x-kom hosting

MKS Vir Online brak silnika i bazy

nadir
utworzono
utworzono (edytowane)

Zawsze używałam skanera online MKS do doczyszczania systemu z trojanów, bo mój avast jednak przepuszcza co nieco. Jakiś czas temu zauważyłam, że mam starą bazę wirusów i nie aktualizuje się ona wraz z kolejnym skanowaniem. Dziś próbowałam ręcznie ją zaktualizować poprzez opcje dostępne na stronie: [url="http://www.mks.com.pl/skaner/"]http://www.mks.com.pl/skaner/[/url] jednak zamiast daty bazy silnika i aktualizacji, pojawił się napis BRAK. Nie mogę także wykonać skanowania.

Czy ktoś wie, co się może dziać i jak sprawić by MKS online był znów użyteczny? Jest to ważne, bo mam problem z uruchamianiem komputera - co drugi raz nie ładuje systemu dalej jak ekran powitalny i tło pulpitu ;/

Laptop Toshiba Satellite L40 14G
Windows xp i nakładka Vista inspirat [do tej pory działająca bez zarzutu]
Antywir - AVAST

Gość
komentarz
komentarz

[quote]Zawsze używałam skanera online MKS do doczyszczania systemu z trojanów, bo mój avast jednak przepuszcza co nieco.[/quote]

Dobre sobie. Firma juz dawno nie istnieje, więc jakie aktualizacje chcesz pobrac? :dance:


[quote]Jest to ważne, bo mam problem z uruchamianiem komputera - co drugi raz nie ładuje systemu dalej jak ekran powitalny i tło pulpitu ;/[/quote]

Tryb awaryjny działa? W ogóle możesz wejśc do systemu?

nadir
komentarz
komentarz

Nie śledzę rynku, po prostu od kilku lat sprawdzałam sobie komputer dodatkowo w ten sposób. Jest możliwe, skanowanie online przy pomocy innego antywira - mam na myśli takiego, z którego działania sami jesteście zadowoleni?

Komputer włącza się normalnie raz na dwa włączenia. Za kolejnym zaś razem ładuje tylko tapetę i zegar w systrayu. Kursor pokazuje zajętość i nie da się uruchomić nawet managera zdań, by zobaczyć, co zajmuje mu tyle pamięci. Można zostawić komputer na godzinę i on i tak nie ruszy z miejsca, tylko restart zwiększas szanse na skorzystanie z komputera. Jednak ostatnio dwa razy pod rząd się nie uruchomił, więc zaczynam się irytować.

Gość
komentarz
komentarz

Zrób logi z [b]OTL[/b] - instrukcja http://www.fixitpc.pl/topic/61-diagnostyka-ogolne-raporty-systemowe/#1

[quote]Komputer włącza się normalnie raz na dwa włączenia. Za kolejnym zaś razem ładuje tylko tapetę i zegar w systrayu. Kursor pokazuje zajętość i nie da się uruchomić nawet managera zdań, by zobaczyć, co zajmuje mu tyle pamięci. Można zostawić komputer na godzinę i on i tak nie ruszy z miejsca, tylko restart zwiększas szanse na skorzystanie z komputera. Jednak ostatnio dwa razy pod rząd się nie uruchomił, więc zaczynam się irytować. [/quote]

Takie zachowanie wcale nie musi pochodzić od infekcji. To moze być problem sprzetowy.

nadir
komentarz
komentarz

Czyli czas na nowy komputer? :)

Gość
komentarz
komentarz

[quote]Czyli czas na nowy komputer?[/quote]

Czas na raporty o które prosiłem

nadir
komentarz
komentarz

[log]
OTL logfile created on: 2012-06-14 23:27:30 - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\fleur1\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1015,17 Mb Total Physical Memory | 428,36 Mb Available Physical Memory | 42,20% Memory free
2,38 Gb Paging File | 1,73 Gb Available in Paging File | 72,39% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26,76 Gb Total Space | 13,12 Gb Free Space | 49,03% Space Free | Partition Type: NTFS
Drive D: | 42,78 Gb Total Space | 10,70 Gb Free Space | 25,02% Space Free | Partition Type: NTFS
Drive E: | 42,25 Gb Total Space | 19,15 Gb Free Space | 45,32% Space Free | Partition Type: NTFS

