 5 Bytes  JMP 00C40F81
.text           C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateProcessA                                                      7C80236B 5 Bytes  JMP 00C40110
.text           C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!GetProcAddress                                                      7C80AE40 5 Bytes  JMP 00C40135
.text           C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!LoadLibraryW                                                        7C80AEEB 5 Bytes  JMP 00C4006C
.text           C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateFileW                                                         7C810800 5 Bytes  JMP 00C4001B
.text           C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreatePipe                                                          7C81D83F 5 Bytes  JMP 00C400D3
.text           C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateNamedPipeW                                                    7C82F0DD 5 Bytes  JMP 00C40036
.text           C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateNamedPipeA                                                    7C860CDC 5 Bytes  JMP 00C40FE5
.text           C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!WinExec                                                             7C86250D 5 Bytes  JMP 00C40F92
.text           C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegOpenKeyExW                                                       77DC6AAF 5 Bytes  JMP 00FE0036
.text           C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegCreateKeyExW                                                     77DC776C 5 Bytes  JMP 00FE0FA5
.text           C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegOpenKeyExA                                                       77DC7852 5 Bytes  JMP 00FE001B
.text           C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegOpenKeyW                                                         77DC7946 5 Bytes  JMP 00FE0FEF
.text           C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegCreateKeyExA                                                     77DCE9F4 5 Bytes  JMP 00FE0FB6
.text           C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegOpenKeyA                                                         77DCEFC8 5 Bytes  JMP 00FE000A
.text           C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegCreateKeyW                                                       77DEBA55 5 Bytes  JMP 00FE0062
.text           C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegCreateKeyA                                                       77DEBCF3 5 Bytes  JMP 00FE0047
.text           C:\WINDOWS\system32\lsass.exe[1216] msvcrt.dll!_wsystem                                                              77C1931E 5 Bytes  JMP 00C70027
.text           C:\WINDOWS\system32\lsass.exe[1216] msvcrt.dll!system                                                                77C193C7 5 Bytes  JMP 00C70F9C
.text           C:\WINDOWS\system32\lsass.exe[1216] msvcrt.dll!_creat                                                                77C1D40F 5 Bytes  JMP 00C70FB7
.text           C:\WINDOWS\system32\lsass.exe[1216] msvcrt.dll!_open                                                                 77C1F566 5 Bytes  JMP 00C70FE3
.text           C:\WINDOWS\system32\lsass.exe[1216] msvcrt.dll!_wcreat                                                               77C1FC9B 5 Bytes  JMP 00C7000C
.text           C:\WINDOWS\system32\lsass.exe[1216] msvcrt.dll!_wopen                                                                77C20055 5 Bytes  JMP 00C70FD2
.text           C:\WINDOWS\system32\lsass.exe[1216] WS2_32.dll!socket                                                                71A54211 5 Bytes  JMP 00C60000
.text           C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtCreateFile                                                         7C90D0AE 5 Bytes  JMP 00F20FE5
.text           C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtCreateProcess                                                      7C90D14E 5 Bytes  JMP 00F2000A
.text           C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtProtectVirtualMemory                                               7C90D6EE 5 Bytes  JMP 00F20FCA
.text           C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateFileA                                                       7C801A28 5 Bytes  JMP 00F10FEF
.text           C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualProtectEx                                                  7C801A61 5 Bytes  JMP 00F10F68
.text           C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualProtect                                                    7C801AD4 5 Bytes  JMP 00F10F83
.text           C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExW                                                    7C801AF5 5 Bytes  JMP 00F1005D
.text           C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExA                                                    7C801D53 5 Bytes  JMP 00F10040
.text           C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryA                                                      7C801D7B 5 Bytes  JMP 00F10FB9
.text           C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoW                                                   7C801E54 5 Bytes  JMP 00F10F1F
.text           C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoA                                                   7C801EF2 5 Bytes  JMP 00F10F46
.text           C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessW                                                    7C802336 5 Bytes  JMP 00F10EF3
.text           C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessA                                                    7C80236B 5 Bytes  JMP 00F10F04
.text           C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetProcAddress                                                    7C80AE40 5 Bytes  JMP 00F100A7
.text           C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryW                                                      7C80AEEB 5 Bytes  JMP 00F10FA8
.text           C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateFileW                                                       7C810800 5 Bytes  JMP 00F10000
.text           C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreatePipe                                                        7C81D83F 5 Bytes  JMP 00F10F57
.text           C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeW                                                  7C82F0DD 5 Bytes  JMP 00F10025
.text           C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeA                                                  7C860CDC 5 Bytes  JMP 00F10FCA
.text           C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!WinExec                                                           7C86250D 5 Bytes  JMP 00F10082
.text           C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExW                                                     77DC6AAF 5 Bytes  JMP 00FE0040
.text           C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExW                                                   77DC776C 5 Bytes  JMP 00FE0098
.text           C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExA                                                     77DC7852 5 Bytes  JMP 00FE001B
.text           C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyW                                                       77DC7946 5 Bytes  JMP 00FE000A
.text           C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExA                                                   77DCE9F4 5 Bytes  JMP 00FE0087
.text           C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyA                                                       77DCEFC8 5 Bytes  JMP 00FE0FEF
.text           C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyW                                                     77DEBA55 5 Bytes  JMP 00FE0076
.text           C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyA                                                     77DEBCF3 5 Bytes  JMP 00FE005B
.text           C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_wsystem                                                            77C1931E 5 Bytes  JMP 00FD0058
.text           C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!system                                                              77C193C7 5 Bytes  JMP 00FD0FCD
.text           C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_creat                                                              77C1D40F 5 Bytes  JMP 00FD0033
.text           C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_open                                                               77C1F566 5 Bytes  JMP 00FD000C
.text           C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_wcreat                                                             77C1FC9B 5 Bytes  JMP 00FD0FDE
.text           C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_wopen                                                              77C20055 5 Bytes  JMP 00FD0FEF
.text           C:\WINDOWS\system32\svchost.exe[1396] WS2_32.dll!socket                                                              71A54211 5 Bytes  JMP 00F30FE5
.text           C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtCreateFile                                                         7C90D0AE 5 Bytes  JMP 00B30FE5
.text           C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtCreateProcess                                                      7C90D14E 5 Bytes  JMP 00B30000
.text           C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtProtectVirtualMemory                                               7C90D6EE 5 Bytes  JMP 00B30FCA
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateFileA                                                       7C801A28 5 Bytes  JMP 00B20000
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!VirtualProtectEx                                                  7C801A61 5 Bytes  JMP 00B20F4D
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!VirtualProtect                                                    7C801AD4 5 Bytes  JMP 00B20F5E
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExW                                                    7C801AF5 5 Bytes  JMP 00B20036
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExA                                                    7C801D53 5 Bytes  JMP 00B20F79
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!LoadLibraryA                                                      7C801D7B 5 Bytes  JMP 00B20F9B
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoW                                                   7C801E54 5 Bytes  JMP 00B2008E
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoA                                                   7C801EF2 5 Bytes  JMP 00B20F3C
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateProcessW                                                    7C802336 5 Bytes  JMP 00B200BA
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateProcessA                                                    7C80236B 5 Bytes  JMP 00B20F2B
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!GetProcAddress                                                    7C80AE40 5 Bytes  JMP 00B200CB
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!LoadLibraryW                                                      7C80AEEB 5 Bytes  JMP 00B20F8A
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateFileW                                                       7C810800 5 Bytes  JMP 00B20FE5
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreatePipe                                                        7C81D83F 5 Bytes  JMP 00B20067
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeW                                                  7C82F0DD 5 Bytes  JMP 00B20011
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeA                                                  7C860CDC 5 Bytes  JMP 00B20FCA
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!WinExec                                                           7C86250D 5 Bytes  JMP 00B200A9
.text           C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExW                                                     77DC6AAF 5 Bytes  JMP 00C10FB9
.text           C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExW                                                   77DC776C 5 Bytes  JMP 00C10F83
.text           C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExA                                                     77DC7852 5 Bytes  JMP 00C1000A
.text           C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyW                                                       77DC7946 5 Bytes  JMP 00C10FD4
.text           C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExA                                                   77DCE9F4 5 Bytes  JMP 00C10F94
.text           C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyA                                                       77DCEFC8 5 Bytes  JMP 00C10FEF
.text           C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyW                                                     77DEBA55 5 Bytes  JMP 00C10036
.text           C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyA                                                     77DEBCF3 5 Bytes  JMP 00C10025
.text           C:\WINDOWS\system32\svchost.exe[1504] msvcrt.dll!_wsystem                                                            77C1931E 5 Bytes  JMP 00B50FD4
.text           C:\WINDOWS\system32\svchost.exe[1504] msvcrt.dll!system                                                              77C193C7 5 Bytes  JMP 00B50055
.text           C:\WINDOWS\system32\svchost.exe[1504] msvcrt.dll!_creat                                                              77C1D40F 5 Bytes  JMP 00B50029
.text           C:\WINDOWS\system32\svchost.exe[1504] msvcrt.dll!_open                                                               77C1F566 5 Bytes  JMP 00B5000C
.text           C:\WINDOWS\system32\svchost.exe[1504] msvcrt.dll!_wcreat                                                             77C1FC9B 5 Bytes  JMP 00B5003A
.text           C:\WINDOWS\system32\svchost.exe[1504] msvcrt.dll!_wopen                                                              77C20055 5 Bytes  JMP 00B50FEF
.text           C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!socket                                                              71A54211 5 Bytes  JMP 00B40FEF
.text           C:\WINDOWS\System32\svchost.exe[1544] ntdll.dll!NtCreateFile                                                         7C90D0AE 5 Bytes  JMP 02DF000A
.text           C:\WINDOWS\System32\svchost.exe[1544] ntdll.dll!NtCreateProcess                                                      7C90D14E 5 Bytes  JMP 02DF0FEF
.text           C:\WINDOWS\System32\svchost.exe[1544] ntdll.dll!NtProtectVirtualMemory                                               7C90D6EE 5 Bytes  JMP 02DF001B
.text           C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!CreateFileA                                                       7C801A28 5 Bytes  JMP 02DE0FEF
.text           C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!VirtualProtectEx                                                  7C801A61 5 Bytes  JMP 02DE0089
.text           C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!VirtualProtect                                                    7C801AD4 5 Bytes  JMP 02DE006E
.text           C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!LoadLibraryExW                                                    7C801AF5 5 Bytes  JMP 02DE0051
.text           C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!LoadLibraryExA                                                    7C801D53 5 Bytes  JMP 02DE0F94
.text           C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!LoadLibraryA                                                      7C801D7B 5 Bytes  JMP 02DE0FC0
.text           C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!GetStartupInfoW                                                   7C801E54 5 Bytes  JMP 02DE00D2
.text           C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!GetStartupInfoA                                                   7C801EF2 5 Bytes  JMP 02DE00B5
.text           C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!CreateProcessW                                                    7C802336 5 Bytes  JMP 02DE0F5E
.text           C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!CreateProcessA                                                    7C80236B 5 Bytes  JMP 02DE00F7
.text           C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!GetProcAddress                                                    7C80AE40 5 Bytes  JMP 02DE0108
.text           C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!LoadLibraryW                                                      7C80AEEB 5 Bytes  JMP 02DE0FAF
.text           C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!CreateFileW                                                       7C810800 5 Bytes  JMP 02DE000A
.text           C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!CreatePipe                                                        7C81D83F 5 Bytes  JMP 02DE00A4
.text           C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!CreateNamedPipeW                                                  7C82F0DD 5 Bytes  JMP 02DE0036
.text           C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!CreateNamedPipeA                                                  7C860CDC 5 Bytes  JMP 02DE001B
.text           C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!WinExec                                                           7C86250D 5 Bytes  JMP 02DE0F79
.text           C:\WINDOWS\System32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExW                                                     77DC6AAF 5 Bytes  JMP 02F00022
.text           C:\WINDOWS\System32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExW                                                   77DC776C 5 Bytes  JMP 02F00F79
.text           C:\WINDOWS\System32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExA                                                     77DC7852 5 Bytes  JMP 02F00011
.text           C:\WINDOWS\System32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyW                                                       77DC7946 5 Bytes  JMP 02F00000
.text           C:\WINDOWS\System32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExA                                                   77DCE9F4 5 Bytes  JMP 02F00F9E
.text           C:\WINDOWS\System32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyA                                                       77DCEFC8 5 Bytes  JMP 02F00FEF
.text           C:\WINDOWS\System32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyW                                                     77DEBA55 2 Bytes  JMP 02F00FAF
.text           C:\WINDOWS\System32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyW + 3                                                 77DEBA58 2 Bytes  [11, 8B]
.text           C:\WINDOWS\System32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyA                                                     77DEBCF3 5 Bytes  JMP 02F00FC0
.text           C:\WINDOWS\System32\svchost.exe[1544] msvcrt.dll!_wsystem                                                            77C1931E 5 Bytes  JMP 02E90FA8
.text           C:\WINDOWS\System32\svchost.exe[1544] msvcrt.dll!system                                                              77C193C7 5 Bytes  JMP 02E90FB9
.text           C:\WINDOWS\System32\svchost.exe[1544] msvcrt.dll!_creat                                                              77C1D40F 5 Bytes  JMP 02E90FD4
.text           C:\WINDOWS\System32\svchost.exe[1544] msvcrt.dll!_open                                                               77C1F566 5 Bytes  JMP 02E9000C
.text           C:\WINDOWS\System32\svchost.exe[1544] msvcrt.dll!_wcreat                                                             77C1FC9B 5 Bytes  JMP 02E90029
.text           C:\WINDOWS\System32\svchost.exe[1544] msvcrt.dll!_wopen                                                              77C20055 5 Bytes  JMP 02E90FEF
.text           C:\WINDOWS\System32\svchost.exe[1544] WS2_32.dll!socket                                                              71A54211 5 Bytes  JMP 02E80000
.text           C:\WINDOWS\System32\svchost.exe[1544] WININET.dll!InternetOpenA                                                      3FD1D690 5 Bytes  JMP 02E10000
.text           C:\WINDOWS\System32\svchost.exe[1544] WININET.dll!InternetOpenW                                                      3FD1DB09 5 Bytes  JMP 02E10FEF
.text           C:\WINDOWS\System32\svchost.exe[1544] WININET.dll!InternetOpenUrlA                                                   3FD1F3A4 5 Bytes  JMP 02E10FD4
.text           C:\WINDOWS\System32\svchost.exe[1544] WININET.dll!InternetOpenUrlW                                                   3FD66D5F 5 Bytes  JMP 02E10FB9
.text           C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtCreateFile                                                         7C90D0AE 5 Bytes  JMP 00850FEF
.text           C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtCreateProcess                                                      7C90D14E 5 Bytes  JMP 00850FD4
.text           C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtProtectVirtualMemory                                               7C90D6EE 5 Bytes  JMP 0085000A
.text           C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateFileA                                                       7C801A28 5 Bytes  JMP 00840FE5
.text           C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!VirtualProtectEx                                                  7C801A61 5 Bytes  JMP 00840073
.text           C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!VirtualProtect                                                    7C801AD4 5 Bytes  JMP 00840058
.text           C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!LoadLibraryExW                                                    7C801AF5 5 Bytes  JMP 00840047
.text           C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!LoadLibraryExA                                                    7C801D53 5 Bytes  JMP 00840036
.text           C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!LoadLibraryA                                                      7C801D7B 5 Bytes  JMP 00840FB9
.text           C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!GetStartupInfoW                                                   7C801E54 5 Bytes  JMP 00840F41
.text           C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!GetStartupInfoA                                                   7C801EF2 5 Bytes  JMP 00840F52
.text           C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateProcessW                                                    7C802336 5 Bytes  JMP 008400B5
.text           C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateProcessA                                                    7C80236B 5 Bytes  JMP 0084009A
.text           C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!GetProcAddress                                                    7C80AE40 5 Bytes  JMP 00840F01
.text           C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!LoadLibraryW                                                      7C80AEEB 5 Bytes  JMP 00840F9E
.text           C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateFileW                                                       7C810800 5 Bytes  JMP 00840FD4
.text           C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreatePipe                                                        7C81D83F 5 Bytes  JMP 00840F63
.text           C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateNamedPipeW                                                  7C82F0DD 5 Bytes  JMP 00840025
.text           C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateNamedPipeA                                                  7C860CDC 5 Bytes  JMP 0084000A
.text           C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!WinExec                                                           7C86250D 5 Bytes  JMP 00840F26
.text           C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyExW                                                     77DC6AAF 5 Bytes  JMP 0088001E
.text           C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyExW                                                   77DC776C 5 Bytes  JMP 0088004D
.text           C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyExA                                                     77DC7852 5 Bytes  JMP 00880FC3
.text           C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyW                                                       77DC7946 5 Bytes  JMP 00880FDE
.text           C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyExA                                                   77DCE9F4 5 Bytes  JMP 00880F90
.text           C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyA                                                       77DCEFC8 5 Bytes  JMP 00880FEF
.text           C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyW                                                     77DEBA55 2 Bytes  JMP 00880FA1
.text           C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyW + 3                                                 77DEBA58 2 Bytes  [A9, 88]
.text           C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyA                                                     77DEBCF3 5 Bytes  JMP 00880FB2
.text           C:\WINDOWS\system32\svchost.exe[1648] msvcrt.dll!_wsystem                                                            77C1931E 5 Bytes  JMP 00870053
.text           C:\WINDOWS\system32\svchost.exe[1648] msvcrt.dll!system                                                              77C193C7 5 Bytes  JMP 00870038
.text           C:\WINDOWS\system32\svchost.exe[1648] msvcrt.dll!_creat                                                              77C1D40F 5 Bytes  JMP 00870FD2
.text           C:\WINDOWS\system32\svchost.exe[1648] msvcrt.dll!_open                                                               77C1F566 5 Bytes  JMP 00870000
.text           C:\WINDOWS\system32\svchost.exe[1648] msvcrt.dll!_wcreat                                                             77C1FC9B 5 Bytes  JMP 00870027
.text           C:\WINDOWS\system32\svchost.exe[1648] msvcrt.dll!_wopen                                                              77C20055 5 Bytes  JMP 00870FE3
.text           C:\WINDOWS\system32\svchost.exe[1648] WS2_32.dll!socket                                                              71A54211 5 Bytes  JMP 00860FEF
.text           C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtCreateFile                                                         7C90D0AE 5 Bytes  JMP 00C9000A
.text           C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtCreateProcess                                                      7C90D14E 5 Bytes  JMP 00C9002C
.text           C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtProtectVirtualMemory                                               7C90D6EE 5 Bytes  JMP 00C9001B
.text           C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateFileA                                                       7C801A28 5 Bytes  JMP 00C80000
.text           C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!VirtualProtectEx                                                  7C801A61 5 Bytes  JMP 00C80089
.text           C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!VirtualProtect                                                    7C801AD4 5 Bytes  JMP 00C80F8A
.text           C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!LoadLibraryExW                                                    7C801AF5 5 Bytes  JMP 00C80064
.text           C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!LoadLibraryExA                                                    7C801D53 5 Bytes  JMP 00C80047
.text           C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!LoadLibraryA                                                      7C801D7B 5 Bytes  JMP 00C80036
.text           C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!GetStartupInfoW                                                   7C801E54 5 Bytes  JMP 00C80F4B
.text           C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!GetStartupInfoA                                                   7C801EF2 5 Bytes  JMP 00C80F68
.text           C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateProcessW                                                    7C802336 5 Bytes  JMP 00C80F04
.text           C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateProcessA                                                    7C80236B 5 Bytes  JMP 00C80F1F
.text           C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!GetProcAddress                                                    7C80AE40 5 Bytes  JMP 00C80EF3
.text           C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!LoadLibraryW                                                      7C80AEEB 5 Bytes  JMP 00C80FA5
.text           C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateFileW                                                       7C810800 5 Bytes  JMP 00C8001B
.text           C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreatePipe                                                        7C81D83F 5 Bytes  JMP 00C80F79
.text           C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateNamedPipeW                                                  7C82F0DD 5 Bytes  JMP 00C80FD4
.text           C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateNamedPipeA                                                  7C860CDC 5 Bytes  JMP 00C80FE5
.text           C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!WinExec                                                           7C86250D 5 Bytes  JMP 00C80F30
.text           C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyExW                                                     77DC6AAF 5 Bytes  JMP 00CC0FA8
.text           C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyExW                                                   77DC776C 5 Bytes  JMP 00CC0F7C
.text           C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyExA                                                     77DC7852 5 Bytes  JMP 00CC0FC3
.text           C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyW                                                       77DC7946 5 Bytes  JMP 00CC0FD4
.text           C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyExA                                                   77DCE9F4 5 Bytes  JMP 00CC002F
.text           C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyA                                                       77DCEFC8 5 Bytes  JMP 00CC0FEF
.text           C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyW                                                     77DEBA55 5 Bytes  JMP 00CC0014
.text           C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyA                                                     77DEBCF3 5 Bytes  JMP 00CC0F8D
.text           C:\WINDOWS\system32\svchost.exe[1676] msvcrt.dll!_wsystem                                                            77C1931E 5 Bytes  JMP 00CB0FC5
.text           C:\WINDOWS\system32\svchost.exe[1676] msvcrt.dll!system                                                              77C193C7 5 Bytes  JMP 00CB0050
.text           C:\WINDOWS\system32\svchost.exe[1676] msvcrt.dll!_creat                                                              77C1D40F 5 Bytes  JMP 00CB002E
.text           C:\WINDOWS\system32\svchost.exe[1676] msvcrt.dll!_open                                                               77C1F566 5 Bytes  JMP 00CB0000
.text           C:\WINDOWS\system32\svchost.exe[1676] msvcrt.dll!_wcreat                                                             77C1FC9B 5 Bytes  JMP 00CB003F
.text           C:\WINDOWS\system32\svchost.exe[1676] msvcrt.dll!_wopen                                                              77C20055 5 Bytes  JMP 00CB0011
.text           C:\WINDOWS\system32\svchost.exe[1676] WS2_32.dll!socket                                                              71A54211 5 Bytes  JMP 00CA0000
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1872] ntdll.dll!LdrLoadDll                                              7C91632D 5 Bytes  JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3744] USER32.dll!GetWindowInfo                                 7E37C49C 5 Bytes  JMP 104C7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3744] USER32.dll!TrackPopupMenu                                7E3B531E 5 Bytes  JMP 104C7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG]                                                      [F73FE20E] sptd.sys
IAT             \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR]                                                       [F73FD70C] sptd.sys
IAT             \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                      [F73FDEEE] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                   [F73FD70C] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                           [F73FD8F0] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [F73FD832] sptd.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [F73FE0CC] sptd.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [F73FDEEE] sptd.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                   [F7411F56] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\system32\mfevtps.exe[620] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW]               [00407740] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT             C:\WINDOWS\system32\mfevtps.exe[620] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]                   [004077A0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                               86FCA1E8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                               mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                             mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                              SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                              SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \Driver\usbuhci \Device\USBPDO-0                                                                                     864C01E8
Device          \Driver\usbehci \Device\USBPDO-1                                                                                     864091E8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                     864C01E8
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                     864C01E8
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                     864C01E8

