Internet przestaje działać po wyłączeniu laptopa.

**Posty:** 3 · przez **noffyoi** 18 Cze 2012, 14:13

Internet po wyłączeniu laptopa przestaje działać. Wtedy wchodzę na ip routera, daje test i można powiedzieć, że funkcjonuje jako tako. Podczas przeglądania stron nie widzę większych opóźnień. W grach kończy się to spadkiem fps i sekundowymi przycinkami, a w innych dokładnie widać przerwy, bo kończy się to odrazu dc. Problem mam od ponad tygodnia, robiłem przywracanie systemu i dwa razy spotkałem się z komunikatem o tym, że dzięki przywracaniu zwalczono krytyczny błąd systemu. Przy instalacji zauważyłem, że nie wykrywa routera, dopiero przy jednej z prób udało się go wykryć i skonfigurować. ale nie pamiętam co zrobiłem. Po wyłączeniu oczywiście problem powrócił.

dds

Kod: Zaznacz wszystko: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by menel at 13:06:23 on 2012-06-18 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1014.713 [GMT 2:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\svchost.exe -k bthsvcs D:\LogMeIn Hamachi\hamachi-2.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.neostrada.pl uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [SkyTel] SkyTel.EXE mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [LogMeIn Hamachi Ui] "d:\logmein hamachi\hamachi-2-ui.exe" --auto-start dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: Interfaces\{62343715-D808-4DB7-9B93-291D5A946E43} : DhcpNameServer = 192.168.1.1 Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\menel\dane aplikacji\mozilla\firefox\profiles\kvhrf2hc.default\ . ============= SERVICES / DRIVERS =============== . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-7-20 218592] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-12-28 21992] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\logmein hamachi\hamachi-2.exe [2012-2-28 1373576] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\menel\ustawi~1\temp\cfq3c.tmp --> c:\docume~1\menel\ustawi~1\temp\CFQ3C.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\d:\garena classic\safedrv.sys --> d:\garena classic\safedrv.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 129976] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 WinRing0_1_2_0;WinRing0_1_2_0;d:\downloads\iobit\game booster 3\driver\WinRing0.sys [2012-6-15 14416] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-06-17 14:33:11 -------- d-sha-r- C:\cmdcons 2012-06-17 14:31:31 98816 ----a-w- c:\windows\sed.exe 2012-06-17 14:31:31 518144 ----a-w- c:\windows\SWREG.exe 2012-06-17 14:31:31 256000 ----a-w- c:\windows\PEV.exe 2012-06-17 14:31:31 208896 ----a-w- c:\windows\MBR.exe 2012-06-16 17:50:23 1 ----a-w- c:\windows\system32\SI.bin 2012-06-16 17:50:09 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe 2012-06-14 22:30:49 180224 ----a-w- c:\windows\system32\igfxres.dll 2012-06-14 22:28:45 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll 2012-06-14 22:28:43 920088 ----a-w- c:\windows\system32\igxpun.exe 2012-06-14 22:28:35 -------- d-----w- C:\Intel 2012-06-12 15:01:28 -------- d-----w- c:\documents and settings\all users\dane aplikacji\IObit 2012-06-11 13:04:23 4227704 ----a-w- c:\windows\system32\GameMon.des 2012-06-11 13:04:04 5174 ----a-w- c:\windows\system32\nppt9x.vxd 2012-06-11 13:04:04 4682 ----a-w- c:\windows\system32\npptNT2.sys 2012-06-11 13:03:46 -------- d-----w- c:\program files\common files\INCA Shared 2012-06-11 12:31:17 -------- d-----w- c:\program files\BandiMPEG1 2012-06-11 11:35:57 -------- d-----w- C:\Netgear 2012-06-11 10:01:09 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-06-11 10:01:09 -------- d-----w- c:\windows\system32\wbem\Repository 2012-06-10 12:53:48 -------- d-----w- c:\documents and settings\all users\dane aplikacji\NexonUS 2012-06-10 08:54:38 73728 ----a-w- c:\windows\system32\RtNicProp32.dll 2012-06-10 08:54:38 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys 2012-06-10 08:32:58 304128 ----a-w- c:\windows\IsUninst.exe 2012-06-10 06:09:19 -------- d-----w- c:\windows\OPTIONS 2012-05-24 12:42:06 -------- d-----w- c:\documents and settings\menel\dane aplikacji\LolClient2 . ==================== Find3M ==================== . 2012-06-14 20:45:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-14 20:45:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe . ============= FINISH: 13:07:52,70 ===============

OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2012-06-18 12:48:58 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\menel\Moje dokumenty\Downloads Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1014,11 Mb Total Physical Memory | 645,69 Mb Available Physical Memory | 63,67% Memory free 2,38 Gb Paging File | 1,95 Gb Available in Paging File | 81,82% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 32,50 Gb Free Space | 66,56% Space Free | Partition Type: NTFS Drive D: | 62,95 Gb Total Space | 10,11 Gb Free Space | 16,06% Space Free | Partition Type: NTFS Computer Name: WODZU-79B760B20 | User Name: menel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-06-18 12:41:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\menel\Moje dokumenty\Downloads\OTL.exe PRC - [2012-05-15 16:37:08 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2012-02-28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- D:\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012-02-28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- D:\LogMeIn Hamachi\hamachi-2.exe PRC - [2010-02-09 18:38:56 | 003,465,384 | ---- | M] (Thorvald Natvig) -- D:\Mumble\mumble.exe PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-06-14 22:45:45 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll MOD - [2010-02-09 18:43:48 | 000,016,040 | ---- | M] () -- D:\Mumble\plugins\codmw2.dll MOD - [2010-02-09 18:43:46 | 000,017,064 | ---- | M] () -- D:\Mumble\plugins\bf2142.dll MOD - [2010-02-09 18:43:46 | 000,017,064 | ---- | M] () -- D:\Mumble\plugins\bf2.dll MOD - [2010-02-09 18:43:46 | 000,016,040 | ---- | M] () -- D:\Mumble\plugins\cod5.dll MOD - [2010-02-09 18:43:46 | 000,015,528 | ---- | M] () -- D:\Mumble\plugins\cod2.dll MOD - [2010-02-09 18:43:46 | 000,013,496 | ---- | M] () -- D:\Mumble\plugins\link.dll MOD - [2010-02-09 18:43:44 | 000,020,648 | ---- | M] () -- D:\Mumble\plugins\insurgency.dll MOD - [2010-02-09 18:43:44 | 000,018,088 | ---- | M] () -- D:\Mumble\plugins\lotro.dll MOD - [2010-02-09 18:43:44 | 000,017,064 | ---- | M] () -- D:\Mumble\plugins\bfheroes.dll MOD - [2010-02-09 18:43:44 | 000,016,552 | ---- | M] () -- D:\Mumble\plugins\codmw2so.dll MOD - [2010-02-09 18:43:44 | 000,015,528 | ---- | M] () -- D:\Mumble\plugins\bf1942.dll MOD - [2010-02-09 18:43:42 | 000,068,776 | ---- | M] () -- D:\Mumble\plugins\manual.dll MOD - [2010-02-09 18:43:42 | 000,020,648 | ---- | M] () -- D:\Mumble\plugins\gmod.dll MOD - [2010-02-09 18:43:42 | 000,020,648 | ---- | M] () -- D:\Mumble\plugins\dys.dll MOD - [2010-02-09 18:43:42 | 000,019,624 | ---- | M] () -- D:\Mumble\plugins\wow.dll MOD - [2010-02-09 18:43:42 | 000,017,064 | ---- | M] () -- D:\Mumble\plugins\ut3.dll MOD - [2010-02-09 18:43:42 | 000,017,064 | ---- | M] () -- D:\Mumble\plugins\ut2004.dll MOD - [2010-02-09 18:43:40 | 000,017,576 | ---- | M] () -- D:\Mumble\plugins\etqw.dll MOD - [2010-02-09 18:43:40 | 000,017,064 | ---- | M] () -- D:\Mumble\plugins\l4d2.dll MOD - [2010-02-09 18:43:40 | 000,016,552 | ---- | M] () -- D:\Mumble\plugins\aoc.dll MOD - [2010-02-09 18:43:38 | 000,020,648 | ---- | M] () -- D:\Mumble\plugins\css.dll MOD - [2010-02-09 18:43:38 | 000,020,136 | ---- | M] () -- D:\Mumble\plugins\tf2.dll MOD - [2010-02-09 18:43:38 | 000,016,040 | ---- | M] () -- D:\Mumble\plugins\wolfet.dll MOD - [2010-02-09 18:43:36 | 000,020,648 | ---- | M] () -- D:\Mumble\plugins\dods.dll MOD - [2010-02-09 18:43:34 | 000,020,648 | ---- | M] () -- D:\Mumble\plugins\hl2dm.dll MOD - [2010-02-09 18:43:34 | 000,017,064 | ---- | M] () -- D:\Mumble\plugins\l4d.dll MOD - [2010-02-09 18:43:32 | 000,017,576 | ---- | M] () -- D:\Mumble\plugins\cod4.dll MOD - [2010-02-09 18:38:58 | 002,348,200 | ---- | M] () -- D:\Mumble\speex.sse2.dll MOD - [2010-02-09 18:38:56 | 000,133,800 | ---- | M] () -- D:\Mumble\mumble_ol.dll MOD - [2010-02-09 18:38:56 | 000,121,000 | ---- | M] () -- D:\Mumble\celt0.0.7.0.sse2.dll MOD - [2010-02-01 16:09:40 | 007,679,656 | ---- | M] () -- D:\Mumble\QtGui4.dll MOD - [2010-02-01 16:09:38 | 002,116,264 | ---- | M] () -- D:\Mumble\QtCore4.dll MOD - [2010-01-30 14:33:34 | 001,034,408 | ---- | M] () -- D:\Mumble\libprotobuf.dll MOD - [2010-01-30 14:33:32 | 000,041,640 | ---- | M] () -- D:\Mumble\QtPlugins\iconengines\qsvgicon4.dll MOD - [2010-01-30 14:33:30 | 000,286,376 | ---- | M] () -- D:\Mumble\QtPlugins\imageformats\qtiff4.dll MOD - [2010-01-30 14:33:30 | 000,232,616 | ---- | M] () -- D:\Mumble\QtPlugins\imageformats\qmng4.dll MOD - [2010-01-30 14:33:30 | 000,129,192 | ---- | M] () -- D:\Mumble\QtPlugins\imageformats\qjpeg4.dll MOD - [2010-01-30 14:33:30 | 000,023,208 | ---- | M] () -- D:\Mumble\QtPlugins\imageformats\qsvg4.dll MOD - [2010-01-30 14:33:28 | 000,032,936 | ---- | M] () -- D:\Mumble\QtPlugins\imageformats\qico4.dll MOD - [2010-01-30 14:33:28 | 000,028,328 | ---- | M] () -- D:\Mumble\QtPlugins\imageformats\qgif4.dll MOD - [2010-01-30 14:33:22 | 000,327,336 | ---- | M] () -- D:\Mumble\QtXml4.dll MOD - [2010-01-30 14:33:20 | 000,643,752 | ---- | M] () -- D:\Mumble\QtSql4.dll MOD - [2010-01-30 14:33:20 | 000,267,944 | ---- | M] () -- D:\Mumble\QtSvg4.dll MOD - [2010-01-30 14:33:18 | 000,928,424 | ---- | M] () -- D:\Mumble\QtNetwork4.dll MOD - [2010-01-30 14:33:18 | 000,617,640 | ---- | M] () -- D:\Mumble\QtOpenGL4.dll MOD - [2009-12-14 07:33:12 | 001,758,720 | ---- | M] () -- D:\Mumble\libsndfile-1.dll MOD - [2009-11-05 22:12:32 | 002,359,296 | ---- | M] () -- D:\Mumble\libmysql.