Computer Name: MATTHIOLA | User Name: fleur1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-06-14 23:18:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fleur1\Pulpit\OTL.exe
PRC - [2012-05-16 20:27:03 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012-04-04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012-03-07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012-03-07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-02-12 20:14:06 | 000,641,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011-12-06 22:52:20 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011-07-22 00:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011-03-25 09:55:52 | 000,151,552 | ---- | M] () -- C:\WINDOWS\KMService.exe
PRC - [2011-03-25 09:55:52 | 000,008,192 | ---- | M] () -- C:\WINDOWS\system32\srvany.exe
PRC - [2011-03-16 20:35:10 | 000,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2011-03-16 20:35:10 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2010-10-27 21:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe
PRC - [2008-12-01 00:01:22 | 003,738,624 | ---- | M] (Artur Sikora) -- C:\Program Files\SubEdit-Player\subedit.exe
PRC - [2008-04-15 14:00:00 | 000,977,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-11-28 18:39:42 | 002,465,792 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007-11-28 18:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007-11-04 20:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007-08-15 12:38:30 | 000,147,456 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007-03-19 00:05:02 | 000,630,784 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
PRC - [2005-07-15 23:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2005-05-24 23:41:09 | 000,503,808 | ---- | M] (Stamina) -- C:\Program Files\Konnekt\konnekt.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-06-14 07:16:25 | 001,768,960 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12061400\algo.dll
MOD - [2011-11-23 20:00:00 | 003,900,928 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffmpeg.dll
MOD - [2011-11-23 20:00:00 | 003,568,640 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2011-11-23 20:00:00 | 000,145,920 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ff_libmad.dll
MOD - [2011-11-23 10:57:23 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011-03-25 09:55:52 | 000,151,552 | ---- | M] () -- C:\WINDOWS\KMService.exe
MOD - [2011-03-25 09:55:52 | 000,008,192 | ---- | M] () -- C:\WINDOWS\system32\srvany.exe
MOD - [2011-03-15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010-10-27 21:23:04 | 000,106,496 | ---- | M] () -- C:\Program Files\Last.fm\srv_rtaudioplayback.dll
MOD - [2010-10-27 21:22:52 | 000,057,344 | ---- | M] () -- C:\Program Files\Last.fm\ext_messengernotify.dll
MOD - [2010-10-27 21:22:42 | 000,058,880 | ---- | M] () -- C:\Program Files\Last.fm\ext_skypenotify.dll
MOD - [2010-10-27 21:22:08 | 000,147,456 | ---- | M] () -- C:\Program Files\Last.fm\srv_madtranscode.dll
MOD - [2010-10-27 21:22:00 | 000,028,160 | ---- | M] () -- C:\Program Files\Last.fm\srv_httpinput.dll
MOD - [2010-10-27 21:19:28 | 000,372,736 | ---- | M] () -- C:\Program Files\Last.fm\LastFmFingerprint1.dll
MOD - [2010-10-27 21:19:06 | 000,025,088 | ---- | M] () -- C:\Program Files\Last.fm\breakpad.dll
MOD - [2010-10-27 21:18:50 | 000,180,224 | ---- | M] () -- C:\Program Files\Last.fm\Moose1.dll
MOD - [2010-10-27 21:18:34 | 000,540,672 | ---- | M] () -- C:\Program Files\Last.fm\LastFmTools1.dll
MOD - [2010-10-27 21:13:52 | 001,382,507 | ---- | M] () -- C:\Program Files\Last.fm\libfftw3f-3.dll
MOD - [2010-10-27 21:13:52 | 000,074,240 | ---- | M] () -- C:\Program Files\Last.fm\zlibwapi.dll
MOD - [2009-02-27 20:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL
MOD - [2008-04-16 17:42:30 | 000,376,832 | ---- | M] () -- C:\Program Files\Last.fm\QtNetwork4.dll
MOD - [2008-04-16 17:42:16 | 000,524,288 | ---- | M] () -- C:\Program Files\Last.fm\QtSql4.dll
MOD - [2008-04-16 17:42:02 | 006,701,056 | ---- | M] () -- C:\Program Files\Last.fm\QtGui4.dll
MOD - [2008-04-16 17:36:38 | 000,376,832 | ---- | M] () -- C:\Program Files\Last.fm\QtXml4.dll
MOD - [2008-04-16 17:36:34 | 001,654,784 | ---- | M] () -- C:\Program Files\Last.fm\QtCore4.dll
MOD - [2008-04-02 14:26:50 | 000,233,472 | ---- | M] () -- C:\Program Files\Last.fm\imageformats\qmng4.dll
MOD - [2008-04-02 14:26:34 | 000,021,504 | ---- | M] () -- C:\Program Files\Last.fm\imageformats\qgif4.dll
MOD - [2008-04-02 14:26:28 | 000,135,168 | ---- | M] () -- C:\Program Files\Last.fm\imageformats\qjpeg4.dll
MOD - [2007-11-28 18:39:42 | 002,465,792 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
MOD - [2007-11-04 20:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
MOD - [2007-08-15 12:38:30 | 000,147,456 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
MOD - [2007-03-19 00:05:02 | 000,630,784 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
MOD - [2007-03-19 00:04:22 | 000,069,632 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
MOD - [2006-10-03 20:40:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Konnekt\plugins\kMigacz.dll
MOD - [2005-09-18 16:06:15 | 000,049,152 | ---- | M] () -- C:\Program Files\Konnekt\data\dll\SMemory.dll
MOD - [2004-05-27 19:13:10 | 000,057,344 | ---- | M] () -- C:\Program Files\ATK Hotkey\CMSSC.DLL
MOD - [2003-04-11 02:01:05 | 000,159,744 | ---- | M] () -- C:\Program Files\Konnekt\data\dll\ssleay32.dll
MOD - [2003-04-11 02:00:33 | 000,839,680 | ---- | M] () -- C:\Program Files\Konnekt\data\dll\libeay32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- %ProgramFiles%\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\iphlpsvc.dll -- (iphlpsvc)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012-05-17 01:12:39 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-04-04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012-03-07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011-06-12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011-03-25 09:55:52 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\srvany.exe -- (KMService)
SRV - [2011-03-16 20:35:10 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007-02-05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007-02-05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006-12-14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006-12-14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006-12-14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\tdx.sys -- (tdx)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\fleur1\USTAWI~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ayyzjaec)
DRV - [2012-03-07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012-03-07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012-03-07 01:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012-03-07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012-03-07 01:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012-03-07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012-03-07 00:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011-10-20 20:19:09 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011-03-16 20:35:10 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2011-03-16 20:19:27 | 000,342,784 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2011-03-16 20:02:18 | 004,608,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011-03-16 20:00:34 | 000,085,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008-03-17 12:03:46 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007-08-28 06:58:00 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-299502267-261903793-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mks.com.pl/skaner/
IE - HKU\S-1-5-21-299502267-261903793-1801674531-1003\..\URLSearchHook: {14f6a182-4c6f-45ae-9f5a-aa3ccbb1cfa3} - C:\Program Files\InnoGames_Polska\prxtbInn0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-299502267-261903793-1801674531-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-299502267-261903793-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-299502267-261903793-1801674531-1003\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2832599
IE - HKU\S-1-5-21-299502267-261903793-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: "InnoGames Polska Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2832599&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.bankmillennium.pl/"
FF - prefs.js..extensions.enabledItems: {14f6a182-4c6f-45ae-9f5a-aa3ccbb1cfa3}:3.12.0.7
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2832599&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\fleur1\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\fleur1\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-10 18:31:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-06 22:53:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-05-17 01:12:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-05-17 01:12:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.3.3\extensions\\Components: C:\Program Files\SeaMonkey\components [2011-12-06 22:53:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.3.3\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins