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                            mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device          \Driver\Cdrom \Device\CdRom0                                                                                         863D41E8
Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                   [F72EF7B0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                   [F738DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          [F738DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                        [F72EF7B0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                              850591E8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                     850591E8

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                            mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                          mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                     864C01E8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                     864C01E8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    8504D1E8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                     864C01E8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          8504D1E8
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                     864C01E8
Device          \Driver\usbehci \Device\USBFDO-4                                                                                     864091E8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{5EB5A895-A0E6-4247-A3EF-3AA72E63AD14}                                             850591E8
Device          \FileSystem\Cdfs \Cdfs                                                                                               85CC6430

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   2
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                               0x98 0xF9 0x34 0x21 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0xBD 0x5D 0x02 0x43 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                   0x98 0xF9 0x34 0x21 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      1
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xE7 0xDD 0x54 0xE2 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x15 0xA4 0x68 0x7E ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x75 0xF9 0xF4 0xCA ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                   0x98 0xF9 0x34 0x21 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      1
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xBD 0x5D 0x02 0x43 ...

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                MBR read error
Disk            \Device\Harddisk0\DR0                                                                                                MBR BIOS signature not found 0

---- EOF - GMER 1.0.15 ----


Dodano Dzisiaj, 13:25:
Kod: Zaznacz wszystko
OTL logfile created on: 2011-05-14 12:47:00 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\Magda\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 022,00 Mb Total Physical Memory | 262,00 Mb Available Physical Memory | 26,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 6,74 Gb Free Space | 34,49% Space Free | Partition Type: NTFS
Drive D: | 92,25 Gb Total Space | 67,33 Gb Free Space | 72,99% Space Free | Partition Type: NTFS

Computer Name: MADZIA | User Name: Magda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-05-13 23:37:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Magda\Pulpit\OTL.exe
PRC - [2011-04-14 18:59:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-04-14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011-04-14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011-04-14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011-04-05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-01-02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005-10-28 16:25:44 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011-05-13 23:37:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Magda\Pulpit\OTL.exe
MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] --  -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011-04-14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011-04-14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011-04-14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010-10-07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010-04-27 13:43:48 | 000,611,840 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-04-14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011-04-14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011-04-14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011-04-14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011-04-14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011-04-14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011-04-14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011-04-14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011-04-14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011-04-14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010-02-27 18:00:55 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2010-02-27 17:45:19 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-02-26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010-02-26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010-02-26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010-02-26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010-02-11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-04-13 20:40:50 | 000,149,376 | ---- | M] (M-Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tffsport.sys -- (tffsport)
DRV - [2006-10-12 10:52:04 | 004,387,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-05-23 23:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006-03-18 04:24:59 | 000,026,844 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005-09-30 12:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1614895754-515967899-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKU\S-1-5-21-1614895754-515967899-839522115-1004\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1614895754-515967899-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011-05-04 19:45:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-05-13 22:32:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-05-08 21:05:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010-02-27 17:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Extensions
[2011-05-04 19:51:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Firefox\Profiles\a8cy9ez8.default\extensions
[2010-04-28 22:28:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Firefox\Profiles\a8cy9ez8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-11-04 19:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Firefox\Profiles\a8cy9ez8.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011-05-04 23:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-07-20 23:18:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-13 19:17:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-11-01 14:22:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-02-09 22:44:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011-03-06 19:37:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2010-03-01 20:32:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-05-04 19:45:50 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011-04-14 18:59:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011-04-14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010-02-21 12:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2011-02-02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011-03-22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2011-01-24 21:08:06 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2011-05-14 00:08:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {78DB67FF-6109-61E9-4179-572C5A544B95} - C:\WINDOWS\system32\d3dx100_40.dll (OYKmeNfW BSomCS)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110513223249.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKU\S-1-5-21-1614895754-515967899-839522115-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-515967899-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614895754-515967899-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1614895754-515967899-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1614895754-515967899-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-02-27 16:13:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-05-14 12:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\McAfee
[2011-05-14 12:38:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-05-14 12:37:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011-05-14 00:04:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011-05-13 23:55:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011-05-13 23:53:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-05-13 23:53:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-05-13 23:53:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-05-13 23:53:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-05-13 23:53:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011-05-13 23:50:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-05-13 23:50:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-05-13 23:36:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Magda\Pulpit\OTL.exe
[2011-05-10 21:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Dane aplikacji\playmink
[2011-05-09 14:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Dane aplikacji\Meridian93
[2011-05-09 14:19:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Magic Life
[2011-05-08 20:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2011-05-08 20:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Menu Start\Programy\Detektor Winampa
[2011-05-08 20:11:52 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2011-05-08 20:11:52 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2011-05-08 20:11:50 | 000,059,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwma.dll
[2011-04-28 16:35:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2011-04-28 16:35:04 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2011-04-25 10:49:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3023
[2011-04-23 19:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Dane aplikacji\Ph03nixNewMedia
[2011-04-21 22:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Menu Start\Programy\Zuma's Revenge!
[2011-04-21 22:34:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Zuma's Revenge!
[2011-04-21 22:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Zuma's Revenge!
[2011-04-21 22:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Components Installer
[2011-04-21 22:22:36 | 000,209,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Tabctl32.ocx
[2011-04-21 22:22:35 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2011-04-21 22:22:35 | 000,102,400 | ---- | C] (Nelco Software) -- C:\WINDOWS\System32\nslock15vb6.ocx
[2011-04-21 22:22:35 | 000,057,344 | ---- | C] (DMS Solutions, Inc.) -- C:\WINDOWS\System32\DMSXPButton.ocx
[2011-04-21 22:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\www.research-lab.com
[2011-04-21 22:22:31 | 000,796,672 | ---- | C] (Qsc) -- C:\WINDOWS\GPInstall.exe
[2011-04-21 22:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\Temp
[2011-04-21 22:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\Google
[2011-04-21 21:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound
[2011-04-21 21:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Dane aplikacji\NCH Swift Sound