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-05-03 11:06:27 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-02-28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011-11-08 23:00:00 | 004,227,704 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Garena Classic\safedrv.sys -- (GGSAFERDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\menel\USTAWI~1\Temp\CFQ3C.tmp -- (GarenaPEngine) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2011-09-21 11:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2010-11-01 06:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- D:\Downloads\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0) DRV - [2010-03-29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2009-03-25 14:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-03-03 01:20:18 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2006-09-12 19:27:00 | 004,381,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2004-08-04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2003-08-04 14:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1220945662-299502267-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl IE - HKU\S-1-5-21-1220945662-299502267-839522115-1003\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1220945662-299502267-839522115-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-1220945662-299502267-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1220945662-299502267-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253 IE - HKU\S-1-5-21-1220945662-299502267-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Dane aplikacji\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Mozilla Firefox\components [2012-06-10 08:20:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Mozilla Firefox\plugins [2012-03-26 17:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\menel\Dane aplikacji\Mozilla\Extensions [2012-03-08 22:52:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\menel\Dane aplikacji\Mozilla\Firefox\extensions [2012-03-08 22:52:07 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\menel\Dane aplikacji\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2012-05-03 11:08:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\menel\Dane aplikacji\Mozilla\Firefox\Profiles\kvhrf2hc.default\extensions O1 HOSTS File: ([2012-06-17 16:50:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1220945662-299502267-839522115-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKU\S-1-5-21-1220945662-299502267-839522115-1003\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1220945662-299502267-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1220945662-299502267-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1220945662-299502267-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1220945662-299502267-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03) O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62343715-D808-4DB7-9B93-291D5A946E43}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\menel\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\menel\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-05-17 18:18:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-06-17 16:54:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012-06-17 16:33:11 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012-06-17 16:31:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012-06-17 16:31:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012-06-17 16:31:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012-06-17 16:31:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012-06-17 16:30:44 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-06-17 16:30:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\menel\Menu Start\Programy\Narzędzia administracyjne [2012-06-17 16:30:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012-06-16 19:57:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\menel\Moje dokumenty\My Games [2012-06-16 19:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Ubisoft [2012-06-15 00:30:49 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll [2012-06-15 00:28:43 | 000,920,088 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\igxpun.exe [2012-06-15 00:28:35 | 000,000,000 | ---D | C] -- C:\Intel [2012-06-15 00:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Game Booster 3 [2012-06-12 17:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit [2012-06-11 15:04:23 | 004,227,704 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des [2012-06-11 15:04:04 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys [2012-06-11 15:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared [2012-06-11 14:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\BandiMPEG1 [2012-06-11 13:35:57 | 000,000,000 | ---D | C] -- C:\Netgear [2012-06-10 14:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\menel\Menu Start\Programy\Nexon [2012-06-10 14:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonUS [2012-06-10 13:35:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\menel\Recent [2012-06-10 12:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\NewFeature1 [2012-06-10 10:54:38 | 000,130,432 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtnicxp.sys [2012-06-10 10:32:58 | 000,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe [2012-06-10 10:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\menel\Moje dokumenty\Nowy folder [2012-06-10 08:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\menel\Moje dokumenty\PCI_Driver_XP_5719_03162012 [2012-06-10 08:09:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS [2012-06-10 08:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\menel\Moje dokumenty\PCI_InstallShield_5649_060719 [2012-05-24 14:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\menel\Dane aplikacji\LolClient2 [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-06-18 11:31:21 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics [2012-06-18 11:31:05 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job [2012-06-18 11:30:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-06-18 00:25:36 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat [2012-06-17 16:50:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012-06-17 16:33:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012-06-17 12:17:17 | 000,000,462 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{785B119A-4670-4A84-A446-5E32D6618592}.job [2012-06-16 19:55:10 | 000,001,090 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Heroes of Might and Magic V - Tribes of the East.lnk [2012-06-16 19:50:23 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\SI.bin [2012-06-16 19:35:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-06-15 20:42:50 | 000,003,650 | ---- | M] () -- C:\Documents and Settings\menel\Moje dokumenty\cc_20120615_204246.reg [2012-06-15 19:28:17 | 000,005,996 | ---- | M] () -- C:\Documents and Settings\menel\Pulpit\Router_Setup.html [2012-06-14 22:45:45 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012-06-14 22:45:45 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012-06-13 11:36:43 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\menel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-06-10 14:54:11 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\menel\Pulpit\Atlantica Online.lnk [2012-06-10 13:37:18 | 000,038,516 | ---- | M] () -- C:\Documents and Settings\menel\Moje dokumenty\cc_20120610_133705.reg [2012-06-10 12:17:23 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\menel\Pulpit\Play League of Legends.lnk [2012-06-09 21:07:44 | 000,045,194 | ---- | M] () -- C:\Documents and Settings\menel\Dane aplikacji\room_v3.dat [2012-05-24 20:47:46 | 000,004,885 | ---- | M] () -- C:\Documents and Settings\menel\.recently-used.xbel [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-06-17 16:33:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012-06-17 16:33:13 | 000,262,400 | RHS- | C] () -- C:\cmldr [2012-06-17 16:31:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012-06-17 16:31:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012-06-17 16:31:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012-06-17 16:31:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012-06-17 16:31:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012-06-16 19:55:10 | 000,001,090 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Heroes of Might and Magic V - Tribes of the East.lnk [2012-06-16 19:50:23 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SI.bin [2012-06-15 20:42:49 | 000,003,650 | ---- | C] () -- C:\Documents and Settings\menel\Moje dokumenty\cc_20120615_204246.reg [2012-06-15 19:28:18 | 000,000,172 | R--- | C] () -- C:\Documents and Settings\menel\Pulpit\Router Login.url [2012-06-15 19:28:15 | 000,005,996 | ---- | C] () -- C:\Documents and Settings\menel\Pulpit\Router_Setup.html [2012-06-15 00:33:53 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\Game_Booster_Au\Mumble\plugins\cod2Kernel | On_Demand | Stopped\WINDOWS\System32\igxpuntoUpdate.job [2012-06-15 00:28:45 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2012-06-11 15:04:04 | 000,005,174 | ---- | C] () -- C:\WINDOWS\Syste () -- Dexe (Microsoexe PRC - 40 | 000,016,552 | ---- | Mbingft Corporasys 2012-06-11 132009-12-14 07tion) O24 - Dsys 2012-06-11 13bingesktop Componentsexe m32\nppt9x.vxd [2012-06-10 14:54:11 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\menel\Pulpit\Atlantica Online.lnk [2012-06-10 13:37:13 | 000,038,516 | ---- | C] () -- C:\Documents and Settings\menel\Moje dokumenty\cc_20120610_133705.reg [2012-06-10 12:17:23 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\menel\Pulpit\Play League of Legends.lnk [2012-06-10 10:54:38 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2012-06-07 