[2011-03-16 22:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fleur1\Dane aplikacji\Mozilla\Extensions
[2012-06-06 20:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fleur1\Dane aplikacji\Mozilla\Firefox\Profiles\xsfglhxd.default\extensions
[2012-06-06 20:43:52 | 000,000,000 | ---D | M] (InnoGames Polska Community Toolbar) -- C:\Documents and Settings\fleur1\Dane aplikacji\Mozilla\Firefox\Profiles\xsfglhxd.default\extensions\{14f6a182-4c6f-45ae-9f5a-aa3ccbb1cfa3}
[2011-06-09 22:09:55 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Documents and Settings\fleur1\Dane aplikacji\Mozilla\Firefox\Profiles\xsfglhxd.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2012-04-18 01:13:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fleur1\Dane aplikacji\Mozilla\SeaMonkey\Profiles\dt96yinf.default\extensions
[2012-04-18 01:13:21 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\fleur1\Dane aplikacji\Mozilla\SeaMonkey\Profiles\dt96yinf.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012-03-22 16:06:16 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\fleur1\Dane aplikacji\Mozilla\SeaMonkey\Profiles\dt96yinf.default\extensions\inspector@mozilla.org
[2011-03-21 14:45:40 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\fleur1\Dane aplikacji\Mozilla\Firefox\Profiles\xsfglhxd.default\searchplugins\conduit.xml
[2012-05-17 01:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-05-17 01:12:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-05-17 01:12:35 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-05-17 01:12:35 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-05-17 01:12:35 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-05-17 01:12:35 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-05-17 01:12:35 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-05-17 01:12:35 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\fleur1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\fleur1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\fleur1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\fleur1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\fleur1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Szukaj w Google = C:\Documents and Settings\fleur1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AT_HedgehogInTheFog_v2 = C:\Documents and Settings\fleur1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\fleur1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\fleur1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\fleur1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-06-12 07:16:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (InnoGames Polska Toolbar) - {14f6a182-4c6f-45ae-9f5a-aa3ccbb1cfa3} - C:\Program Files\InnoGames_Polska\prxtbInn0.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (InnoGames Polska Toolbar) - {14f6a182-4c6f-45ae-9f5a-aa3ccbb1cfa3} - C:\Program Files\InnoGames_Polska\prxtbInn0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-299502267-261903793-1801674531-1003\..\Toolbar\WebBrowser: (InnoGames Polska Toolbar) - {14F6A182-4C6F-45AE-9F5A-AA3CCBB1CFA3} - C:\Program Files\InnoGames_Polska\prxtbInn0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [ATKHOTKEY] C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [MsgTranAgt] C:\Program Files\ATK Hotkey\MsgTranAgt.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-299502267-261903793-1801674531-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-299502267-261903793-1801674531-1003..\Run: [Konnekt] C:\Program Files\Konnekt\konnekt.exe (Stamina)
O4 - HKU\S-1-5-21-299502267-261903793-1801674531-1003..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-21-299502267-261903793-1801674531-1003..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-299502267-261903793-1801674531-1003..\Run: [RocketDock] C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-299502267-261903793-1801674531-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\fleur1\Menu Start\Programy\Autostart\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-261903793-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-261903793-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-261903793-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-299502267-261903793-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-299502267-261903793-1801674531-1003\..Trusted Domains: mks.com.pl ([www] http in Zaufane witryny)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.172.224.160 89.231.1.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9787F8F1-CA25-4280-922A-FB9280A992E9}: DhcpNameServer = 217.172.224.160 89.231.1.206
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\fleur1\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\fleur1\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-03-16 18:24:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008-11-15 22:24:18 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008-11-15 22:24:18 | 000,000,000 | ---D | M] - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-06-14 23:17:59 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fleur1\Pulpit\OTL.exe
[2012-06-12 08:34:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-06-07 13:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fleur1\Dane aplikacji\Soldat
[2012-06-06 15:52:52 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2012-06-06 15:52:24 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2012-06-06 15:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fleur1\Pulpit\VA-Sucker_Punch_Original_Motion_Picture_Soundtrack_OST-2011-FRAY
[2012-05-28 12:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fleur1\Pulpit\Do druku
[2012-05-17 01:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fleur1\Ustawienia lokalne\Dane aplikacji\Sun
[2012-05-17 01:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Mozilla
[2012-05-17 01:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012-05-17 01:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012-05-17 01:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012-05-17 01:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fleur1\Dane aplikacji\Oracle
[2012-05-17 01:08:16 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012-05-17 01:08:16 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012-05-17 01:08:03 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012-05-17 01:08:03 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011-03-30 11:40:32 | 000,095,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-06-14 23:18:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fleur1\Pulpit\OTL.exe
[2012-06-14 23:14:01 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-06-14 23:10:00 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261903793-1801674531-1003UA.job
[2012-06-14 12:04:18 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\fleur1\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-14 06:10:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261903793-1801674531-1003Core.job
[2012-06-14 01:14:00 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-06-13 11:59:32 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-261903793-1801674531-1003.job
[2012-06-13 11:57:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-06-13 11:53:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-06-12 10:26:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-261903793-1801674531-1003.job
[2012-06-12 07:16:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-06-09 10:39:05 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-05-31 15:22:04 | 000,602,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012-05-17 01:07:47 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012-05-17 01:07:47 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-05-17 01:12:50 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
[2012-03-15 15:42:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-03-15 15:42:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-03-15 15:42:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-03-15 15:42:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-03-15 15:42:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-02-15 05:07:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011-11-25 16:30:15 | 003,164,160 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2011-11-25 16:30:15 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011-11-25 16:30:15 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011-11-25 16:30:15 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2011-11-25 16:30:14 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011-06-15 21:54:50 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2011-03-30 11:40:34 | 000,517,976 | ---- | C] () -- C:\Program Files\DXSETUP.exe
[2011-03-30 11:40:32 | 001,566,040 | ---- | C] () -- C:\Program Files\dsetup32.dll
[2011-03-30 11:40:32 | 000,097,152 | ---- | C] () -- C:\Program Files\dxupdate.cab
[2011-03-30 11:40:32 | 000,044,624 | ---- | C] () -- C:\Program Files\dxdllreg_x86.cab
[2011-03-25 18:05:40 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\fleur1\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-03-25 09:56:23 | 000,151,552 | ---- | C] () -- C:\WINDOWS\KMService.exe
[2011-03-25 09:56:23 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2011-03-18 09:02:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2011-03-18 08:25:15 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-03-17 08:47:32 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011-03-16 22:44:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-03-16 20:35:38 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2011-03-16 20:35:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2011-03-16 20:35:38 | 000,010,162 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2011-03-16 20:35:38 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2011-03-16 20:19:41 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011-03-16 20:03:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011-03-16 19:57:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4833.dll
[2011-03-16 19:57:53 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2011-03-16 19:10:50 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-03-16 19:09:36 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-03-16 18:28:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-03-16 18:21:12 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011-02-10 01:00:00 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011-03-16 22:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software
[2011-03-23 09:07:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ
[2011-10-20 20:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2011-04-28 14:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\e-file
[2011-05-20 10:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm
[2011-06-24 22:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\stamina
[2011-07-02 17:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fleur1\Dane aplikacji\Canon
[2011-10-20 20:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fleur1\Dane aplikacji\DAEMON Tools Lite
[2012-03-09 10:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fleur1\Dane aplikacji\e-pity
[2012-06-14 11:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fleur1\Dane aplikacji\foobar2000
[2012-05-14 22:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fleur1\Dane aplikacji\NapiProjekt
[2011-03-16 22:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fleur1\Dane aplikacji\Opera
[2012-05-17 01:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fleur1\Dane aplikacji\Oracle
[2012-06-07 13:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fleur1\Dane aplikacji\Soldat
[2012-06-14 23:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fleur1\Dane aplikacji\uTorrent