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-05-14 12:48:12 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Magda\Pulpit\4x2ckviw.exe
[2011-05-14 12:44:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-05-14 00:08:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-05-13 23:55:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011-05-13 23:51:39 | 004,347,800 | R--- | M] () -- C:\Documents and Settings\Magda\Pulpit\ComboFix.exe
[2011-05-13 23:37:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Magda\Pulpit\OTL.exe
[2011-05-13 17:14:12 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Magda\Pulpit\Skrót do Frozen Throne.exe.lnk
[2011-05-13 17:14:06 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Magda\Pulpit\Skrót do Warcraft III.exe.lnk
[2011-05-13 16:53:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-05-09 13:13:58 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Magda\Pulpit\Skrót do MyFarmLife.exe.lnk
[2011-05-05 22:42:16 | 000,433,912 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110513-171932.backup
[2011-05-04 23:01:05 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2011-04-28 18:12:46 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-21 22:35:10 | 000,001,639 | ---- | M] () -- C:\Documents and Settings\Magda\Pulpit\Zuma's Revenge!.lnk
[2011-04-21 22:22:31 | 000,796,672 | ---- | M] (Qsc) -- C:\WINDOWS\GPInstall.exe
[2011-04-21 21:05:12 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-04-19 20:13:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-04-19 20:12:22 | 000,503,756 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2011-04-19 20:12:22 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-04-19 20:12:22 | 000,090,292 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2011-04-19 20:12:22 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-04-14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2011-04-14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2011-04-14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2011-04-14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2011-04-14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2011-04-14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2011-04-14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2011-04-14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2011-04-14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2011-04-14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2011-04-14 14:01:38 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-05-14 12:48:07 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Magda\Pulpit\4x2ckviw.exe
[2011-05-13 23:55:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011-05-13 23:55:36 | 000,262,400 | RHS- | C] () -- C:\cmldr
[2011-05-13 23:53:23 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-05-13 23:53:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-05-13 23:53:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-05-13 23:53:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-05-13 23:53:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-05-13 23:39:02 | 004,347,800 | R--- | C] () -- C:\Documents and Settings\Magda\Pulpit\ComboFix.exe
[2011-05-13 17:14:12 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Magda\Pulpit\Skrót do Frozen Throne.exe.lnk
[2011-05-13 17:14:06 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Magda\Pulpit\Skrót do Warcraft III.exe.lnk
[2011-05-04 23:01:05 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
[2011-04-21 22:35:10 | 000,001,639 | ---- | C] () -- C:\Documents and Settings\Magda\Pulpit\Zuma's Revenge!.lnk
[2011-03-15 23:50:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Nancy Drew 1 Secrets Can Kill.INI
[2011-02-01 20:53:11 | 000,000,142 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2010-11-11 13:01:29 | 000,001,651 | ---- | C] () -- C:\WINDOWS\System32\netmsmqa.exe
[2010-10-17 16:06:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010-09-05 19:53:34 | 000,000,234 | ---- | C] () -- C:\WINDOWS\Fakturka.ini
[2010-08-16 18:44:58 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010-06-29 22:32:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-06-23 15:16:41 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010-06-13 09:00:11 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010-03-13 21:21:05 | 000,000,980 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010-03-07 02:51:10 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-27 18:21:24 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-02-27 18:21:21 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-02-27 18:10:41 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-02-27 18:00:55 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2010-02-27 17:04:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-02-27 17:02:18 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-02-27 17:01:11 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-02-27 16:47:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010-02-27 16:42:04 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-02-27 16:31:59 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2010-02-27 16:28:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-02-27 16:19:41 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010-02-27 16:07:58 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009-06-07 16:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-06-07 16:16:12 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-01-28 20:50:44 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2004-08-04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-04 14:00:00 | 000,503,756 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2004-08-04 14:00:00 | 000,444,362 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-04 14:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2004-08-04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-04 14:00:00 | 000,090,292 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2004-08-04 14:00:00 | 000,072,238 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-04 14:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2004-08-04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-04 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003-07-30 11:48:28 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003-07-30 10:49:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-03-30 22:58:36 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\Property.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-09-22 19:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper
[2011-04-03 10:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\aliasworlds
[2011-04-12 20:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Artist Colony
[2011-04-23 19:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Big Fish Games
[2010-09-20 22:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Big Splash Games
[2010-09-04 17:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\blg
[2010-11-01 14:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CrioGames
[2010-11-13 20:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Elephant Games
[2010-12-25 14:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2011-03-14 17:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Fenomen Games
[2010-09-04 17:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\fillup2-daxygames-eng
[2010-06-20 18:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Floodlight Games
[2010-05-03 20:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\freshgames
[2011-04-25 10:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Fugazo
[2010-11-28 17:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Funny Bear Studio
[2010-08-26 18:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GabCab
[2010-02-27 18:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-07-04 23:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gamers Digital
[2010-03-27 17:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Happyville__
[2011-02-13 14:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\HipSoft
[2011-01-26 22:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\HouseDemo
[2010-06-20 17:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2010-05-28 21:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Islands
[2010-09-04 18:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\iWin
[2011-03-06 20:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ludia
[2011-04-21 21:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound
[2010-03-01 21:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NevoSoft Games
[2010-06-20 18:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2010-06-20 18:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2011-03-26 14:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PlayFirst
[2010-05-13 19:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Playrix Entertainment
[2011-05-07 11:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\rionix
[2010-11-13 19:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Robin Hood
[2011-01-12 20:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sandlot Games
[2011-05-09 13:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2010-11-04 19:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TikGames
[2010-10-31 23:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\VirtualFarm
[2010-03-22 20:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\XLab
[2010-08-26 18:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\AlderGames
[2011-04-03 10:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\aliasworlds
[2010-09-22 19:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Artifex Mundi
[2010-11-26 23:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Avenue Flo - Special Delivery Strategy Guide
[2010-06-25 20:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\AVI ReComp
[2010-10-10 20:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Bear's dream
[2010-11-09 18:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Big Fish Games
[2010-09-20 22:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Big Splash Games
[2010-08-16 18:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\BitComet
[2010-09-04 17:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\blg
[2010-09-04 17:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Boolat Games
[2010-02-27 17:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\DAEMON Tools Pro
[2011-01-31 14:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\DivoGames
[2010-10-15 19:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Dreamscape_Saves
[2010-11-13 20:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Elephant Games
[2010-11-12 21:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\ERS Game Studios
[2010-12-25 14:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\ESET
[2011-05-07 15:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Farm Mania 2.1
[2010-11-03 16:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\FarmerJane
[2010-06-20 18:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Floodlight Games
[2010-05-03 20:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\freshgames
[2010-09-20 22:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Friday's games
[2011-02-15 00:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Fugazo
[2010-02-27 18:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Gadu-Gadu 10
[2010-07-04 23:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Gamers Digital
[2011-03-23 21:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\HdO Adventure
[2011-01-26 22:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Islands
[2010-09-04 18:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\iWin
[2010-11-10 13:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Jetdogs Studios
[2010-08-16 18:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Jumb-O-Fun Games
[2010-09-04 17:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Lonely Troops
[2011-03-06 20:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Ludia
[2011-03-14 17:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Magic Seeds
[2011-05-09 14:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Meridian93
[2010-03-22 20:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\My Games
[2011-04-21 21:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\NCH Swift Sound
[2010-06-06 14:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\NevoSoft Games
[2010-06-20 18:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\PC Suite
[2010-12-16 00:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\PCToolsFirewallPlus
[2010-02-27 20:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\PCToolsSpamMonitorPlus
[2010-05-14 21:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Peace Craft
[2010-09-01 12:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\PeaceCraft2
[2011-04-23 19:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Ph03nixNewMedia
[2011-03-26 14:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\PlayFirst
[2011-05-10 21:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\playmink
[2010-09-04 17:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Rabbit's Magic Adventures
[2010-11-28 19:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Roads Of Rome
[2010-11-13 19:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Robin Hood
[2010-11-04 16:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Sahmon Games
[2010-04-03 18:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Scrabble Plus
[2010-12-16 00:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Spam Monitor
[2010-12-28 19:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Spark Plug Games
[2010-12-05 18:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Supermarket Mania 2
[2010-11-04 19:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\TikGames
[2010-11-09 18:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Ubisoft
[2011-05-10 20:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\uTorrent
[2011-02-24 21:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\ViquaSoft
[2011-01-09 18:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\YoudaGames

[color=#E56717]========== Purity Check ==========[/color]



< End of report >


Dodano Dzisiaj, 13:25:
Kod: Zaznacz wszystko
All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Secure Search" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&type=302398" removed from browser.search.param.yahoo-fr
Prefs.js: "Secure Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.yahoo.com/search?fr=mcafee&p=" removed from keyword.URL
C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Firefox\Profiles\a8cy9ez8.default\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wmupdater deleted successfully.
C:\Program Files\updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mghlbpfy.dll deleted successfully.
C:\WINDOWS\system32\mghlbpfy.dll moved successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:AAA14AF9 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:78DEA3A4 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:831C6B2D deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:159A493A deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:430C6D84 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:2DD32145 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EAEE7554 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E6A96BE9 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:AF24D911 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:FD38E906 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05F547A9 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7E239580 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5C0940F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3A0561F3 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:AA0BC725 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:08801FDB deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E9900C74 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:983B4DC0 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EA7D76BE deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:BA5EEDA7 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4B1CFD78 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:18BFD8F8 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E5B6B9C5 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:38FF076E deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3B07E6F4 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0915A718 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D9771F40 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:92FE8A60 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1CA73D29 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:F760FD47 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4A966CC2 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5EB551C8 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CFF6B3FF deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:517B507A deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:F7F6E6CB deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:10D45FC3 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A5264343 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:99AC3203 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:348A3734 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:073139EC deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9B2BD056 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BFA43EB deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:2ADF9928 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:73461BFA deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:751D6870 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:13765436 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:68A56598 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:F6E5C7FB deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:BE6DC701 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:15752405 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:F1DEA771 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0ED4AC2F deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:ADF211B1 deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\At4.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Magda
->Temp folder emptied: 1285813 bytes
->Temporary Internet Files folder emptied: 1089681 bytes
->Java cache emptied: 19824679 bytes
->FireFox cache emptied: 46839998 bytes
->Flash cache emptied: 33616 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 322103434 bytes
%systemroot% .tmp files removed: 2503512 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 376,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: Magda
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05142011_123845

Files\Folders moved on Reboot...
C:\WINDOWS\System32\tmp.tmp moved successfully.

Registry entries deleted on Reboot...


Dodano Dzisiaj, 13:33:
Komputer juz sie uruchamia lepiej, mam nadzieje ze w logach nie ma juz nic niepokojacego.
magdat
~user
 
Posty: 6
Dołączenie: 13 Maj 2011, 23:11


Góra

Tdss.d!mem - prosba o pomoc

Postprzez wojtas 14 Maj 2011, 14:06

[Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)


poczytaj i zastosuj się do tego, i daj nowego loga z Gmera w następnym poście.

wykonaj skan: Kaspersky TDSSKiller, jeśli coś znajdzie dajesz Skip. po tym dajesz 3 nowe logi + raport z TDSSKiller'a

widzę że używany byl Combofix. proszę podać z niego raport, jednak nie odpalaj go ponownie tylko stary raport
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656