19:25:03 | 000,238,784 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1220945662-299502267-839522115-1003-0.dat [2012-06-06 23:33:23 | 000,132,738 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat [2012-05-24 20:47:46 | 000,004,885 | ---- | C] () -- C:\Documents and Settings\menel\.recently-used.xbel [2012-03-25 11:26:43 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012-03-08 20:54:15 | 000,045,194 | ---- | C] () -- C:\Documents and Settings\menel\Dane aplikacji\room_v3.dat [2011-12-27 23:14:27 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011-12-27 23:14:27 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011-06-18 01:50:35 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat [2010-07-23 23:51:20 | 000,000,056 | ---- | C] () -- C:\WINDOWS\SpeederXP.INI [color=#E56717]========== LOP Check ==========[/color] [2011-09-02 20:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2012-06-12 17:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit [2012-06-10 21:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonUS [2011-09-02 20:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2012-06-18 12:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2012-03-08 17:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tarma Installer [2010-06-07 12:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menel\Dane aplikacji\ArcaVirMicroScan [2012-03-25 18:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menel\Dane aplikacji\avidemux [2012-04-24 20:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menel\Dane aplikacji\DMCache [2012-05-22 17:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menel\Dane aplikacji\gtk-2.0 [2011-12-28 14:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menel\Dane aplikacji\InterTrust [2011-12-30 08:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menel\Dane aplikacji\IObit [2012-03-07 21:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menel\Dane aplikacji\LolClient [2012-05-24 14:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menel\Dane aplikacji\LolClient2 [2012-06-18 12:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menel\Dane aplikacji\Mumble [2010-05-17 20:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menel\Dane aplikacji\Nowe Gadu-Gadu [2012-03-10 18:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menel\Dane aplikacji\OpenOffice.org [2010-05-18 19:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menel\Dane aplikacji\Opera [2011-09-02 20:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menel\Dane aplikacji\PC Suite [2012-06-17 12:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\menel\Dane aplikacji\uTorrent [2012-06-18 11:31:05 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_AutoUpdate.job [2012-06-17 12:17:17 | 000,000,462 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{785B119A-4670-4A84-A446-5E32D6618592}.job [color=#E56717]========== Purity Check ==========[/color] < End of report >

combofix

Kod: Zaznacz wszystko: ComboFix 12-06-16.02 - menel 2012-06-17 16:35:15.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1014.460 [GMT 2:00] Uruchomiony z: c:\documents and settings\menel\Moje dokumenty\Downloads\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\TEMP c:\documents and settings\All Users\Dane aplikacji\TEMP\DFC5A2B2.TMP c:\documents and settings\menel\.tmp c:\documents and settings\menel\Moje dokumenty\PCI_InstallShield_5649_060719\_desktop.ini c:\documents and settings\menel\Moje dokumenty\PCI_InstallShield_5649_060719\WIN2000\_desktop.ini c:\documents and settings\menel\Moje dokumenty\PCI_InstallShield_5649_060719\WIN98SE\_desktop.ini c:\documents and settings\menel\Moje dokumenty\PCI_InstallShield_5649_060719\WINME\_desktop.ini c:\documents and settings\menel\Moje dokumenty\PCI_InstallShield_5649_060719\WINXP\_desktop.ini c:\documents and settings\menel\WINDOWS c:\windows\IsUn0415.exe c:\windows\l33td.ini c:\windows\system.txt c:\windows\system\iexplore.exe c:\windows\System\iexplore.txt c:\windows\system\iexplore.txt2 c:\windows\system\smss.exe c:\windows\System\smss.txt c:\windows\system\smss.txt2 c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\dt c:\windows\system32\dt\2010-06-06_14-11-48-5241078 c:\windows\system32\dt\th_2010-06-06_14-11-48-5241078 c:\windows\system32\SET117.tmp c:\windows\system32\SET11C.tmp c:\windows\system32\SET123.tmp c:\windows\system32\SET16B.tmp c:\windows\system32\SETB.tmp c:\windows\system32\system.txt c:\windows\system32\web.dat d:\xvid\CheckUpdate.exe . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_POWERMANAGER . . ((((((((((((((((((((((((( Pliki utworzone od 2012-05-17 do 2012-06-17 ))))))))))))))))))))))))))))))) . . 2012-06-16 17:50 . 2012-06-16 17:50 1 ----a-w- c:\windows\system32\SI.bin 2012-06-16 17:50 . 2007-09-19 09:27 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2012-06-14 22:30 . 