[color=#E56717]========== Purity Check ==========[/color]



< End of report >
[/log]

Gość
komentarz
komentarz

Uruchom OTL i w oknie [b]Własne opcje skanowania/skrypt[/b] wklej:

[code]:Drivers
catchme
ayyzjaec

:Files
autorun.inf /alldrives

:OTL
IE - HKU\S-1-5-21-299502267-261903793-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mks.com.pl/skaner/
IE - HKU\S-1-5-21-299502267-261903793-1801674531-1003\..\URLSearchHook: {14f6a182-4c6f-45ae-9f5a-aa3ccbb1cfa3} - C:\Program Files\InnoGames_Polska\prxtbInn0.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2832599&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2832599&q="
O15 - HKU\S-1-5-21-299502267-261903793-1801674531-1003\..Trusted Domains: mks.com.pl ([www] http in Zaufane witryny)

:Commands
[emptytemp][/code]

Kliknij w [b]Wykonaj skrypt[/b]


Zabrakło loga [b]Extras.txt [/b]- uzupełnij.

2. Odinstaluj dodatek InnoGames Polska Toolbar

3. Pobierz AdwCleaner i wykonaj skan z opcji [b]Search[/b] - przedstaw raport.
http://general-changelog-team.fr/outils/289-adwcleaner

nadir
komentarz
komentarz

[log]
OTL Extras logfile created on: 2012-06-14 23:27:30 - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\fleur1\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1015,17 Mb Total Physical Memory | 428,36 Mb Available Physical Memory | 42,20% Memory free
2,38 Gb Paging File | 1,73 Gb Available in Paging File | 72,39% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26,76 Gb Total Space | 13,12 Gb Free Space | 49,03% Space Free | Partition Type: NTFS
Drive D: | 42,78 Gb Total Space | 10,70 Gb Free Space | 25,02% Space Free | Partition Type: NTFS
Drive E: | 42,25 Gb Total Space | 19,15 Gb Free Space | 45,32% Space Free | Partition Type: NTFS

Computer Name: MATTHIOLA | User Name: fleur1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-299502267-261903793-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [napiprojekt] -- "C:\Program Files\NAPI-PROJEKT\napisy.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Łukasz\Soldat\Soldat.exe" = D:\Łukasz\Soldat\Soldat.exe:*:Enabled:http://soldat.pl -- (Michal Marcinkowski)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{670A2206-F20A-490C-8C13-25EA88BF8E53}_is1" = e-pity 2010
"{670A2206-F20A-490C-8C13-25EA88BF8E54}_is1" = e-pity 2011 wersja 3.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010
"{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010
"{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010
"{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010
"{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010
"{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010
"{90140000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010
"{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010
"{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010
"{90140000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.0 - Polish
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"foobar2000" = foobar2000 v1.1.5
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InnoGames_Polska Toolbar" = InnoGames Polska Toolbar
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.0.0
"Konnekt" = Konnekt
"LastFM_is1" = Last.fm 1.5.4.27091
"Mozilla Firefox 12.0 (x86 pl)" = Mozilla Firefox 12.0 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NapiProjekt_is1" = NapiProjekt (2.0.0.2151)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Opera 11.64.1403" = Opera 11.64
"Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0
"Picasa 3" = Picasa 3
"PLAY ONLINE" = PLAY ONLINE
"RealAlt_is1" = Real Alternative 2.0.2
"RealPlayer 12.0" = RealPlayer
"RealPlayer 15.0" = RealPlayer
"SeaMonkey (2.3.3)" = SeaMonkey (2.3.3)
"SkanerOnline" = Skaner on-line mks_vir
"SubEdit-Player_is1" = SubEdit-Player
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"uTorrent" = µTorrent
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR 4.01 (32-bitowy)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-299502267-261903793-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-04-14 19:30:39 | Computer Name = MATTHIOLA | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca opera.exe, wersja 11.62.1347.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2012-04-23 10:42:48 | Computer Name = MATTHIOLA | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca opera.exe, wersja 11.62.1347.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2012-05-13 09:38:25 | Computer Name = MATTHIOLA | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2012-05-18 18:06:34 | Computer Name = MATTHIOLA | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca java.exe, wersja 7.0.40.22, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2012-05-19 18:13:44 | Computer Name = MATTHIOLA | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2012-05-20 04:58:27 | Computer Name = MATTHIOLA | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2012-05-30 00:26:28 | Computer Name = MATTHIOLA | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2012-06-12 01:15:06 | Computer Name = MATTHIOLA | Source = crypt32 | ID = 131083
Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej
aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,
wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
bieżącego zegara systemowego lub sygnatury czasowej.