Góra

Tdss.d!mem - prosba o pomoc

Postprzez magdat 14 Maj 2011, 15:03

Kod: Zaznacz wszystko
2011/05/14 15:02:26.0296 3520   TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/14 15:02:26.0578 3520   ================================================================================
2011/05/14 15:02:26.0578 3520   SystemInfo:
2011/05/14 15:02:26.0578 3520   
2011/05/14 15:02:26.0578 3520   OS Version: 5.1.2600 ServicePack: 3.0
2011/05/14 15:02:26.0578 3520   Product type: Workstation
2011/05/14 15:02:26.0578 3520   ComputerName: MADZIA
2011/05/14 15:02:26.0578 3520   UserName: Magda
2011/05/14 15:02:26.0578 3520   Windows directory: C:\WINDOWS
2011/05/14 15:02:26.0578 3520   System windows directory: C:\WINDOWS
2011/05/14 15:02:26.0578 3520   Processor architecture: Intel x86
2011/05/14 15:02:26.0578 3520   Number of processors: 2
2011/05/14 15:02:26.0578 3520   Page size: 0x1000
2011/05/14 15:02:26.0578 3520   Boot type: Normal boot
2011/05/14 15:02:26.0578 3520   ================================================================================
2011/05/14 15:02:27.0296 3520   Initialize success
2011/05/14 15:02:37.0031 2212   ================================================================================
2011/05/14 15:02:37.0031 2212   Scan started
2011/05/14 15:02:37.0031 2212   Mode: Manual;
2011/05/14 15:02:37.0031 2212   ================================================================================
2011/05/14 15:02:37.0312 2212   ACPI            (05118282f5d039595a2b92b4a4afe197) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/14 15:02:37.0359 2212   ACPIEC          (66a42b7db194e24b973bbcce840a0f3f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/14 15:02:37.0468 2212   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/14 15:02:37.0531 2212   AFD             (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/14 15:02:37.0750 2212   Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/14 15:02:37.0859 2212   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/14 15:02:37.0906 2212   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/14 15:02:38.0031 2212   ati2mtag        (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/14 15:02:38.0156 2212   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/14 15:02:38.0312 2212   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/14 15:02:38.0375 2212   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/14 15:02:38.0515 2212   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/14 15:02:38.0562 2212   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/14 15:02:38.0625 2212   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/14 15:02:38.0656 2212   Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/14 15:02:38.0703 2212   cfwids          (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
2011/05/14 15:02:38.0812 2212   CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/14 15:02:38.0843 2212   Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/14 15:02:38.0953 2212   Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/14 15:02:39.0078 2212   dmboot          (bc9219abc5696942e6f9ac8a9b28670f) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/14 15:02:39.0265 2212   dmio            (5fa232e3ba6e1346f9f5a7e519320cb0) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/14 15:02:39.0421 2212   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/14 15:02:39.0453 2212   DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/14 15:02:39.0515 2212   drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/14 15:02:39.0578 2212   dtscsi          (6461e57bb51a848aae26f52427b7cf9e) C:\WINDOWS\System32\Drivers\dtscsi.sys
2011/05/14 15:02:39.0843 2212   Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/14 15:02:39.0890 2212   Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/14 15:02:39.0921 2212   Fips            (09e2a4d33f81a06a8aab2ba0a0b5d235) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/14 15:02:40.0109 2212   Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/14 15:02:40.0171 2212   FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/14 15:02:40.0218 2212   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/14 15:02:40.0250 2212   Ftdisk          (ed6d921d8ab423138fb35beee6d6a6cb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/14 15:02:40.0343 2212   Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/14 15:02:40.0375 2212   HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/14 15:02:40.0406 2212   hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/14 15:02:40.0531 2212   HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/14 15:02:40.0812 2212   i8042prt        (177b372af55c4460d0968b5f1d02aa1c) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/14 15:02:40.0968 2212   iaStor          (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/05/14 15:02:41.0000 2212   Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/14 15:02:41.0281 2212   IntcAzAudAddService (6d6b57808c923a4d79cc8f47307753c9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/14 15:02:41.0484 2212   intelppm        (da153edc09de8c4f846c085caa39d1cc) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/14 15:02:41.0625 2212   Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/14 15:02:41.0703 2212   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/14 15:02:41.0812 2212   IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/14 15:02:41.0906 2212   IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/14 15:02:41.0968 2212   IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/14 15:02:42.0000 2212   IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/14 15:02:42.0093 2212   isapnp          (c8eef2e93835b81bd335de2123121283) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/14 15:02:42.0265 2212   Kbdclass        (2aeca45d4aeaacbdcb77ad11184e4601) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/14 15:02:42.0390 2212   kbdhid          (f718dcddac2544bc693f22977d06f78b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/14 15:02:42.0515 2212   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/14 15:02:42.0562 2212   KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/14 15:02:42.0703 2212   mfeapfk         (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/05/14 15:02:42.0937 2212   mfeavfk         (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/05/14 15:02:43.0171 2212   mfebopk         (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/05/14 15:02:43.0546 2212   mfefirek        (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/05/14 15:02:44.0062 2212   mfehidk         (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/05/14 15:02:44.0281 2212   mfendisk        (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/05/14 15:02:44.0359 2212   mfendiskmp      (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/05/14 15:02:44.0406 2212   mferkdet        (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/05/14 15:02:44.0531 2212   mfetdi2k        (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/05/14 15:02:44.0671 2212   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/14 15:02:44.0734 2212   Modem           (4a068db7dc37d5afedb6512d2931d7b3) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/14 15:02:44.0828 2212   Mouclass        (fbed3df6b884f8cf00447b73507f2c48) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/14 15:02:44.0921 2212   mouhid          (ecec1e6cd558ab80f944f31326e9d3b5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/14 15:02:45.0015 2212   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/14 15:02:45.0046 2212   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/14 15:02:45.0125 2212   MRxSmb          (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/14 15:02:45.0281 2212   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/14 15:02:45.0328 2212   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/14 15:02:45.0359 2212   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/14 15:02:45.0421 2212   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/14 15:02:45.0484 2212   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/14 15:02:45.0531 2212   Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/14 15:02:45.0562 2212   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/14 15:02:45.0640 2212   NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/14 15:02:45.0671 2212   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/14 15:02:45.0750 2212   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/14 15:02:45.0812 2212   NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/14 15:02:45.0890 2212   NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/14 15:02:45.0921 2212   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/14 15:02:46.0046 2212   NETw3x32        (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
2011/05/14 15:02:46.0218 2212   NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/14 15:02:46.0265 2212   nmwcd           (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/05/14 15:02:46.0359 2212   nmwcdc          (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/05/14 15:02:46.0437 2212   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/14 15:02:46.0500 2212   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/14 15:02:46.0562 2212   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/14 15:02:46.0625 2212   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/14 15:02:46.0671 2212   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/14 15:02:46.0781 2212   ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/14 15:02:46.0828 2212   Parport         (2d4cdaebced17743aa9e25d3016dc229) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/14 15:02:46.0968 2212   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/14 15:02:47.0000 2212   ParVdm          (453ec2c2a20a1382f564541918520eeb) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/14 15:02:47.0093 2212   pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/05/14 15:02:47.0171 2212   PCI             (6862c69168d787b85a7d95ccd33c694e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/14 15:02:47.0281 2212   PCIIde          (548cf2d6369eae441a4c6baa75bc4f0a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/14 15:02:47.0359 2212   Pcmcia          (8db27f1ae9593c94095485305a583862) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/14 15:02:47.0562 2212   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/14 15:02:47.0609 2212   PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/14 15:02:47.0671 2212   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/14 15:02:47.0781 2212   PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/14 15:02:47.0937 2212   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/14 15:02:47.0953 2212   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/14 15:02:47.0984 2212   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/14 15:02:48.0015 2212   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/14 15:02:48.0046 2212   Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/14 15:02:48.0078 2212   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/14 15:02:48.0109 2212   RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/14 15:02:48.0156 2212   redbook         (e0c7bbd18040b58651bac700c804861d) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/14 15:02:48.0296 2212   RTL8023xp       (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/05/14 15:02:48.0421 2212   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/14 15:02:48.0453 2212   Serial          (d07b02f88165e69b9f17162cf592c8a6) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/14 15:02:48.0546 2212   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/14 15:02:48.0656 2212   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/14 15:02:48.0734 2212   sptd            (8ea0fd60a5b047e0c734d51aace531c9) C:\WINDOWS\System32\Drivers\sptd.sys
2011/05/14 15:02:48.0734 2212   Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: 8ea0fd60a5b047e0c734d51aace531c9
2011/05/14 15:02:48.0750 2212   sptd - detected LockedFile.Multi.Generic (1)
2011/05/14 15:02:48.0828 2212   sr              (eb032822be406ef220d546ddffcf0002) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/14 15:02:49.0000 2212   Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/14 15:02:49.0109 2212   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/14 15:02:49.0140 2212   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/14 15:02:49.0265 2212   SynTP           (9d7385ad343eeed23a61d4ac5ae44601) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/14 15:02:49.0359 2212   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/14 15:02:49.0421 2212   Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/14 15:02:49.0484 2212   Tcpip6          (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/05/14 15:02:49.0546 2212   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/14 15:02:49.0578 2212   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/14 15:02:49.0625 2212   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/14 15:02:49.0750 2212   tffsport        (d9d5e4ca72270e9f3eca97da0983ab87) C:\WINDOWS\system32\DRIVERS\tffsport.sys
2011/05/14 15:02:49.0796 2212   tunmp           (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/05/14 15:02:49.0843 2212   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/14 15:02:49.0906 2212   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/14 15:02:49.0968 2212   upperdev        (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/05/14 15:02:50.0078 2212   usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/14 15:02:50.0109 2212   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/14 15:02:50.0171 2212   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/14 15:02:50.0218 2212   usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/14 15:02:50.0265 2212   usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/05/14 15:02:50.0359 2212   UsbserFilt      (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/05/14 15:02:50.0468 2212   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/14 15:02:50.0500 2212   usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/14 15:02:50.0562 2212   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/14 15:02:50.0625 2212   VolSnap         (56b191ac5fc0df219949c95a6c87afe7) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/14 15:02:50.0718 2212   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/14 15:02:50.0781 2212   Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/14 15:02:50.0968 2212   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/14 15:02:51.0000 2212   WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/14 15:02:51.0046 2212   WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/14 15:02:51.0218 2212   ================================================================================
2011/05/14 15:02:51.0218 2212   Scan finished
2011/05/14 15:02:51.0218 2212   ================================================================================
2011/05/14 15:02:51.0234 0436   Detected object count: 1
2011/05/14 15:02:56.0187 0436   LockedFile.Multi.Generic(sptd) - User select action: Skip


Dodano Dzisiaj, 15:14:
Kod: Zaznacz wszystko
OTL logfile created on: 2011-05-14 15:06:31 - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\Magda\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 022,00 Mb Total Physical Memory | 476,00 Mb Available Physical Memory | 47,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 6,62 Gb Free Space | 33,90% Space Free | Partition Type: NTFS
Drive D: | 92,25 Gb Total Space | 67,33 Gb Free Space | 72,99% Space Free | Partition Type: NTFS

Computer Name: MADZIA | User Name: Magda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-05-13 23:37:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Magda\Pulpit\OTL.exe
PRC - [2011-04-14 18:59:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-04-14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011-04-14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011-04-14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011-04-05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-01-02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005-10-28 16:25:44 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011-05-13 23:37:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Magda\Pulpit\OTL.exe
MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] --  -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011-04-14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011-04-14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011-04-14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010-10-07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010-04-27 13:43:48 | 000,611,840 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010-03-10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-05-14 14:51:46 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011-04-14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011-04-14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011-04-14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011-04-14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011-04-14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011-04-14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011-04-14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011-04-14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011-04-14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011-04-14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010-02-27 18:00:55 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2010-02-26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010-02-26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010-02-26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010-02-26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010-02-11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-04-13 20:40:50 | 000,149,376 | ---- | M] (M-Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tffsport.sys -- (tffsport)
DRV - [2006-10-12 10:52:04 | 004,387,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-05-23 23:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005-09-30 12:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1614895754-515967899-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKU\S-1-5-21-1614895754-515967899-839522115-1004\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1614895754-515967899-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011-05-04 19:45:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-05-13 22:32:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-05-08 21:05:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010-02-27 17:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Extensions
[2011-05-04 19:51:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Firefox\Profiles\a8cy9ez8.default\extensions
[2010-04-28 22:28:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Firefox\Profiles\a8cy9ez8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-11-04 19:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Firefox\Profiles\a8cy9ez8.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011-05-04 23:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-07-20 23:18:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-13 19:17:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-11-01 14:22:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-02-09 22:44:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011-03-06 19:37:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2010-03-01 20:32:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-05-04 19:45:50 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011-04-14 18:59:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011-04-14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010-02-21 12:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2011-02-02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011-03-22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2011-01-24 21:08:06 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2011-05-14 00:08:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {78DB67FF-6109-61E9-4179-572C5A544B95} - C:\WINDOWS\system32\d3dx100_40.dll (OYKmeNfW BSomCS)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110513223249.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKU\S-1-5-21-1614895754-515967899-839522115-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-515967899-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614895754-515967899-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1614895754-515967899-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1614895754-515967899-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-02-27 16:13:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-05-14 15:04:26 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011-05-14 15:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\McAfee
[2011-05-14 13:02:27 | 000,607,288 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Magda\Pulpit\SPTDinst-v178-x86.exe
[2011-05-14 12:38:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-05-14 12:37:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011-05-14 00:04:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011-05-13 23:55:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011-05-13 23:53:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-05-13 23:53:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-05-13 23:53:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-05-13 23:53:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-05-13 23:50:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-05-13 23:50:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-05-13 23:36:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Magda\Pulpit\OTL.exe
[2011-05-10 21:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Dane aplikacji\playmink
[2011-05-09 14:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Dane aplikacji\Meridian93
[2011-05-09 14:19:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Magic Life
[2011-05-08 20:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2011-05-08 20:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Menu Start\Programy\Detektor Winampa
[2011-05-08 20:11:52 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2011-05-08 20:11:52 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2011-05-08 20:11:50 | 000,059,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwma.dll
[2011-04-28 16:35:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2011-04-28 16:35:04 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2011-04-25 10:49:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3023
[2011-04-23 19:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Dane aplikacji\Ph03nixNewMedia
[2011-04-21 22:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Menu Start\Programy\Zuma's Revenge!
[2011-04-21 22:34:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Zuma's Revenge!
[2011-04-21 22:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Zuma's Revenge!
[2011-04-21 22:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Components Installer
[2011-04-21 22:22:36 | 000,209,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Tabctl32.ocx
[2011-04-21 22:22:35 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2011-04-21 22:22:35 | 000,102,400 | ---- | C] (Nelco Software) -- C:\WINDOWS\System32\nslock15vb6.ocx
[2011-04-21 22:22:35 | 000,057,344 | ---- | C] (DMS Solutions, Inc.) -- C:\WINDOWS\System32\DMSXPButton.ocx
[2011-04-21 22:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\www.research-lab.com
[2011-04-21 22:22:31 | 000,796,672 | ---- | C] (Qsc) -- C:\WINDOWS\GPInstall.exe
[2011-04-21 22:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\Temp
[2011-04-21 22:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\Google
[2011-04-21 21:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound
[2011-04-21 21:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Dane aplikacji\NCH Swift Sound