2008-02-15 10:49 180224 ----a-w- c:\windows\system32\igfxres.dll 2012-06-14 22:28 . 2008-02-15 11:21 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll 2012-06-14 22:28 . 2008-03-07 10:56 920088 ----a-w- c:\windows\system32\igxpun.exe 2012-06-14 22:28 . 2012-06-14 22:28 -------- d-----w- C:\Intel 2012-06-12 15:01 . 2012-06-12 15:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\IObit 2012-06-11 13:04 . 2011-11-08 21:00 4227704 ----a-w- c:\windows\system32\GameMon.des 2012-06-11 13:04 . 2005-01-04 00:43 4682 ----a-w- c:\windows\system32\npptNT2.sys 2012-06-11 13:04 . 2003-07-20 09:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd 2012-06-11 13:03 . 2012-06-11 13:03 -------- d-----w- c:\program files\Common Files\INCA Shared 2012-06-11 12:31 . 2012-06-11 12:31 -------- d-----w- c:\program files\BandiMPEG1 2012-06-11 11:35 . 2012-06-15 17:28 -------- d-----w- C:\Netgear 2012-06-11 10:01 . 2012-06-11 10:01 -------- d-----w- c:\windows\system32\wbem\Repository 2012-06-10 12:53 . 2012-06-10 19:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NexonUS 2012-06-10 08:54 . 2009-03-25 12:29 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys 2012-06-10 08:54 . 2009-03-03 18:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll 2012-06-10 08:32 . 1998-01-23 10:22 304128 ----a-w- c:\windows\IsUninst.exe 2012-06-10 06:09 . 2012-06-10 06:09 -------- d-----w- c:\windows\OPTIONS 2012-05-24 12:42 . 2012-05-24 12:42 -------- d-----w- c:\documents and settings\menel\Dane aplikacji\LolClient2 . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-14 20:45 . 2012-03-29 05:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-14 20:45 . 2011-12-30 16:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}] 2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Xvid"="d:\xvid\CheckUpdate.exe" [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] "LogMeIn Hamachi Ui"="d:\logmein hamachi\hamachi-2-ui.exe" [2012-02-28 1987976] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^menel^Menu Start^Programy^Autostart^OpenOffice.org 3.2.lnk] path=c:\documents and settings\menel\Menu Start\Programy\Autostart\OpenOffice.org 3.2.lnk backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^menel^Menu Start^Programy^Autostart^Registration Heroes of Might & Magic 5 - Tribes of the East.LNK] path=c:\documents and settings\menel\Menu Start\Programy\Autostart\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK backup=c:\windows\pss\Registration Heroes of Might & Magic 5 - Tribes of the East.LNKStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChomikBox] 2012-02-22 15:27 5951488 ----a-w- d:\chomikbox\chomikbox.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2012-06-04 10:48 880528 ----a-w- d:\utorrent\uTorrent.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "d:\\Warcraft III\\Warcraft III.exe"= "d:\\Garena Classic\\Garena.exe"= "d:\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonUS\\NGM\\NGM.exe"= "d:\\Ubisoft\\Heroes of Might and Magic V - Tribes of the East\\Heroes of Might and Magic V - Tribes of the East\\bin\\H5_Game.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58714:TCP"= 58714:TCP:Pando Media Booster "58714:UDP"= 58714:UDP:Pando Media Booster "59096:TCP"= 59096:TCP:Pando Media Booster "59096:UDP"= 59096:UDP:Pando Media Booster . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-07-20 218592] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-12-28 21992] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\logmein hamachi\hamachi-2.exe [2012-02-28 1373576] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\menel\USTAWI~1\Temp\CFQ3C.tmp --> c:\docume~1\menel\USTAWI~1\Temp\CFQ3C.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\d:\garena classic\safedrv.sys --> d:\garena classic\safedrv.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 WinRing0_1_2_0;WinRing0_1_2_0;d:\downloads\IObit\Game Booster 3\Driver\WinRing0.sys [2012-06-15 14416] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] . Zawartość folderu 'Zaplanowane zadania' . 2012-06-17 c:\windows\Tasks\Game_Booster_AutoUpdate.job - d:\downloads\IObit\Game Booster 3\AutoUpdate.exe [2012-06-14 09:21] . 2012-06-17 c:\windows\Tasks\User_Feed_Synchronization-{785B119A-4670-4A84-A446-5E32D6618592}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.neostrada.pl TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\menel\Dane aplikacji\Mozilla\Firefox\Profiles\kvhrf2hc.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . WebBrowser-{E3AAF71E-B295-4156-AE11-777237A1DB3C} - (no file) HKCU-Run-Xvid - d:\xvid\CheckUpdate.exe HKLM-Run-l33t - c:\windows\system\iexplore.exe AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0415.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-17 16:50 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . detected NTDLL code modification: ZwEnumerateValueKey, ZwQueryDirectoryFile . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run Rjgkgb = c:\documents and settings\menel\Dane aplikacji\Rjgkgb.exe . skanowanie ukrytych plików ... . . c:\documents and settings\menel\Dane aplikacji\Rjgkgb.exe 237568 bytes executable . skanowanie pomyślnie ukończone ukryte pliki: 1 . ************************************************************************** . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Rjgkgb"="c:\\Documents and Settings\\menel\\Dane aplikacji\\Rjgkgb.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\menel\USTAWI~1\Temp\CFQ3C.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):95,f2,70,ec,d1,bf,47,8a,a2,5e,97,17,39,98,d4,cb,91,4e,b5,98,1b, fe,9d,b6,21,e6,aa,13,14,09,e3,c5,8e,73,e1,70,b4,8f,57,ce,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7457386a-2090-4f1a-8814-42225102e6cc}] @Denied: (Full) (Everyone) "Model"=dword:00000072 "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\ . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(824) c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(2500) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll . - - - - - - - > 'csrss.exe'(800) c:\windows\system32\WININET.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\RTHDCPL.EXE c:\windows\system32\rundll32.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2012-06-17 16:54:01 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-06-17 14:53 . Przed: 34 875 179 008 bajtów wolnych Po: 34 904 866 816 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - B53B4A419BE14968C6EEEBFAD775AED5

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-18 13:53:02 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e TOSHIBA_MK1237GSX rev.DL130G Running: m7t9yoeu.exe; Driver: C:\DOCUME~1\menel\USTAWI~1\Temp\kfadaaoc.sys ---- Kernel code sections - GMER 1.0.15 ---- ? C:\DOCUME~1\menel\USTAWI~1\Temp\mbr.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[368] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 018623F0 .text C:\WINDOWS\Explorer.EXE[368] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01862690 .text C:\WINDOWS\Explorer.EXE[368] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0186D2AA .text C:\WINDOWS\Explorer.EXE[368] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0186D166 .text C:\WINDOWS\Explorer.EXE[368] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 018611C0 .text C:\WINDOWS\Explorer.EXE[368] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01861400 .text C:\WINDOWS\Explorer.EXE[368] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 01862350 .text C:\WINDOWS\Explorer.EXE[368] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01861000 .text C:\WINDOWS\Explorer.EXE[368] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 018610A0 .text C:\WINDOWS\Explorer.EXE[368] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 018622F0 .text C:\WINDOWS\Explorer.EXE[368] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 01862D00 .text C:\WINDOWS\Explorer.EXE[368] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 01862B60 .text C:\WINDOWS\Explorer.EXE[368] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 01861EA0 .text C:\WINDOWS\Explorer.EXE[368] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 01861C40 .text C:\WINDOWS\Explorer.EXE[368] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 01862100 .text C:\WINDOWS\Explorer.EXE[368] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 01861B60 .text C:\WINDOWS\Explorer.EXE[368] WS2_32.dll!send 71A5428A 5 Bytes JMP 01862E60 .text C:\WINDOWS\RTHDCPL.EXE[568] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 045C23F0 .text C:\WINDOWS\RTHDCPL.EXE[568] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 045C2690 .text C:\WINDOWS\RTHDCPL.EXE[568] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 045CD2AA .text C:\WINDOWS\RTHDCPL.EXE[568] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 045CD166 .text C:\WINDOWS\RTHDCPL.EXE[568] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 045C11C0 .text C:\WINDOWS\RTHDCPL.EXE[568] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 045C1400 .text C:\WINDOWS\RTHDCPL.EXE[568] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 045C2350 .text C:\WINDOWS\RTHDCPL.EXE[568] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 045C1000 .text C:\WINDOWS\RTHDCPL.EXE[568] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 045C10A0 .text C:\WINDOWS\RTHDCPL.EXE[568] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 045C22F0 .text C:\WINDOWS\RTHDCPL.EXE[568] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 045C2D00 .text C:\WINDOWS\RTHDCPL.EXE[568] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 045C2B60 .text C:\WINDOWS\RTHDCPL.EXE[568] WININET.dll!HttpSendRequestW 3FD0FABE 3 Bytes JMP 045C1EA0 .text C:\WINDOWS\RTHDCPL.EXE[568] WININET.dll!HttpSendRequestW + 4 3FD0FAC2 1 Byte [C4] .text C:\WINDOWS\RTHDCPL.EXE[568] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 045C1C40 .text