Error - 2012-06-12 01:15:07 | Computer Name = MATTHIOLA | Source = crypt32 | ID = 131083
Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej
aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,
wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
bieżącego zegara systemowego lub sygnatury czasowej.

Error - 2012-06-12 01:15:07 | Computer Name = MATTHIOLA | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: The server name or address could not be resolved

[ System Events ]
Error - 2012-06-12 03:00:15 | Computer Name = MATTHIOLA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Automatic Updates z powodu następującego
błędu: %%1290

Error - 2012-06-12 03:04:40 | Computer Name = MATTHIOLA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi @%SystemRoot%\system32\tcpipcfg.dll,-50004
z powodu następującego błędu: %%2

Error - 2012-06-12 03:04:40 | Computer Name = MATTHIOLA | Source = Service Control Manager | ID = 7003
Description = Usługa @%SystemRoot%\system32\iphlpsvc.dll,-200 zależy od następującej
nieistniejącej usługi: nsi.

Error - 2012-06-12 03:04:40 | Computer Name = MATTHIOLA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Automatic Updates z powodu następującego
błędu: %%1290

Error - 2012-06-13 05:53:44 | Computer Name = MATTHIOLA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi @%SystemRoot%\system32\tcpipcfg.dll,-50004
z powodu następującego błędu: %%2

Error - 2012-06-13 05:53:44 | Computer Name = MATTHIOLA | Source = Service Control Manager | ID = 7003
Description = Usługa @%SystemRoot%\system32\iphlpsvc.dll,-200 zależy od następującej
nieistniejącej usługi: nsi.

Error - 2012-06-13 05:53:44 | Computer Name = MATTHIOLA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Automatic Updates z powodu następującego
błędu: %%1290

Error - 2012-06-13 05:57:30 | Computer Name = MATTHIOLA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi @%SystemRoot%\system32\tcpipcfg.dll,-50004
z powodu następującego błędu: %%2

Error - 2012-06-13 05:57:30 | Computer Name = MATTHIOLA | Source = Service Control Manager | ID = 7003
Description = Usługa @%SystemRoot%\system32\iphlpsvc.dll,-200 zależy od następującej
nieistniejącej usługi: nsi.

Error - 2012-06-13 05:57:30 | Computer Name = MATTHIOLA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Automatic Updates z powodu następującego
błędu: %%1290


< End of report >
[/log]

Nie zauważyłam pliku.

Gość
komentarz
komentarz

Czekam na raport z [b]AdwCleaner[/b].

nadir
komentarz
komentarz (edytowane)

A może pan doktor powie co go niepokoi w tym co wklejam?

:)

[log]
# AdwCleaner v1.609 - Logfile created 06/15/2012 at 11:34:21
# Updated 10/06/2012 by Xplode
# Operating system : Microsoft Windows XP Dodatek Service Pack 3 (32 bits)
# User : fleur1 - MATTHIOLA
# Running from : C:\Documents and Settings\fleur1\Pulpit\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\Conduit

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2832599
Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E2E2DD38-D088-4134-82B7-F2BA38496583}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Opera v11.64.1403.0

File : C:\Documents and Settings\fleur1\Dane aplikacji\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1489 octets] - [15/06/2012 11:34:21]

########## EOF - C:\AdwCleaner[R1].txt - [1617 octets] ##########
[/log]

Gość
komentarz
komentarz

Niepokoi mnie Dziennik zdarzeń systemu. naprzykład taki zapis

[code]Error - 2012-06-13 05:53:44 | Computer Name = MATTHIOLA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi @%SystemRoot%\system32\tcpipcfg.dll,-50004
z powodu następującego błędu: %%2
Error - 2012-06-13 05:53:44 | Computer Name = MATTHIOLA | Source = Service Control Manager | ID = 7003
Description = Usługa @%SystemRoot%\system32\iphlpsvc.dll,-200 zależy od następującej
nieistniejącej usługi: nsi.[/code]

Do pełni szczescia brakuje mi loga z [b]Gmer[/b]
http://www.forumpc.pl/index.php?showtopic=116175

nadir
komentarz
komentarz

[log]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-15 23:54:37
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL13
Running: nzkvi2fv.exe; Driver: C:\DOCUME~1\fleur1\USTAWI~1\Temp\fxryapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA9F4DDF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA9FDAA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA9F4E85E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA9F7AD5D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA9F532E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA9F53330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA9F53422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA9F7A711]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA9F53252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA9F53374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA9F5329A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA9F533DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA9F4DE44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA9F7B423]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA9F7B6D9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA9F509A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA9F7B28E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9F7B0F9]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA9FDAB34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA9F4DAD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA9F4DE90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA9F50D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA9F4EB02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA9F5330E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA9F53352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA9F53446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA9F7AA6D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA9F53278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA9F50518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA9F533AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA9F532C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA9F5074C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA9F53400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA9FDACA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA9F7AF74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA9F4E9CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA9F7ADC6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA9FE4B68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA9F79D84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA9F4DEDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA9F4DF28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA9F4DB46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA9F4DCEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA9F7B52A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA9F4DC92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA9F4DD5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xA9FDAD60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA9F4DF74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xA9FDABE0]