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-05-14 15:02:07 | 001,280,208 | ---- | M] () -- C:\Documents and Settings\Magda\Pulpit\tdsskiller.zip
[2011-05-14 15:00:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-05-14 13:02:28 | 000,607,288 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Magda\Pulpit\SPTDinst-v178-x86.exe
[2011-05-14 12:48:12 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Magda\Pulpit\4x2ckviw.exe
[2011-05-14 00:08:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-05-13 23:55:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011-05-13 23:51:39 | 004,347,800 | R--- | M] () -- C:\Documents and Settings\Magda\Pulpit\ComboFix.exe
[2011-05-13 23:37:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Magda\Pulpit\OTL.exe
[2011-05-13 17:14:12 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Magda\Pulpit\Skrót do Frozen Throne.exe.lnk
[2011-05-13 17:14:06 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Magda\Pulpit\Skrót do Warcraft III.exe.lnk
[2011-05-13 16:53:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-05-09 13:13:58 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Magda\Pulpit\Skrót do MyFarmLife.exe.lnk
[2011-05-05 22:42:16 | 000,433,912 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110513-171932.backup
[2011-05-04 23:01:05 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2011-04-28 18:12:46 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-21 22:35:10 | 000,001,639 | ---- | M] () -- C:\Documents and Settings\Magda\Pulpit\Zuma's Revenge!.lnk
[2011-04-21 22:22:31 | 000,796,672 | ---- | M] (Qsc) -- C:\WINDOWS\GPInstall.exe
[2011-04-21 21:05:12 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-04-19 20:13:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-04-19 20:12:22 | 000,503,756 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2011-04-19 20:12:22 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-04-19 20:12:22 | 000,090,292 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2011-04-19 20:12:22 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-05-14 15:02:04 | 001,280,208 | ---- | C] () -- C:\Documents and Settings\Magda\Pulpit\tdsskiller.zip
[2011-05-14 12:48:07 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Magda\Pulpit\4x2ckviw.exe
[2011-05-13 23:55:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011-05-13 23:55:36 | 000,262,400 | RHS- | C] () -- C:\cmldr
[2011-05-13 23:53:23 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-05-13 23:53:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-05-13 23:53:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-05-13 23:53:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-05-13 23:53:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-05-13 23:39:02 | 004,347,800 | R--- | C] () -- C:\Documents and Settings\Magda\Pulpit\ComboFix.exe
[2011-05-13 17:14:12 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Magda\Pulpit\Skrót do Frozen Throne.exe.lnk
[2011-05-13 17:14:06 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Magda\Pulpit\Skrót do Warcraft III.exe.lnk
[2011-05-04 23:01:05 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
[2011-04-21 22:35:10 | 000,001,639 | ---- | C] () -- C:\Documents and Settings\Magda\Pulpit\Zuma's Revenge!.lnk
[2011-03-15 23:50:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Nancy Drew 1 Secrets Can Kill.INI
[2011-02-01 20:53:11 | 000,000,142 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2010-11-11 13:01:29 | 000,001,651 | ---- | C] () -- C:\WINDOWS\System32\netmsmqa.exe
[2010-10-17 16:06:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010-09-05 19:53:34 | 000,000,234 | ---- | C] () -- C:\WINDOWS\Fakturka.ini
[2010-08-16 18:44:58 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010-06-29 22:32:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-06-23 15:16:41 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010-06-13 09:00:11 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010-03-13 21:21:05 | 000,000,980 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010-03-07 02:51:10 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-27 18:21:24 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-02-27 18:21:21 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-02-27 18:10:41 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-02-27 17:04:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-02-27 17:02:18 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-02-27 17:01:11 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-02-27 16:47:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010-02-27 16:42:04 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-02-27 16:31:59 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2010-02-27 16:28:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-02-27 16:19:41 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010-02-27 16:07:58 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009-06-07 16:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-06-07 16:16:12 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-01-28 20:50:44 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2004-08-04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-04 14:00:00 | 000,503,756 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2004-08-04 14:00:00 | 000,444,362 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-04 14:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2004-08-04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-04 14:00:00 | 000,090,292 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2004-08-04 14:00:00 | 000,072,238 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-04 14:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2004-08-04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-04 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003-07-30 11:48:28 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003-07-30 10:49:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-03-30 22:58:36 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\Property.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-09-22 19:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper
[2011-04-03 10:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\aliasworlds
[2011-04-12 20:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Artist Colony
[2011-04-23 19:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Big Fish Games
[2010-09-20 22:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Big Splash Games
[2010-09-04 17:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\blg
[2010-11-01 14:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CrioGames
[2010-11-13 20:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Elephant Games
[2010-12-25 14:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2011-03-14 17:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Fenomen Games
[2010-09-04 17:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\fillup2-daxygames-eng
[2010-06-20 18:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Floodlight Games
[2010-05-03 20:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\freshgames
[2011-04-25 10:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Fugazo
[2010-11-28 17:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Funny Bear Studio
[2010-08-26 18:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GabCab
[2010-02-27 18:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-07-04 23:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gamers Digital
[2010-03-27 17:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Happyville__
[2011-02-13 14:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\HipSoft
[2011-01-26 22:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\HouseDemo
[2010-06-20 17:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2010-05-28 21:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Islands
[2010-09-04 18:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\iWin
[2011-03-06 20:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ludia
[2011-04-21 21:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound
[2010-03-01 21:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NevoSoft Games
[2010-06-20 18:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2010-06-20 18:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2011-03-26 14:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PlayFirst
[2010-05-13 19:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Playrix Entertainment
[2011-05-07 11:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\rionix
[2010-11-13 19:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Robin Hood
[2011-01-12 20:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sandlot Games
[2011-05-09 13:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2010-11-04 19:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TikGames
[2010-10-31 23:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\VirtualFarm
[2010-03-22 20:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\XLab
[2010-08-26 18:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\AlderGames
[2011-04-03 10:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\aliasworlds
[2010-09-22 19:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Artifex Mundi
[2010-11-26 23:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Avenue Flo - Special Delivery Strategy Guide
[2010-06-25 20:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\AVI ReComp
[2010-10-10 20:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Bear's dream
[2010-11-09 18:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Big Fish Games
[2010-09-20 22:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Big Splash Games
[2010-08-16 18:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\BitComet
[2010-09-04 17:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\blg
[2010-09-04 17:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Boolat Games
[2010-02-27 17:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\DAEMON Tools Pro
[2011-01-31 14:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\DivoGames
[2010-10-15 19:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Dreamscape_Saves
[2010-11-13 20:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Elephant Games
[2010-11-12 21:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\ERS Game Studios
[2010-12-25 14:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\ESET
[2011-05-07 15:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Farm Mania 2.1
[2010-11-03 16:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\FarmerJane
[2010-06-20 18:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Floodlight Games
[2010-05-03 20:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\freshgames
[2010-09-20 22:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Friday's games
[2011-02-15 00:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Fugazo
[2010-02-27 18:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Gadu-Gadu 10
[2010-07-04 23:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Gamers Digital
[2011-03-23 21:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\HdO Adventure
[2011-01-26 22:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Islands
[2010-09-04 18:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\iWin
[2010-11-10 13:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Jetdogs Studios
[2010-08-16 18:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Jumb-O-Fun Games
[2010-09-04 17:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Lonely Troops
[2011-03-06 20:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Ludia
[2011-03-14 17:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Magic Seeds
[2011-05-09 14:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Meridian93
[2010-03-22 20:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\My Games
[2011-04-21 21:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\NCH Swift Sound
[2010-06-06 14:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\NevoSoft Games
[2010-06-20 18:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\PC Suite
[2010-12-16 00:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\PCToolsFirewallPlus
[2010-02-27 20:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\PCToolsSpamMonitorPlus
[2010-05-14 21:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Peace Craft
[2010-09-01 12:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\PeaceCraft2
[2011-04-23 19:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Ph03nixNewMedia
[2011-03-26 14:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\PlayFirst
[2011-05-10 21:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\playmink
[2010-09-04 17:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Rabbit's Magic Adventures
[2010-11-28 19:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Roads Of Rome
[2010-11-13 19:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Robin Hood
[2010-11-04 16:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Sahmon Games
[2010-04-03 18:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Scrabble Plus
[2010-12-16 00:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Spam Monitor
[2010-12-28 19:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Spark Plug Games
[2010-12-05 18:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Supermarket Mania 2
[2010-11-04 19:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\TikGames
[2010-11-09 18:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Ubisoft
[2011-05-10 20:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\uTorrent
[2011-02-24 21:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\ViquaSoft
[2011-01-09 18:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\YoudaGames

[color=#E56717]========== Purity Check ==========[/color]



< End of report >


Dodano Dzisiaj, 15:18:
Kod: Zaznacz wszystko
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-14 15:18:02
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD12 rev.01.0
Running: 4x2ckviw.exe; Driver: C:\DOCUME~1\Magda\USTAWI~1\Temp\pwtdypoc.sys


---- System - GMER 1.0.15 ----

SSDT            sptd.sys                                                                                                             ZwCreateKey [0xF7478FA0]
SSDT            sptd.sys                                                                                                             ZwEnumerateKey [0xF74AD018]
SSDT            sptd.sys                                                                                                             ZwEnumerateValueKey [0xF74AD3A6]
SSDT            sptd.sys                                                                                                             ZwOpenKey [0xF7478F80]
SSDT            sptd.sys                                                                                                             ZwQueryKey [0xF74AD47E]
SSDT            sptd.sys                                                                                                             ZwQueryValueKey [0xF74AD2FE]
SSDT            sptd.sys                                                                                                             ZwSetValueKey [0xF74AD510]

INT 0x62        ?                                                                                                                    86DCCCB8
INT 0x63        ?                                                                                                                    862E1CB8
INT 0x94        ?                                                                                                                    862E1CB8
INT 0xB4        ?                                                                                                                    86D9CCB8

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwDeleteKey [0xF726D22A]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwDeleteValueKey [0xF726D256]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwMapViewOfSection [0xF726D2AC]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwOpenProcess [0xF726D1D4]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwOpenThread [0xF726D1E8]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwRenameKey [0xF726D240]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwSetSecurityObject [0xF726D282]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwTerminateProcess [0xF726D2D6]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwUnmapViewOfSection [0xF726D2C2]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        ZwYieldExecution [0xF726D296]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        NtMapViewOfSection
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        NtOpenProcess
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        NtOpenThread
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                        NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text           sptd.sys                                                                                                             F743C000 28 Bytes  [30, 78, 6E, 80, A6, CB, 6E, ...]
.text           sptd.sys                                                                                                             F743C01D 3 Bytes  [79, 6E, 80]
.text           sptd.sys                                                                                                             F743C024 120 Bytes  [D8, 52, 53, 80, 68, B9, 54, ...]
.text           sptd.sys                                                                                                             F743C09D 124 Bytes  [97, 53, 80, A0, 98, 53, 80, ...]
.text           sptd.sys                                                                                                             F743C11A 178 Bytes  [4F, 80, 82, F8, 4E, 80, 3E, ...]
.text           ...                                                                                                                 
.sptd2          C:\WINDOWS\system32\drivers\sptd.sys                                                                                 entry point in ".sptd2" section [0xF74E69E3]
?               C:\WINDOWS\system32\drivers\sptd.sys                                                                                 Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
.text           USBPORT.SYS!DllUnload                                                                                                F62778AC 5 Bytes  JMP 862E11C8
?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                           Nie można odnaleźć określonego pliku. !

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtCreateFile                                                          7C90D0AE 5 Bytes  JMP 00970FEF
.text           C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtCreateProcess                                                       7C90D14E 5 Bytes  JMP 0097000A
.text           C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtProtectVirtualMemory                                                7C90D6EE 5 Bytes  JMP 00970FD4
.text           C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!CreateFileA                                                        7C801A28 5 Bytes  JMP 00960000
.text           C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!VirtualProtectEx                                                   7C801A61 1 Byte  [E9]
.text           C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!VirtualProtectEx                                                   7C801A61 5 Bytes  JMP 00960065
.text           C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!VirtualProtect                                                     7C801AD4 5 Bytes  JMP 00960F70
.text           C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!LoadLibraryExW                                                     7C801AF5 5 Bytes  JMP 00960F81
.text           C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!LoadLibraryExA                                                     7C801D53 5 Bytes  JMP 00960FA8
.text           C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!LoadLibraryA                                                       7C801D7B 5 Bytes  JMP 00960FD4
.text           C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!GetStartupInfoW                                                    7C801E54 5 Bytes  JMP 00960F24
.text           C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!GetStartupInfoA                                                    7C801EF2 5 Bytes  JMP 00960F4B
.text           C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!CreateProcessW                                                     7C802336 5 Bytes  JMP 009600B3
.text           C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!CreateProcessA                                                     7C80236B 5 Bytes  JMP 00960098
.text           C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!GetProcAddress                                                     7C80AE40 5 Bytes  JMP 00960EFF
.text           C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!LoadLibraryW                                                       7C80AEEB 5 Bytes  JMP 00960FB9
.text           C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!CreateFileW                                                        7C810800 5 Bytes  JMP 00960FEF
.text           C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!CreatePipe                                                         7C81D83F 5 Bytes  JMP 00960076
.text           C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!CreateNamedPipeW                                                   7C82F0DD 5 Bytes  JMP 0096004A
.text           C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!CreateNamedPipeA                                                   7C860CDC 5 Bytes  JMP 00960025
.text           C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!WinExec                                                            7C86250D 5 Bytes  JMP 00960087
.text           C:\WINDOWS\system32\svchost.exe[220] ADVAPI32.dll!RegOpenKeyExW                                                      77DC6AAF 5 Bytes  JMP 00C70FDB
.text           C:\WINDOWS\system32\svchost.exe[220] ADVAPI32.dll!RegCreateKeyExW                                                    77DC776C 5 Bytes  JMP 00C70084
.text           C:\WINDOWS\system32\svchost.exe[220] ADVAPI32.dll!RegOpenKeyExA                                                      77DC7852 5 Bytes  JMP 00C7002C
.text           C:\WINDOWS\system32\svchost.exe[220] ADVAPI32.dll!RegOpenKeyW                                                        77DC7946 5 Bytes  JMP 00C70011
.text           C:\WINDOWS\system32\svchost.exe[220] ADVAPI32.dll!RegCreateKeyExA                                                    77DCE9F4 5 Bytes  JMP 00C70073
.text           C:\WINDOWS\system32\svchost.exe[220] ADVAPI32.dll!RegOpenKeyA                                                        77DCEFC8 5 Bytes  JMP 00C70000
.text           C:\WINDOWS\system32\svchost.exe[220] ADVAPI32.dll!RegCreateKeyW                                                      77DEBA55 5 Bytes  JMP 00C70062
.text           C:\WINDOWS\system32\svchost.exe[220] ADVAPI32.dll!RegCreateKeyA                                                      77DEBCF3 5 Bytes  JMP 00C70047
.text           C:\WINDOWS\system32\svchost.exe[220] msvcrt.dll!_wsystem                                                             77C1931E 5 Bytes  JMP 00C60027
.text           C:\WINDOWS\system32\svchost.exe[220] msvcrt.dll!system                                                               77C193C7 5 Bytes  JMP 00C60F9C
.text           C:\WINDOWS\system32\svchost.exe[220] msvcrt.dll!_creat                                                               77C1D40F 5 Bytes  JMP 00C60FB7
.text           C:\WINDOWS\system32\svchost.exe[220] msvcrt.dll!_open                                                                77C1F566 5 Bytes  JMP 00C60FEF
.text           C:\WINDOWS\system32\svchost.exe[220] msvcrt.dll!_wcreat                                                              77C1FC9B 5 Bytes  JMP 00C6000C
.text           C:\WINDOWS\system32\svchost.exe[220] msvcrt.dll!_wopen                                                               77C20055 5 Bytes  JMP 00C60FDE
.text           C:\WINDOWS\system32\svchost.exe[220] WININET.dll!InternetOpenA                                                       3FD1D690 5 Bytes  JMP 00980FE5
.text           C:\WINDOWS\system32\svchost.exe[220] WININET.dll!InternetOpenW                                                       3FD1DB09 5 Bytes  JMP 0098000A
.text           C:\WINDOWS\system32\svchost.exe[220] WININET.dll!InternetOpenUrlA                                                    3FD1F3A4 5 Bytes  JMP 0098001B
.text           C:\WINDOWS\system32\svchost.exe[220] WININET.dll!InternetOpenUrlW                                                    3FD66D5F 5 Bytes  JMP 0098002C
.text           C:\WINDOWS\system32\svchost.exe[220] WS2_32.dll!socket                                                               71A54211 5 Bytes  JMP 00990000
.text           C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[524] kernel32.dll!LoadLibraryA                           7C801D7B 5 Bytes  JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text           C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[524] kernel32.dll!LoadLibraryW                           7C80AEEB 5 Bytes  JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text           C:\WINDOWS\Explorer.EXE[580] ntdll.dll!NtCreateFile                                                                  7C90D0AE 5 Bytes  JMP 014B0FEF
.text           C:\WINDOWS\Explorer.EXE[580] ntdll.dll!NtCreateProcess                                                               7C90D14E 5 Bytes  JMP 014B0FCA
.text           C:\WINDOWS\Explorer.EXE[580] ntdll.dll!NtProtectVirtualMemory                                                        7C90D6EE 5 Bytes  JMP 014B000A
.text           C:\WINDOWS\Explorer.EXE[580] kernel32.dll!CreateFileA                                                                7C801A28 5 Bytes  JMP 014A0FEF
.text           C:\WINDOWS\Explorer.EXE[580] kernel32.dll!VirtualProtectEx                                                           7C801A61 5 Bytes  JMP 014A0082
.text           C:\WINDOWS\Explorer.EXE[580] kernel32.dll!VirtualProtect                                                             7C801AD4 5 Bytes  JMP 014A0F97
.text           C:\WINDOWS\Explorer.EXE[580] kernel32.dll!LoadLibraryExW                                                             7C801AF5 5 Bytes  JMP 014A0FA8
.text           C:\WINDOWS\Explorer.EXE[580] kernel32.dll!LoadLibraryExA                                                             7C801D53 5 Bytes  JMP 014A0065
.text           C:\WINDOWS\Explorer.EXE[580] kernel32.dll!LoadLibraryA                                                               7C801D7B 5 Bytes  JMP 014A0036
.text           C:\WINDOWS\Explorer.EXE[580] kernel32.dll!GetStartupInfoW                                                            7C801E54 5 Bytes  JMP 014A00BF
.text           C:\WINDOWS\Explorer.EXE[580] kernel32.dll!GetStartupInfoA                                                            7C801EF2 5 Bytes  JMP 014A00AE
.text           C:\WINDOWS\Explorer.EXE[580] kernel32.dll!CreateProcessW                                                             7C802336 5 Bytes  JMP 014A00F5
.text           C:\WINDOWS\Explorer.EXE[580] kernel32.dll!CreateProcessA                                                             7C80236B 5 Bytes  JMP 014A00E4
.text           C:\WINDOWS\Explorer.EXE[580] kernel32.dll!GetProcAddress                                                             7C80AE40 5 Bytes  JMP 014A0106
.text           C:\WINDOWS\Explorer.EXE[580] kernel32.dll!LoadLibraryW                                                               7C80AEEB 5 Bytes  JMP 014A0FB9
.text           C:\WINDOWS\Explorer.EXE[580] kernel32.dll!CreateFileW                                                                7C810800 5 Bytes  JMP 014A000A
.text           C:\WINDOWS\Explorer.EXE[580] kernel32.dll!CreatePipe                                                                 7C81D83F 5 Bytes  JMP 014A0093
.text           C:\WINDOWS\Explorer.EXE[580] kernel32.dll!CreateNamedPipeW                                                           7C82F0DD 5 Bytes  JMP 014A0FD4
.text           C:\WINDOWS\Explorer.EXE[580] kernel32.dll!CreateNamedPipeA                                                           7C860CDC 5 Bytes  JMP 014A0025
.text           C:\WINDOWS\Explorer.EXE[580] kernel32.dll!WinExec                                                                    7C86250D 5 Bytes  JMP 014A0F66
.text           C:\WINDOWS\Explorer.EXE[580] ADVAPI32.dll!RegOpenKeyExW                                                              77DC6AAF 5 Bytes  JMP 0298004A
.text           C:\WINDOWS\Explorer.EXE[580] ADVAPI32.dll!RegCreateKeyExW                                                            77DC776C 5 Bytes  JMP 02980FD4
.text           C:\WINDOWS\Explorer.EXE[580] ADVAPI32.dll!RegOpenKeyExA                                                              77DC7852 5 Bytes  JMP 02980FEF
.text           C:\WINDOWS\Explorer.EXE[580] ADVAPI32.dll!RegOpenKeyW                                                                77DC7946 5 Bytes  JMP 02980025
.text           C:\WINDOWS\Explorer.EXE[580] ADVAPI32.dll!RegCreateKeyExA                                                            77DCE9F4 5 Bytes  JMP 02980091
.text           C:\WINDOWS\Explorer.EXE[580] ADVAPI32.dll!RegOpenKeyA                                                                77DCEFC8 5 Bytes  JMP 0298000A
.text           C:\WINDOWS\Explorer.EXE[580] ADVAPI32.dll!RegCreateKeyW                                                              77DEBA55 5 Bytes  JMP 02980080
.text           C:\WINDOWS\Explorer.EXE[580] ADVAPI32.dll!RegCreateKeyA                                                              77DEBCF3 5 Bytes  JMP 02980065
.text           C:\WINDOWS\Explorer.EXE[580] msvcrt.dll!_wsystem                                                                     77C1931E 5 Bytes  JMP 02860F8B
.text           C:\WINDOWS\Explorer.EXE[580] msvcrt.dll!system                                                                       77C193C7 5 Bytes  JMP 02860016
.text           C:\WINDOWS\Explorer.EXE[580] msvcrt.dll!_creat                                                                       77C1D40F 5 Bytes  JMP 02860FC1
.text           C:\WINDOWS\Explorer.EXE[580] msvcrt.dll!_open                                                                        77C1F566 5 Bytes  JMP 02860FEF
.text           C:\WINDOWS\Explorer.EXE[580] msvcrt.dll!_wcreat                                                                      77C1FC9B 5 Bytes  JMP 02860FA6
.text           C:\WINDOWS\Explorer.EXE[580] msvcrt.dll!_wopen                                                                       77C20055 5 Bytes  JMP 02860FDE
.text           C:\WINDOWS\Explorer.EXE[580] WININET.dll!InternetOpenA                                                               3FD1D690 5 Bytes  JMP 014C0000
.text           C:\WINDOWS\Explorer.EXE[580] WININET.dll!InternetOpenW                                                               3FD1DB09 5 Bytes  JMP 014C0FE5
.text           C:\WINDOWS\Explorer.EXE[580] WININET.dll!InternetOpenUrlA                                                            3FD1F3A4 5 Bytes  JMP 014C0FCA
.text           C:\WINDOWS\Explorer.EXE[580] WININET.dll!InternetOpenUrlW                                                            3FD66D5F 5 Bytes  JMP 014C001B
.text           C:\WINDOWS\Explorer.EXE[580] WS2_32.dll!socket                                                                       71A54211 5 Bytes  JMP 0285000A
.text           C:\WINDOWS\system32\svchost.exe[692] ntdll.dll!NtCreateFile                                                          7C90D0AE 5 Bytes  JMP 00C6000A
.text           C:\WINDOWS\system32\svchost.exe[692] ntdll.dll!NtCreateProcess                                                       7C90D14E 5 Bytes  JMP 00C6001B
.text           C:\WINDOWS\system32\svchost.exe[692] ntdll.dll!NtProtectVirtualMemory                                                7C90D6EE 5 Bytes  JMP 00C60FEF
.text           C:\WINDOWS\system32\svchost.exe[692] kernel32.dll!CreateFileA                                                        7C801A28 5 Bytes  JMP 00C5000A
.text           C:\WINDOWS\system32\svchost.exe[692] kernel32.dll!VirtualProtectEx                                                   7C801A61 5 Bytes  JMP 00C50F94
.text           C:\WINDOWS\system32\svchost.exe[692] kernel32.dll!VirtualProtect                                                     7C801AD4 5 Bytes  JMP 00C5007F
.text           C:\WINDOWS\system32\svchost.exe[692] kernel32.dll!LoadLibraryExW                                                     7C801AF5 5 Bytes  JMP 00C50FA5
.text           C:\WINDOWS\system32\svchost.exe[692] kernel32.dll!LoadLibraryExA                                                     7C801D53 5 Bytes  JMP 00C50FB6
.text           C:\WINDOWS\system32\svchost.exe[692] kernel32.dll!LoadLibraryA                                                       7C801D7B 5 Bytes  JMP 00C50047
.text           C:\WINDOWS\system32\svchost.exe[692] kernel32.dll!GetStartupInfoW                                                    7C801E54 5 Bytes  JMP 00C50F68
.text           C:\WINDOWS\system32\svchost.exe[692] kernel32.dll!GetStartupInfoA                                                    7C801EF2 5 Bytes  JMP 00C500A4
.text           C:\WINDOWS\system32\svchost.exe[692] kernel32.dll!CreateProcessW                                                     7C802336 5 Bytes  JMP 00C50F28
.text           C:\WINDOWS\system32\svchost.exe[692] kernel32.dll!CreateProcessA                                                     7C80236B 5 Bytes  JMP 00C500C1
.text           C:\WINDOWS\system32\svchost.exe[692] kernel32.dll!GetProcAddress                                                     7C80AE40 5 Bytes  JMP 00C500DC
.text           C:\WINDOWS\system32\svchost.exe[692] kernel32.dll!LoadLibraryW                                                       7C80AEEB 5 Bytes  JMP 00C50058
.text           C:\WINDOWS\system32\svchost.exe[692] kernel32.dll!CreateFileW                                                        7C810800 5 Bytes  JMP 00C5001B
.text           C:\WINDOWS\system32\svchost.exe[692] kernel32.dll!CreatePipe                                                         7C81D83F 5 Bytes  JMP 00C50F79
.text           C:\WINDOWS\system32\svchost.exe[692] kernel32.dll!CreateNamedPipeW                                                   7C82F0DD 5 Bytes  JMP 00C50FDB
.text           C:\WINDOWS\system32\svchost.exe[692] kernel32.dll!CreateNamedPipeA                                                   7C860CDC 5 Bytes  JMP 00C5002C
.text           C:\WINDOWS\system32\svchost.exe[692] kernel32.dll!WinExec                                                            7C86250D 5 Bytes  JMP 00C50F4D
.text           C:\WINDOWS\system32\svchost.exe[692] ADVAPI32.dll!RegOpenKeyExW                                                      77DC6AAF 5 Bytes  JMP 00C40FCD
.text           C:\WINDOWS\system32\svchost.exe[692] ADVAPI32.dll!RegCreateKeyExW                                                    77DC776C 5 Bytes  JMP 00C40F75
.text           C:\WINDOWS\system32\svchost.exe[692] ADVAPI32.dll!RegOpenKeyExA                                                      77DC7852 5 Bytes  JMP 00C40FDE
.text           C:\WINDOWS\system32\svchost.exe[692] ADVAPI32.dll!RegOpenKeyW                                                        77DC7946 5 Bytes  JMP 00C40FEF
.text           C:\WINDOWS\system32\svchost.exe[692] ADVAPI32.dll!RegCreateKeyExA                                                    77DCE9F4 5 Bytes  JMP 00C40F86
.text           C:\WINDOWS\system32\svchost.exe[692] ADVAPI32.dll!RegOpenKeyA                                                        77DCEFC8 5 Bytes  JMP 00C4000A
.text           C:\WINDOWS\system32\svchost.exe[692] ADVAPI32.dll!RegCreateKeyW                                                      77DEBA55 2 Bytes  JMP 00C40FAB
.text           C:\WINDOWS\system32\svchost.exe[692] ADVAPI32.dll!RegCreateKeyW + 3                                                  77DEBA58 2 Bytes  [E5, 88] {IN EAX, 0x88}
.text           C:\WINDOWS\system32\svchost.exe[692] ADVAPI32.dll!RegCreateKeyA                                                      77DEBCF3 5 Bytes  JMP 00C40FBC
.text           C:\WINDOWS\system32\svchost.exe[692] msvcrt.dll!_wsystem                                                             77C1931E 5 Bytes  JMP 00C70027
.text           C:\WINDOWS\system32\svchost.exe[692] msvcrt.dll!system                                                               77C193C7 5 Bytes  JMP 00C70F9C
.text           C:\WINDOWS\system32\svchost.exe[692] msvcrt.dll!_creat                                                               77C1D40F 5 Bytes  JMP 00C70FC8
.text           C:\WINDOWS\system32\svchost.exe[692] msvcrt.dll!_open                                                                77C1F566 5 Bytes  JMP 00C7000C
.text           C:\WINDOWS\system32\svchost.exe[692] msvcrt.dll!_wcreat                                                              77C1FC9B 5 Bytes  JMP 00C70FAD
.text           C:\WINDOWS\system32\svchost.exe[692] msvcrt.dll!_wopen                                                               77C20055 5 Bytes  JMP 00C70FE3
.text           C:\WINDOWS\system32\services.exe[1208] ntdll.dll!NtCreateFile                                                        7C90D0AE 5 Bytes  JMP 00710FEF
.text           C:\WINDOWS\system32\services.exe[1208] ntdll.dll!NtCreateProcess                                                     7C90D14E 5 Bytes  JMP 0071002F
.text           C:\WINDOWS\system32\services.exe[1208] ntdll.dll!NtProtectVirtualMemory                                              7C90D6EE 5 Bytes  JMP 0071000A
.text           C:\WINDOWS\system32\services.exe[1208] kernel32.dll!CreateFileA                                                      7C801A28 5 Bytes  JMP 00700FEF
.text           C:\WINDOWS\system32\services.exe[1208] kernel32.dll!VirtualProtectEx                                                 7C801A61 5 Bytes  JMP 00700F41
.text           C:\WINDOWS\system32\services.exe[1208] kernel32.dll!VirtualProtect                                                   7C801AD4 5 Bytes  JMP 00700F52
.text           C:\WINDOWS\system32\services.exe[1208] kernel32.dll!LoadLibraryExW                                                   7C801AF5 5 Bytes  JMP 00700036
.text           C:\WINDOWS\system32\services.exe[1208] kernel32.dll!LoadLibraryExA                                                   7C801D53 5 Bytes  JMP 00700F79
.text           C:\WINDOWS\system32\services.exe[1208] kernel32.dll!LoadLibraryA                                                     7C801D7B 5 Bytes  JMP 0070000A
.text           C:\WINDOWS\system32\services.exe[1208] kernel32.dll!GetStartupInfoW                                                  7C801E54 5 Bytes  JMP 00700F15
.text           C:\WINDOWS\system32\services.exe[1208] kernel32.dll!GetStartupInfoA                                                  7C801EF2 5 Bytes  JMP 0070005D
.text           C:\WINDOWS\system32\services.exe[1208] kernel32.dll!CreateProcessW                                                   7C802336 5 Bytes  JMP 007000A7
.text           C:\WINDOWS\system32\services.exe[1208] kernel32.dll!CreateProcessA                                                   7C80236B 5 Bytes  JMP 00700082
.text           C:\WINDOWS\system32\services.exe[1208] kernel32.dll!GetProcAddress                                                   7C80AE40 5 Bytes  JMP 00700EE9
.text           C:\WINDOWS\system32\services.exe[1208] kernel32.dll!LoadLibraryW                                                     7C80AEEB 5 Bytes  JMP 00700025
.text           C:\WINDOWS\system32\services.exe[1208] kernel32.dll!CreateFileW                                                      7C810800 5 Bytes  JMP 00700FD4
.text           C:\WINDOWS\system32\services.exe[1208] kernel32.dll!CreatePipe                                                       7C81D83F 5 Bytes  JMP 00700F26
.text           C:\WINDOWS\system32\services.exe[1208] kernel32.dll!CreateNamedPipeW                                                 7C82F0DD 5 Bytes  JMP 00700FA8
.text           C:\WINDOWS\system32\services.exe[1208] kernel32.dll!CreateNamedPipeA                                                 7C860CDC 5 Bytes  JMP 00700FB9
.text           C:\WINDOWS\system32\services.exe[1208] kernel32.dll!WinExec                                                          7C86250D 5 Bytes  JMP 00700F04
.text           C:\WINDOWS\system32\services.exe[1208] ADVAPI32.dll!RegOpenKeyExW                                                    77DC6AAF 5 Bytes  JMP 00780FCA
.text           C:\WINDOWS\system32\services.exe[1208] ADVAPI32.dll!RegCreateKeyExW                                                  77DC776C 5 Bytes  JMP 00780F8D
.text           C:\WINDOWS\system32\services.exe[1208] ADVAPI32.dll!RegOpenKeyExA                                                    77DC7852 5 Bytes  JMP 00780FDB
.text           C:\WINDOWS\system32\services.exe[1208] ADVAPI32.dll!RegOpenKeyW                                                      77DC7946 5 Bytes  JMP 00780011
.text           C:\WINDOWS\system32\services.exe[1208] ADVAPI32.dll!RegCreateKeyExA                                                  77DCE9F4 5 Bytes  JMP 00780040
.text           C:\WINDOWS\system32\services.exe[1208] ADVAPI32.dll!RegOpenKeyA                                                      77DCEFC8 5 Bytes  JMP 00780000
.text           C:\WINDOWS\system32\services.exe[1208] ADVAPI32.dll!RegCreateKeyW                                                    77DEBA55 2 Bytes  JMP 00780F9E
.text           C:\WINDOWS\system32\services.exe[1208] ADVAPI32.dll!RegCreateKeyW + 3                                                77DEBA58 2 Bytes  [99, 88]
.text           C:\WINDOWS\system32\services.exe[1208] ADVAPI32.dll!RegCreateKeyA                                                    77DEBCF3 5 Bytes  JMP 00780FAF
.text           C:\WINDOWS\system32\services.exe[1208] msvcrt.dll!_wsystem                                                           77C1931E 5 Bytes  JMP 0073005C
.text           C:\WINDOWS\system32\services.exe[1208] msvcrt.dll!system                                                             77C193C7 5 Bytes  JMP 0073004B
.text           C:\WINDOWS\system32\services.exe[1208] msvcrt.dll!_creat                                                             77C1D40F 5 Bytes  JMP 00730029
.text           C:\WINDOWS\system32\services.exe[1208] msvcrt.dll!_open                                                              77C1F566 5 Bytes  JMP 0073000C
.text           C:\WINDOWS\system32\services.exe[1208] msvcrt.dll!_wcreat                                                            77C1FC9B 5 Bytes  JMP 0073003A
.text           C:\WINDOWS\system32\services.exe[1208] msvcrt.dll!_wopen                                                             77C20055 5 Bytes  JMP 00730FEF
.text           C:\WINDOWS\system32\services.exe[1208] WS2_32.dll!socket                                                             71A54211 5 Bytes  JMP 00720FEF
.text           C:\WINDOWS\system32\lsass.exe[1220] ntdll.dll!NtCreateFile                                                           7C90D0AE 5 Bytes  JMP 00C50000
.text           C:\WINDOWS\system32\lsass.exe[1220] ntdll.dll!NtCreateProcess                                                        7C90D14E 5 Bytes  JMP 00C5002C
.text           C:\WINDOWS\system32\lsass.exe[1220] ntdll.dll!NtProtectVirtualMemory                                                 7C90D6EE 5 Bytes  JMP 00C5001B
.text           C:\WINDOWS\system32\lsass.exe[1220] kernel32.dll!CreateFileA                                                         7C801A28 5 Bytes  JMP 00C40FEF
.text           C:\WINDOWS\system32\lsass.exe[1220] kernel32.dll!VirtualProtectEx                                                    7C801A61 5 Bytes  JMP 00C40F62
.text           C:\WINDOWS\system32\lsass.exe[1220] kernel32.dll!VirtualProtect                                                      7C801AD4 5 Bytes  JMP 00C40F73
.text           C:\WINDOWS\system32\lsass.exe[1220] kernel32.dll!LoadLibraryExW                                                      7C801AF5 5 Bytes  JMP 00C40F90
.text           C:\WINDOWS\system32\lsass.exe[1220] kernel32.dll!LoadLibraryExA                                                      7C801D53 5 Bytes  JMP 00C40FA1
.text           C:\WINDOWS\system32\lsass.exe[1220] kernel32.dll!LoadLibraryA                                                        7C801D7B 5 Bytes  JMP 00C40FB2
.text           C:\WINDOWS\system32\lsass.exe[1220] kernel32.dll!GetStartupInfoW                                                     7C801E54 5 Bytes  JMP 00C40F25
.text           C:\WINDOWS\system32\lsass.exe[1220] kernel32.dll!GetStartupInfoA                                                     7C801EF2 5 Bytes  JMP 00C40F36
.text           C:\WINDOWS\system32\lsass.exe[1220] kernel32.dll!CreateProcessW                                                      7C802336 5 Bytes  JMP 00C40EE5
.text           C:\WINDOWS\system32\lsass.exe[1220] kernel32.dll!CreateProcessA                                                      7C80236B 5 Bytes  JMP 00C40F0A
.text           C:\WINDOWS\system32\lsass.exe[1220] kernel32.dll!GetProcAddress                                                      7C80AE40 5 Bytes  JMP 00C40099
.text           C:\WINDOWS\system32\lsass.exe[1220] kernel32.dll!LoadLibraryW                                                        7C80AEEB 5 Bytes  JMP 00C40043
.text           C:\WINDOWS\system32\lsass.exe[1220] kernel32.dll!CreateFileW                                                         7C810800 5 Bytes  JMP 00C40FD4
.text           C:\WINDOWS\system32\lsass.exe[1220] kernel32.dll!CreatePipe                                                          7C81D83F 5 Bytes  JMP 00C40F47
.text           C:\WINDOWS\system32\lsass.exe[1220] kernel32.dll!CreateNamedPipeW                                                    7C82F0DD 5 Bytes  JMP 00C40FC3
.text           C:\WINDOWS\system32\lsass.exe[1220] kernel32.dll!CreateNamedPipeA                                                    7C860CDC 5 Bytes  JMP 00C4000A
.text           C:\WINDOWS\system32\lsass.exe[1220] kernel32.dll!WinExec                                                             7C86250D 5 Bytes  JMP 00C40088
.text           C:\WINDOWS\system32\lsass.exe[1220] ADVAPI32.dll!RegOpenKeyExW                                                       77DC6AAF 5 Bytes  JMP 00DC0FC0
.text           C:\WINDOWS\system32\lsass.exe[1220] ADVAPI32.dll!RegCreateKeyExW                                                     77DC776C 5 Bytes  JMP 00DC004E
.text           C:\WINDOWS\system32\lsass.exe[1220] ADVAPI32.dll!RegOpenKeyExA                                                       77DC7852 5 Bytes  JMP 00DC0011
.text           C:\WINDOWS\system32\lsass.exe[1220] ADVAPI32.dll!RegOpenKeyW                                                         77DC7946 5 Bytes  JMP 00DC0FE5
.text           C:\WINDOWS\system32\lsass.exe[1220] ADVAPI32.dll!RegCreateKeyExA                                                     77DCE9F4 5 Bytes  JMP 00DC003D
.text           C:\WINDOWS\system32\lsass.exe[1220] ADVAPI32.dll!RegOpenKeyA                                                         77DCEFC8 5 Bytes  JMP 00DC0000
.text           C:\WINDOWS\system32\lsass.exe[1220] ADVAPI32.dll!RegCreateKeyW                                                       77DEBA55 5 Bytes  JMP 00DC002C
.text           C:\WINDOWS\system32\lsass.exe[1220] ADVAPI32.dll!RegCreateKeyA                                                       77DEBCF3 5 Bytes  JMP 00DC0FAF
.text           C:\WINDOWS\system32\lsass.exe[1220] msvcrt.dll!_wsystem                                                              77C1931E 5 Bytes  JMP 00C70038
.text           C:\WINDOWS\system32\lsass.exe[1220] msvcrt.dll!system                                                                77C193C7 5 Bytes  JMP 00C70FA3
.text           C:\WINDOWS\system32\lsass.exe[1220] msvcrt.dll!_creat                                                                77C1D40F 5 Bytes  JMP 00C7000C
.text           C:\WINDOWS\system32\lsass.exe[1220] msvcrt.dll!_open                                                                 77C1F566 5 Bytes  JMP 00C70FEF
.text           C:\WINDOWS\system32\lsass.exe[1220] msvcrt.dll!_wcreat                                                               77C1FC9B 5 Bytes  JMP 00C7001D
.text           C:\WINDOWS\system32\lsass.exe[1220] msvcrt.dll!_wopen                                                                77C20055 5 Bytes  JMP 00C70FD2
.text           C:\WINDOWS\system32\lsass.exe[1220] WS2_32.dll!socket                                                                71A54211 5 Bytes  JMP 00C60000
.text           C:\WINDOWS\system32\svchost.exe[1388] ntdll.dll!NtCreateFile                                                         7C90D0AE 5 Bytes  JMP 00B50000
.text           C:\WINDOWS\system32\svchost.exe[1388] ntdll.dll!NtCreateProcess                                                      7C90D14E 5 Bytes  JMP 00B5002C
.text           C:\WINDOWS\system32\svchost.exe[1388] ntdll.dll!NtProtectVirtualMemory                                               7C90D6EE 5 Bytes  JMP 00B50011
.text           C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateFileA                                                       7C801A28 5 Bytes  JMP 00B40FEF