INT 0x62 ? 865DACB8
INT 0x73 ? 857DBF00
INT 0x74 ? 857DBF00
INT 0x83 ? 857DBF00
INT 0x94 ? 857DBF00
INT 0xA4 ? 857DBF00
INT 0xB4 ? 86599CB8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA9FF0D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23C8 80501BD8 4 Bytes [5E, E8, F4, A9]
.text ntkrnlpa.exe!ZwCallbackReturn + 2608 80501E18 4 Bytes [CE, E9, F4, A9]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B8D6 4 Bytes CALL A9F4F19F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1D9E 5 Bytes JMP A9FEDC8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8C16 5 Bytes JMP A9FEF74C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C74C0 7 Bytes JMP A9FF0D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text sptd.sys F7372000 32 Bytes [E0, 36, 6D, 80, 5E, 87, 6D, ...]
.text sptd.sys F7372024 168 Bytes [82, 1A, 53, 80, 80, 4F, 54, ...]
.text sptd.sys F73720CD 255 Bytes [5F, 53, 80, 26, 28, 53, 80, ...]
.text sptd.sys F73721D4 4 Bytes [F3, A5, 6A, 4D] {REP MOVSD ; PUSH 0x4d}
.text sptd.sys F73721DC 1 Byte [02]
.text ...
.sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xF741C9E3]
? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
.text USBPORT.SYS!DllUnload EB76C8AC 5 Bytes JMP 857DB410
.text win32k.sys!EngFreeUserMem + 674 BF8098E2 5 Bytes JMP A9F52180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C83E 5 Bytes JMP A9F5207C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138D6 5 Bytes JMP A9F52036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C540 5 Bytes JMP A9F51724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240B0 5 Bytes JMP A9F50F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A1A 5 Bytes JMP A9F522EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831465 5 Bytes JMP A9F524F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839E9C 5 Bytes JMP A9F51F3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85173B 5 Bytes JMP A9F50E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC5A 5 Bytes JMP A9F517E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2C4 5 Bytes JMP A9F51384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E34F 5 Bytes JMP A9F51562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5C2 5 Bytes JMP A9F50E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF864991 5 Bytes JMP A9F520BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873CC4 5 Bytes JMP A9F5151C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890F01 5 Bytes JMP A9F517FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8944AC 5 Bytes JMP A9F52232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894F84 5 Bytes JMP A9F52450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3857 BF89C32B 5 Bytes JMP A9F5170C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89D8C0 5 Bytes JMP A9F50FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9DB BF8C1E40 5 Bytes JMP A9F51104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA2A2 5 Bytes JMP A9F511AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA522 5 Bytes JMP A9F512E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EBEF7 5 Bytes JMP A9F50D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB46 BF8F4EFF 5 Bytes JMP A9F5173C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A2D BF9136C2 5 Bytes JMP A9F50F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2601 BF914296 5 Bytes JMP A9F510B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F7A BF916C0F 5 Bytes JMP A9F5167C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 194D BF946CFD 5 Bytes JMP A9F523A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\alg.exe[488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[488] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[488] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\alg.exe[488] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\alg.exe[488] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\alg.exe[488] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\alg.exe[488] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\alg.exe[488] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\System32\alg.exe[488] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\alg.exe[488] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\alg.exe[488] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\System32\alg.exe[488] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\System32\alg.exe[488] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\alg.exe[488] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\alg.exe[488] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\smss.exe[588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[676] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[824] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[824] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[824] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[824] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\winlogon.exe[824] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[824] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[824] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\winlogon.exe[824] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\winlogon.exe[824] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[824] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[824] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\winlogon.exe[824] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\winlogon.exe[824] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\winlogon.exe[824] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\winlogon.exe[824] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\winlogon.exe[824] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\services.exe[868] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[868] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[868] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[868] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\services.exe[868] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\services.exe[868] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\services.exe[868] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\services.exe[868] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\lsass.exe[880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[880] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[880] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[880] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\lsass.exe[880] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\lsass.exe[880] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\lsass.exe[880] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\lsass.exe[880] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1280] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1280] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1280] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1280] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1280] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1280] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1280] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1280] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1280] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1280] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1280] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1280] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1280] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1280] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1280] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text c:\program files\real\realplayer\update\realsched.exe[1320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text c:\program files\real\realplayer\update\realsched.exe[1320] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text c:\program files\real\realplayer\update\realsched.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1580] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1580] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1620] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1620] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\spoolsv.exe[1620] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[1620] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[1620] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\spoolsv.exe[1620] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\spoolsv.exe[1620] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[1620] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[1620] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\spoolsv.exe[1620] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\spoolsv.exe[1620] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\spoolsv.exe[1620] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\spoolsv.exe[1620] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\spoolsv.exe[1620] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1692] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1692] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1692] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1692] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1692] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\agrsmsvc.exe[1744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\agrsmsvc.exe[1744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\agrsmsvc.exe[1744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\agrsmsvc.exe[1744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\agrsmsvc.exe[1744] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\agrsmsvc.exe[1744] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\agrsmsvc.exe[1744] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\agrsmsvc.exe[1744] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\agrsmsvc.exe[1744] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\agrsmsvc.exe[1744] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\agrsmsvc.exe[1744] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\agrsmsvc.exe[1744] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\agrsmsvc.exe[1744] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\agrsmsvc.exe[1744] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\agrsmsvc.exe[1744] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\agrsmsvc.exe[1744] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\agrsmsvc.exe[1744] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1800] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1800] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1800] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1800] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1800] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1800] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1800] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1800] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1800] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1800] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 006C0804
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1800] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 006C0A08
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1800] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 006C0600
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1800] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 006C01F8
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1800] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 006C03FC
.text C:\WINDOWS\system32\srvany.exe[1832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\srvany.exe[1832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\srvany.exe[1832] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\srvany.exe[1832] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\srvany.exe[1832] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\srvany.exe[1832] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\srvany.exe[1832] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\srvany.exe[1832] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\srvany.exe[1832] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\srvany.exe[1832] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014
.text C:\WINDOWS\system32\srvany.exe[1832] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\srvany.exe[1832] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\srvany.exe[1832] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C
.text C:\WINDOWS\system32\srvany.exe[1832] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10
.text C:\WINDOWS\system32\srvany.exe[1832] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\srvany.exe[1832] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\srvany.exe[1832] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600
.text C:\WINDOWS\KMService.exe[1856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8
.text C:\WINDOWS\KMService.exe[1856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\KMService.exe[1856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC
.text C:\WINDOWS\KMService.exe[1856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\KMService.exe[1856] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\WINDOWS\KMService.exe[1856] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\WINDOWS\KMService.exe[1856] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\WINDOWS\KMService.exe[1856] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\KMService.exe[1856] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\WINDOWS\KMService.exe[1856] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\WINDOWS\KMService.exe[1856] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\WINDOWS\KMService.exe[1856] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\KMService.exe[1856] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\WINDOWS\KMService.exe[1856] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\WINDOWS\KMService.exe[1856] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\WINDOWS\KMService.exe[1856] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\WINDOWS\KMService.exe[1856] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\ATK Hotkey\ATKOSD.exe[2100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATK Hotkey\ATKOSD.exe[2100] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ATK Hotkey\WDC.exe[2788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATK Hotkey\WDC.exe[2788] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2944] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\igfxtray.exe[3128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxtray.exe[3128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[3136] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[3136] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[3164] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[3164] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[3188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[3188] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3284] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3284] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[3404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[3404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3540] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Gmail Notifier\gnotify.exe[3648] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Gmail Notifier\gnotify.exe[3648] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ATK Hotkey\Hcontrol.exe[3704] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATK Hotkey\Hcontrol.exe[3704] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ATK Hotkey\MsgTranAgt.exe[3756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATK Hotkey\MsgTranAgt.exe[3756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ltmoh\Ltmoh.exe[3852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ltmoh\Ltmoh.exe[3852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[3944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[3944] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[3952] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[3952] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\uTorrent\uTorrent.exe[3960] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\uTorrent\uTorrent.exe[3960] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3964] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Konnekt\konnekt.exe[4008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Konnekt\konnekt.exe[4008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\fleur1\Pulpit\nzkvi2fv.exe[5896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\fleur1\Pulpit\nzkvi2fv.exe[5896] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F737420E] sptd.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F737370C] sptd.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F7373EEE] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F737370C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73738F0] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7373832] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73740CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7373EEE] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7387F56] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[868] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002
IAT C:\WINDOWS\system32\services.exe[868] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[3540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 865981E8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{FA5D0377-F296-4F8C-AFFF-3436BF195CEB} 8576A430