.text           C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!VirtualProtectEx                                                  7C801A61 5 Bytes  JMP 00B40F62
.text           C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!VirtualProtect                                                    7C801AD4 5 Bytes  JMP 00B40F7D
.text           C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExW                                                    7C801AF5 5 Bytes  JMP 00B40F8E
.text           C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExA                                                    7C801D53 5 Bytes  JMP 00B40FAB
.text           C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!LoadLibraryA                                                      7C801D7B 5 Bytes  JMP 00B40039
.text           C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoW                                                   7C801E54 5 Bytes  JMP 00B40F47
.text           C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoA                                                   7C801EF2 5 Bytes  JMP 00B4008F
.text           C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateProcessW                                                    7C802336 5 Bytes  JMP 00B40F07
.text           C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateProcessA                                                    7C80236B 5 Bytes  JMP 00B400A0
.text           C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!GetProcAddress                                                    7C80AE40 5 Bytes  JMP 00B400BB
.text           C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!LoadLibraryW                                                      7C80AEEB 5 Bytes  JMP 00B40FBC
.text           C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateFileW                                                       7C810800 5 Bytes  JMP 00B40014
.text           C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreatePipe                                                        7C81D83F 5 Bytes  JMP 00B40072
.text           C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeW                                                  7C82F0DD 5 Bytes  JMP 00B40FCD
.text           C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeA                                                  7C860CDC 5 Bytes  JMP 00B40FDE
.text           C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!WinExec                                                           7C86250D 5 Bytes  JMP 00B40F22
.text           C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExW                                                     77DC6AAF 5 Bytes  JMP 00FE002F
.text           C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExW                                                   77DC776C 5 Bytes  JMP 00FE0F97
.text           C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExA                                                     77DC7852 5 Bytes  JMP 00FE0014
.text           C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyW                                                       77DC7946 5 Bytes  JMP 00FE0FDE
.text           C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExA                                                   77DCE9F4 5 Bytes  JMP 00FE0FA8
.text           C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyA                                                       77DCEFC8 5 Bytes  JMP 00FE0FEF
.text           C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyW                                                     77DEBA55 2 Bytes  JMP 00FE0FB9
.text           C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyW + 3                                                 77DEBA58 2 Bytes  [1F, 89]
.text           C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyA                                                     77DEBCF3 5 Bytes  JMP 00FE0040
.text           C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_wsystem                                                            77C1931E 5 Bytes  JMP 00B70FBC
.text           C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!system                                                              77C193C7 5 Bytes  JMP 00B70FCD
.text           C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_creat                                                              77C1D40F 5 Bytes  JMP 00B70033
.text           C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_open                                                               77C1F566 5 Bytes  JMP 00B70FEF
.text           C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_wcreat                                                             77C1FC9B 5 Bytes  JMP 00B70FDE
.text           C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_wopen                                                              77C20055 5 Bytes  JMP 00B7000C
.text           C:\WINDOWS\system32\svchost.exe[1388] WS2_32.dll!socket                                                              71A54211 5 Bytes  JMP 00B6000A
.text           C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtCreateFile                                                         7C90D0AE 5 Bytes  JMP 00BE0000
.text           C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtCreateProcess                                                      7C90D14E 5 Bytes  JMP 00BE0FD1
.text           C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtProtectVirtualMemory                                               7C90D6EE 5 Bytes  JMP 00BE0011
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateFileA                                                       7C801A28 5 Bytes  JMP 00BD0000
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!VirtualProtectEx                                                  7C801A61 5 Bytes  JMP 00BD0F52
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!VirtualProtect                                                    7C801AD4 5 Bytes  JMP 00BD0F63
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryExW                                                    7C801AF5 5 Bytes  JMP 00BD003D
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryExA                                                    7C801D53 5 Bytes  JMP 00BD0F80
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryA                                                      7C801D7B 5 Bytes  JMP 00BD0FAF
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetStartupInfoW                                                   7C801E54 5 Bytes  JMP 00BD0069
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetStartupInfoA                                                   7C801EF2 5 Bytes  JMP 00BD0058
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateProcessW                                                    7C802336 5 Bytes  JMP 00BD0F10
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateProcessA                                                    7C80236B 5 Bytes  JMP 00BD00A9
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetProcAddress                                                    7C80AE40 5 Bytes  JMP 00BD0EFF
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryW                                                      7C80AEEB 5 Bytes  JMP 00BD002C
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateFileW                                                       7C810800 5 Bytes  JMP 00BD0011
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreatePipe                                                        7C81D83F 5 Bytes  JMP 00BD0F37
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateNamedPipeW                                                  7C82F0DD 5 Bytes  JMP 00BD0FC0
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateNamedPipeA                                                  7C860CDC 5 Bytes  JMP 00BD0FDB
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!WinExec                                                           7C86250D 5 Bytes  JMP 00BD008E
.text           C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExW                                                     77DC6AAF 5 Bytes  JMP 00C10FE5
.text           C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExW                                                   77DC776C 5 Bytes  JMP 00C10073
.text           C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExA                                                     77DC7852 5 Bytes  JMP 00C1002C
.text           C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyW                                                       77DC7946 5 Bytes  JMP 00C1001B
.text           C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExA                                                   77DCE9F4 5 Bytes  JMP 00C10062
.text           C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyA                                                       77DCEFC8 5 Bytes  JMP 00C1000A
.text           C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyW                                                     77DEBA55 2 Bytes  JMP 00C10FC0
.text           C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyW + 3                                                 77DEBA58 2 Bytes  [E2, 88] {LOOP 0xffffffffffffff8a}
.text           C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyA                                                     77DEBCF3 5 Bytes  JMP 00C10051
.text           C:\WINDOWS\system32\svchost.exe[1508] msvcrt.dll!_wsystem                                                            77C1931E 5 Bytes  JMP 00C00F89
.text           C:\WINDOWS\system32\svchost.exe[1508] msvcrt.dll!system                                                              77C193C7 5 Bytes  JMP 00C00014
.text           C:\WINDOWS\system32\svchost.exe[1508] msvcrt.dll!_creat                                                              77C1D40F 5 Bytes  JMP 00C00FB5
.text           C:\WINDOWS\system32\svchost.exe[1508] msvcrt.dll!_open                                                               77C1F566 5 Bytes  JMP 00C00FE3
.text           C:\WINDOWS\system32\svchost.exe[1508] msvcrt.dll!_wcreat                                                             77C1FC9B 5 Bytes  JMP 00C00FA4
.text           C:\WINDOWS\system32\svchost.exe[1508] msvcrt.dll!_wopen                                                              77C20055 5 Bytes  JMP 00C00FC6
.text           C:\WINDOWS\system32\svchost.exe[1508] WS2_32.dll!socket                                                              71A54211 5 Bytes  JMP 00BF0000
.text           C:\WINDOWS\System32\svchost.exe[1548] ntdll.dll!NtCreateFile                                                         7C90D0AE 5 Bytes  JMP 033D0000
.text           C:\WINDOWS\System32\svchost.exe[1548] ntdll.dll!NtCreateProcess                                                      7C90D14E 5 Bytes  JMP 033D002C
.text           C:\WINDOWS\System32\svchost.exe[1548] ntdll.dll!NtProtectVirtualMemory                                               7C90D6EE 5 Bytes  JMP 033D0011
.text           C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateFileA                                                       7C801A28 5 Bytes  JMP 02FC0000
.text           C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!VirtualProtectEx                                                  7C801A61 5 Bytes  JMP 02FC0F7C
.text           C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!VirtualProtect                                                    7C801AD4 5 Bytes  JMP 02FC0071
.text           C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!LoadLibraryExW                                                    7C801AF5 5 Bytes  JMP 02FC0056
.text           C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!LoadLibraryExA                                                    7C801D53 5 Bytes  JMP 02FC0F8D
.text           C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!LoadLibraryA                                                      7C801D7B 5 Bytes  JMP 02FC0FC3
.text           C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!GetStartupInfoW                                                   7C801E54 5 Bytes  JMP 02FC0F29
.text           C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!GetStartupInfoA                                                   7C801EF2 5 Bytes  JMP 02FC0F3A
.text           C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateProcessW                                                    7C802336 5 Bytes  JMP 02FC009D
.text           C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateProcessA                                                    7C80236B 5 Bytes  JMP 02FC008C
.text           C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!GetProcAddress                                                    7C80AE40 5 Bytes  JMP 02FC00AE
.text           C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!LoadLibraryW                                                      7C80AEEB 5 Bytes  JMP 02FC0FB2
.text           C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateFileW                                                       7C810800 5 Bytes  JMP 02FC0025
.text           C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreatePipe                                                        7C81D83F 5 Bytes  JMP 02FC0F61
.text           C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateNamedPipeW                                                  7C82F0DD 5 Bytes  JMP 02FC0FDE
.text           C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateNamedPipeA                                                  7C860CDC 5 Bytes  JMP 02FC0FEF
.text           C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!WinExec                                                           7C86250D 5 Bytes  JMP 02FC0F18
.text           C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyExW                                                     77DC6AAF 5 Bytes  JMP 03E90FD1
.text           C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyExW                                                   77DC776C 5 Bytes  JMP 03E9004E
.text           C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyExA                                                     77DC7852 5 Bytes  JMP 03E90022
.text           C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyW                                                       77DC7946 5 Bytes  JMP 03E90011
.text           C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyExA                                                   77DCE9F4 5 Bytes  JMP 03E9003D
.text           C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyA                                                       77DCEFC8 5 Bytes  JMP 03E90000
.text           C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyW                                                     77DEBA55 2 Bytes  JMP 03E90F9B
.text           C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyW + 3                                                 77DEBA58 2 Bytes  [0A, 8C]
.text           C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyA                                                     77DEBCF3 5 Bytes  JMP 03E90FB6
.text           C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_wsystem                                                            77C1931E 5 Bytes  JMP 0390000A
.text           C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!system                                                              77C193C7 5 Bytes  JMP 03900F7F
.text           C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_creat                                                              77C1D40F 5 Bytes  JMP 03900FB5
.text           C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_open                                                               77C1F566 5 Bytes  JMP 03900FEF
.text           C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_wcreat                                                             77C1FC9B 5 Bytes  JMP 03900F9A
.text           C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_wopen                                                              77C20055 5 Bytes  JMP 03900FD2
.text           C:\WINDOWS\System32\svchost.exe[1548] WS2_32.dll!socket                                                              71A54211 5 Bytes  JMP 038F0FE5
.text           C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenA                                                      3FD1D690 5 Bytes  JMP 038E0000
.text           C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenW                                                      3FD1DB09 5 Bytes  JMP 038E0011
.text           C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenUrlA                                                   3FD1F3A4 5 Bytes  JMP 038E0022
.text           C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenUrlW                                                   3FD66D5F 5 Bytes  JMP 038E0FDB
.text           C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtCreateFile                                                         7C90D0AE 5 Bytes  JMP 00850FEF
.text           C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtCreateProcess                                                      7C90D14E 5 Bytes  JMP 00850000
.text           C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtProtectVirtualMemory                                               7C90D6EE 5 Bytes  JMP 00850FD4
.text           C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateFileA                                                       7C801A28 5 Bytes  JMP 00840000
.text           C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!VirtualProtectEx                                                  7C801A61 5 Bytes  JMP 0084005D
.text           C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!VirtualProtect                                                    7C801AD4 5 Bytes  JMP 00840F68
.text           C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExW                                                    7C801AF5 5 Bytes  JMP 00840042
.text           C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExA                                                    7C801D53 5 Bytes  JMP 00840F79
.text           C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryA                                                      7C801D7B 5 Bytes  JMP 00840FA5
.text           C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoW                                                   7C801E54 5 Bytes  JMP 0084008B
.text           C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoA                                                   7C801EF2 5 Bytes  JMP 0084006E
.text           C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateProcessW                                                    7C802336 5 Bytes  JMP 008400B7
.text           C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateProcessA                                                    7C80236B 5 Bytes  JMP 008400A6
.text           C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetProcAddress                                                    7C80AE40 5 Bytes  JMP 008400D2
.text           C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryW                                                      7C80AEEB 5 Bytes  JMP 00840F8A
.text           C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateFileW                                                       7C810800 5 Bytes  JMP 00840FE5
.text           C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreatePipe                                                        7C81D83F 1 Byte  [E9]
.text           C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreatePipe                                                        7C81D83F 5 Bytes  JMP 00840F43
.text           C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeW                                                  7C82F0DD 5 Bytes  JMP 00840FC0
.text           C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeA                                                  7C860CDC 5 Bytes  JMP 00840011
.text           C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!WinExec                                                           7C86250D 5 Bytes  JMP 00840F1E
.text           C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExW                                                     77DC6AAF 5 Bytes  JMP 00880FE5
.text           C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExW                                                   77DC776C 5 Bytes  JMP 00880FC3
.text           C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExA                                                     77DC7852 5 Bytes  JMP 0088002C
.text           C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyW                                                       77DC7946 5 Bytes  JMP 0088001B
.text           C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExA                                                   77DCE9F4 5 Bytes  JMP 00880FD4
.text           C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyA                                                       77DCEFC8 5 Bytes  JMP 0088000A
.text           C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyW                                                     77DEBA55 5 Bytes  JMP 0088006C
.text           C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyA                                                     77DEBCF3 5 Bytes  JMP 00880051
.text           C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wsystem                                                            77C1931E 5 Bytes  JMP 0087005A
.text           C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!system                                                              77C193C7 5 Bytes  JMP 00870049
.text           C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_creat                                                              77C1D40F 5 Bytes  JMP 00870027
.text           C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_open                                                               77C1F566 5 Bytes  JMP 00870FE3
.text           C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wcreat                                                             77C1FC9B 5 Bytes  JMP 00870038
.text           C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wopen                                                              77C20055 5 Bytes  JMP 00870000
.text           C:\WINDOWS\system32\svchost.exe[1652] WS2_32.dll!socket                                                              71A54211 5 Bytes  JMP 00860FEF
.text           C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtCreateFile                                                         7C90D0AE 5 Bytes  JMP 00C90000
.text           C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtCreateProcess                                                      7C90D14E 5 Bytes  JMP 00C90FDE
.text           C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtProtectVirtualMemory                                               7C90D6EE 5 Bytes  JMP 00C90FEF
.text           C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateFileA                                                       7C801A28 5 Bytes  JMP 00C80000
.text           C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!VirtualProtectEx                                                  7C801A61 5 Bytes  JMP 00C80F94
.text           C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!VirtualProtect                                                    7C801AD4 5 Bytes  JMP 00C80FAF
.text           C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryExW                                                    7C801AF5 5 Bytes  JMP 00C80089
.text           C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryExA                                                    7C801D53 5 Bytes  JMP 00C80062
.text           C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryA                                                      7C801D7B 5 Bytes  JMP 00C80FC0
.text           C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!GetStartupInfoW                                                   7C801E54 5 Bytes  JMP 00C800C8
.text           C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!GetStartupInfoA                                                   7C801EF2 5 Bytes  JMP 00C800B7
.text           C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateProcessW                                                    7C802336 5 Bytes  JMP 00C800ED
.text           C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateProcessA                                                    7C80236B 5 Bytes  JMP 00C80F4A
.text           C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!GetProcAddress                                                    7C80AE40 5 Bytes  JMP 00C80F39
.text           C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryW                                                      7C80AEEB 5 Bytes  JMP 00C80051
.text           C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateFileW                                                       7C810800 5 Bytes  JMP 00C80FE5
.text           C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreatePipe                                                        7C81D83F 5 Bytes  JMP 00C8009A
.text           C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateNamedPipeW                                                  7C82F0DD 5 Bytes  JMP 00C80036
.text           C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateNamedPipeA                                                  7C860CDC 5 Bytes  JMP 00C80025
.text           C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!WinExec                                                           7C86250D 5 Bytes  JMP 00C80F5B
.text           C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyExW                                                     77DC6AAF 5 Bytes  JMP 00CC001B
.text           C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyExW                                                   77DC776C 5 Bytes  JMP 00CC0065
.text           C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyExA                                                     77DC7852 5 Bytes  JMP 00CC000A
.text           C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyW                                                       77DC7946 5 Bytes  JMP 00CC0FD4
.text           C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyExA                                                   77DCE9F4 5 Bytes  JMP 00CC0FA8
.text           C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyA                                                       77DCEFC8 5 Bytes  JMP 00CC0FEF
.text           C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyW                                                     77DEBA55 2 Bytes  JMP 00CC0FB9
.text           C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyW + 3                                                 77DEBA58 2 Bytes  [ED, 88]
.text           C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyA                                                     77DEBCF3 5 Bytes  JMP 00CC0036
.text           C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_wsystem                                                            77C1931E 5 Bytes  JMP 00CB0FAF
.text           C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!system                                                              77C193C7 5 Bytes  JMP 00CB0044
.text           C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_creat                                                              77C1D40F 5 Bytes  JMP 00CB0029
.text           C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_open                                                               77C1F566 5 Bytes  JMP 00CB0FEF
.text           C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_wcreat                                                             77C1FC9B 5 Bytes  JMP 00CB0FD4
.text           C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_wopen                                                              77C20055 5 Bytes  JMP 00CB0018
.text           C:\WINDOWS\system32\svchost.exe[1680] WS2_32.dll!socket                                                              71A54211 5 Bytes  JMP 00CA0000
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3132] ntdll.dll!LdrLoadDll                                              7C91632D 5 Bytes  JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG]                                                      [F743E20E] sptd.sys
IAT             \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR]                                                       [F743D70C] sptd.sys
IAT             \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                      [F743DEEE] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                   [F743D70C] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                           [F743D8F0] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [F743D832] sptd.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [F743E0CC] sptd.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [F743DEEE] sptd.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                   [F7451F56] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\system32\mfevtps.exe[612] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW]               [00407740] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT             C:\WINDOWS\system32\mfevtps.exe[612] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]                   [004077A0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                               86DCA1E8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                               mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                             mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                              SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                              SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \Driver\usbuhci \Device\USBPDO-0                                                                                     862351E8
Device          \Driver\usbehci \Device\USBPDO-1                                                                                     8621E1E8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                     862351E8
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                     862351E8
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                     862351E8