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 859EB1E8
Device \Driver\usbuhci \Device\USBPDO-1 859EB1E8
Device \Driver\PCI_PNP1224 \Device\00000046 sptd.sys
Device \Driver\usbehci \Device\USBPDO-2 858DE1E8
Device \Driver\usbehci \Device\USBPDO-3 858DE1E8
Device \Driver\usbuhci \Device\USBPDO-4 859EB1E8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBPDO-5 859EB1E8
Device \Driver\usbuhci \Device\USBPDO-6 859EB1E8
Device \Driver\Cdrom \Device\CdRom0 85A021E8
Device \Driver\iastor \Device\Ide\iaStor0 [F7244770] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F72DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 [F7244770] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 85A021E8
Device \Driver\Cdrom \Device\CdRom2 85A021E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8576A430
Device \Driver\NetBT \Device\NetbiosSmb 8576A430

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBFDO-0 859EB1E8
Device \Driver\usbuhci \Device\USBFDO-1 859EB1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9787F8F1-CA25-4280-922A-FB9280A992E9} 8576A430
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85758430
Device \Driver\usbehci \Device\USBFDO-2 858DE1E8
Device \Driver\usbuhci \Device\USBFDO-3 859EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85758430
Device \Driver\usbuhci \Device\USBFDO-4 859EB1E8
Device \Driver\usbuhci \Device\USBFDO-5 859EB1E8
Device \Driver\usbehci \Device\USBFDO-6 858DE1E8
Device \Driver\abz8i345 \Device\Scsi\abz8i3451Port2Path0Target1Lun0 85971250
Device \Driver\abz8i345 \Device\Scsi\abz8i3451Port2Path0Target0Lun0 85971250
Device \Driver\abz8i345 \Device\Scsi\abz8i3451 85971250
Device \FileSystem\Cdfs \Cdfs 84F3A1E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x15 0x93 0x4E 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEF 0x2B 0x89 0x37 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA8 0x84 0xA3 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x47 0x86 0xD0 0x92 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x99 0xBD 0x8E 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEF 0x2B 0x89 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA8 0x84 0xA3 0xE3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x47 0x86 0xD0 0x92 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3049C3E9-B461-4BC5-8870-4C09146192CA}\iexplore@Count 1927
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore@Count 2514

---- EOF - GMER 1.0.15 ----[/log]

Gość
komentarz
komentarz

1. Zamknij wszystkie przegladarki. Uruchom AdwCleaner i kliknij [b]Delete[/b]

2. Pobierz [b]SystemLook[/b] http://jpshortstuff.247fixes.com/SystemLook.exe


Uruchom i w puste pole wklej:

[code]:reg
HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
:filefind
services.exe[/code]

Kliknij w Look. Jak program skończy przedstaw raport.

nadir
komentarz
komentarz (edytowane)

AdwCleaner wyrzucił:

[log]
# AdwCleaner v1.609 - Logfile created 06/16/2012 at 12:22:44
# Updated 10/06/2012 by Xplode
# Operating system : Microsoft Windows XP Dodatek Service Pack 3 (32 bits)
# User : fleur1 - MATTHIOLA
# Running from : C:\Documents and Settings\fleur1\Pulpit\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2832599
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E2E2DD38-D088-4134-82B7-F2BA38496583}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Opera v11.64.1403.0

File : C:\Documents and Settings\fleur1\Dane aplikacji\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1618 octets] - [15/06/2012 11:34:21]
AdwCleaner[S1].txt - [1571 octets] - [16/06/2012 12:22:44]

########## EOF - C:\AdwCleaner[S1].txt - [1699 octets] ##########[/log]

SystemLook:

[log]
SystemLook 30.07.11 by jpshortstuff
Log created at 12:27 on 16/06/2012 by fleur1
Administrator - Elevation successful

========== reg ==========

[HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}]
@="Microsoft WBEM New Event Subsystem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
@="%systemroot%\system32\wbem\wbemess.dll"
"ThreadingModel"="Both"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}]
@="MruPidlList"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
@="%SystemRoot%\system32\shdocvw.dll"
"ThreadingModel"="Apartment"


========== filefind ==========

Searching for "services.exe"
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe --a---- 111104 bytes [18:08 16/03/2011] [11:19 09/02/2009] 8816E60BF654353E8E0D35ED98875445
C:\WINDOWS\$NtUninstallKB956572$\services.exe -----c- 109056 bytes [05:21 17/03/2011] [12:00 15/04/2008] 3E3AE424E27C4CEFE4CAB368C7B570EA
C:\WINDOWS\ERDNT\cache\services.exe --a---- 111104 bytes [13:55 15/03/2012] [11:25 09/02/2009] 02A467E27AF55F7064C5B251E587315F
C:\WINDOWS\system32\services.exe --a---- 111104 bytes [12:00 15/04/2008] [11:25 09/02/2009] 02A467E27AF55F7064C5B251E587315F
C:\WINDOWS\system32\dllcache\services.exe --a--c- 111104 bytes [12:00 15/04/2008] [11:25 09/02/2009] 02A467E27AF55F7064C5B251E587315F

-= EOF =-[/log]

Gość
komentarz
komentarz

1. Uruchom AdwCleaner i kliknij [b]Uninstall[/b]

2. Uruchom OTL i kliknij [b]Sprzatanie[/b]. To usunie program i kwarantannę.

3. Wyczyść foldery [b]Przywracania systemu - instrukcja[/b] http://www.fixitpc.pl/topic/5-dezynfekcja-kroki-finalizujace-temat/page__p__42415#entry42415

4. Zdaj relacje jak uruchamia się system. Czy problem głowny nadal wystepuje?

[quote]Jest to ważne, bo mam problem z uruchamianiem komputera - co drugi raz nie ładuje systemu dalej jak ekran powitalny i tło pulpitu ;/[/quote]

nadir
komentarz
komentarz

Wszystko zrobione, krok po kroku. Od ok 24h komputer nie zacina się podczas uruchamiania.

Napisz mi proszę - w miarę zrozumiale - na czym polegały te wszystkie kroki oraz co odkryłeś w tych logach? Chodzi mi o informacje, co było nie tak z systemem i co robić by w przyszłości nie mieć takich zawieszek? Twoja poprzednia odpowiedź była w stylu [b]Zarova[/b], a ja wolę bardziej ludzkie podejście do użytkownika;)

Gość
komentarz
komentarz

Infekcji jako takiej nie było. System był zaśmiecony. Usuneliśmy troche pustych wpisów rejestru wyczyściliśmy pliki tymczasowe (Temp).
Przydałby ci się dobry program do defragmentacji dysku, np [b]Puran Defrag[/b]

[quote]Twoja poprzednia odpowiedź była w stylu [b]Zarova[/b][/quote]

Nie znam. Możesz przyblizyć postać ?

Odinstaluj [b]Skaner on-line mks_vir[/b]

nadir
komentarz
komentarz (edytowane)

[url="http://www.forumpc.pl/index.php?showuser=29"]http://www.forumpc.p...php?showuser=29[/url]

Dobry mod, junior admin i parę innych na serwisach około-komputerowych, paskudny człowiek ;) Malkontent, ekscentryk, neurotyk.


[quote name='squonk' timestamp='1339956409' post='1522748'] Odinstaluj Skaner on-line mks_vir [/quote]
jak tego dokonać?

Gość
komentarz
komentarz

[quote]jak tego dokonać? [/quote]

Powinien byc w panelu [b]Dodaj/usun programy[/b].

nadir
komentarz
komentarz

Pytam, ponieważ tam nie ma. To nie jest aplikacja a zapewne jedynie jakieś składniki starego silnika lub bazy, dzięki którym przeglądarka IE sprawdzała dane na dyskach.

Gość
komentarz
komentarz (edytowane)

W takim razie, nie ma nic do roboty.

Jest mały wpis po skanerze. Pobierz jeszce raz OTL, uruchom i w okno Własne opcje skanowania skrypt wklej

[code]:OTL
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.p...kanerOnline.cab (MksSkanerOnline Class)[/code]

Kliknij w [b]Wykonaj skrypt[/b]

  • Dobra wypowiedź 1
nadir
komentarz
komentarz

[log]
========== OTL ==========
Starting removal of ActiveX control {68282C51-9459-467B-95BF-3C0E89627E55}
C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{68282C51-9459-467B-95BF-3C0E89627E55}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68282C51-9459-467B-95BF-3C0E89627E55}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{68282C51-9459-467B-95BF-3C0E89627E55}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68282C51-9459-467B-95BF-3C0E89627E55}\ not found.

OTL by OldTimer - Version 3.2.53.0 log created on 06262012_062840
[/log]

Przepraszam za zwłokę.

Komputer tylko raz mi się zawiesił podczas uruchamiania [doszedł tym razem do logowania GmailNotify] a poza tym wszystko działa sprawnie i nawet szybko ;)

Dziękuję za pomoc.

Gość
komentarz
komentarz

Uruchom OTL i kliknij Sprzatanie.

[quote]Komputer tylko raz mi się zawiesił podczas uruchamiania [doszedł tym razem do logowania GmailNotify[/quote]

Czy to znaczy ze masz w autostarcie logowanie na Gmail? Czy też zawiesił sie przy logowaniu do Gmail?

nadir
komentarz
komentarz (edytowane)

Dziś zawiesił się z załadowaną tapetą i paskiem zadań z zegarem i chyba ikonką karty graficznej. Czas na zegarze nie aktualizował się. Trzeba było zrestartować.

[quote name='squonk' timestamp='1340684908' post='1527484'] Czy to znaczy ze masz w autostarcie logowanie na Gmail? Czy też zawiesił sie przy logowaniu do Gmail? [/quote]

w autostarcie [folderze menu start] mam tylko rocket dock, natomiast gmailnotify uruchamia się każdorazowo przy starcie systemu, podobnie jak konnekt oraz uTorrent i avast.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.