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                            mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device          \Driver\Cdrom \Device\CdRom0                                                                                         861FE1E8
Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                   [F732F7B0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          [F73CDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                   [F73CDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                        [F732F7B0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                              84E461E8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                     84E461E8

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                            mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                          mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                     862351E8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                     862351E8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    84E3A1E8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                     862351E8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          84E3A1E8
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                     862351E8
Device          \Driver\usbehci \Device\USBFDO-4                                                                                     8621E1E8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{5EB5A895-A0E6-4247-A3EF-3AA72E63AD14}                                             84E461E8
Device          \FileSystem\Cdfs \Cdfs                                                                                               85A8B430

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   2
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                               0x98 0xF9 0x34 0x21 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0xBD 0x5D 0x02 0x43 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                   0x98 0xF9 0x34 0x21 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      1
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xE7 0xDD 0x54 0xE2 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x15 0xA4 0x68 0x7E ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x75 0xF9 0xF4 0xCA ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                   0x98 0xF9 0x34 0x21 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      1
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xBD 0x5D 0x02 0x43 ...

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                MBR read error
Disk            \Device\Harddisk0\DR0                                                                                                MBR BIOS signature not found 0

---- Files - GMER 1.0.15 ----

File            C:\Documents and Settings\Magda\Pulpit\OTL.Txt                                                                       83834 bytes

---- EOF - GMER 1.0.15 ----


Dodano Dzisiaj, 15:21:
Czy cos jeszcze mialam dolaczyc? Zrobilam jak radziles i wywalilam wszystkie emulatory i odpalilam SPTDinst, natomiast jesli chodzi o ComboFixa to bym musiala jeszcze raz zrobic nim scan, bo nie mam loga.
magdat
~user
 
Posty: 6
Dołączenie: 13 Maj 2011, 23:11


Góra

Tdss.d!mem - prosba o pomoc

Postprzez wojtas 15 Maj 2011, 09:24

Wykonaj czynności końcowe :
*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
* Skasuj stan przywracania systemu


Zaktualizuj zabezpieczenia:
>>> Adobe Reader (bez Free McAfee® Security Scan Plus)
>>> Java™ 6
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656


Góra

Tdss.d!mem - prosba o pomoc

Postprzez magdat 15 Maj 2011, 21:14

Wszystko pięknie chodzi i hula, włącza się jak burza. Dziękuję za pomoc!!
magdat
~user
 
Posty: 6
Dołączenie: 13 Maj 2011, 23:11


Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 9 gości

Powered by phpBB © Group
Forum Programosy.pl