C:\WINDOWS\RTHDCPL.EXE[568] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 045C2100 .text C:\WINDOWS\RTHDCPL.EXE[568] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 045C1B60 .text C:\WINDOWS\RTHDCPL.EXE[568] WS2_32.dll!send 71A5428A 5 Bytes JMP 045C2E60 .text C:\WINDOWS\system32\rundll32.exe[612] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B923F0 .text C:\WINDOWS\system32\rundll32.exe[612] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B92690 .text C:\WINDOWS\system32\rundll32.exe[612] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B9D2AA .text C:\WINDOWS\system32\rundll32.exe[612] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00B9D166 .text C:\WINDOWS\system32\rundll32.exe[612] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B911C0 .text C:\WINDOWS\system32\rundll32.exe[612] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B91400 .text C:\WINDOWS\system32\rundll32.exe[612] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00B92350 .text C:\WINDOWS\system32\rundll32.exe[612] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00B91000 .text C:\WINDOWS\system32\rundll32.exe[612] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00B910A0 .text C:\WINDOWS\system32\rundll32.exe[612] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00B922F0 .text C:\WINDOWS\system32\rundll32.exe[612] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 00B92D00 .text C:\WINDOWS\system32\rundll32.exe[612] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 00B92B60 .text C:\WINDOWS\system32\rundll32.exe[612] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00B91EA0 .text C:\WINDOWS\system32\rundll32.exe[612] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00B91C40 .text C:\WINDOWS\system32\rundll32.exe[612] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00B92100 .text C:\WINDOWS\system32\rundll32.exe[612] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 00B91B60 .text C:\WINDOWS\system32\rundll32.exe[612] WS2_32.dll!send 71A5428A 5 Bytes JMP 00B92E60 .text C:\WINDOWS\system32\igfxtray.exe[628] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 010623F0 .text C:\WINDOWS\system32\igfxtray.exe[628] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01062690 .text C:\WINDOWS\system32\igfxtray.exe[628] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0106D2AA .text C:\WINDOWS\system32\igfxtray.exe[628] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0106D166 .text C:\WINDOWS\system32\igfxtray.exe[628] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 010611C0 .text C:\WINDOWS\system32\igfxtray.exe[628] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01061400 .text C:\WINDOWS\system32\igfxtray.exe[628] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 01062350 .text C:\WINDOWS\system32\igfxtray.exe[628] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01061000 .text C:\WINDOWS\system32\igfxtray.exe[628] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 010610A0 .text C:\WINDOWS\system32\igfxtray.exe[628] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 010622F0 .text C:\WINDOWS\system32\igfxtray.exe[628] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 01062D00 .text C:\WINDOWS\system32\igfxtray.exe[628] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 01062B60 .text C:\WINDOWS\system32\igfxtray.exe[628] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 01061EA0 .text C:\WINDOWS\system32\igfxtray.exe[628] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 01061C40 .text C:\WINDOWS\system32\igfxtray.exe[628] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 01062100 .text C:\WINDOWS\system32\igfxtray.exe[628] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 01061B60 .text C:\WINDOWS\system32\igfxtray.exe[628] WS2_32.dll!send 71A5428A 5 Bytes JMP 01062E60 .text C:\WINDOWS\system32\hkcmd.exe[636] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00D323F0 .text C:\WINDOWS\system32\hkcmd.exe[636] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D32690 .text C:\WINDOWS\system32\hkcmd.exe[636] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00D3D2AA .text C:\WINDOWS\system32\hkcmd.exe[636] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00D3D166 .text C:\WINDOWS\system32\hkcmd.exe[636] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D311C0 .text C:\WINDOWS\system32\hkcmd.exe[636] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00D31400 .text C:\WINDOWS\system32\hkcmd.exe[636] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00D32350 .text C:\WINDOWS\system32\hkcmd.exe[636] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00D31000 .text C:\WINDOWS\system32\hkcmd.exe[636] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00D310A0 .text C:\WINDOWS\system32\hkcmd.exe[636] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00D322F0 .text C:\WINDOWS\system32\hkcmd.exe[636] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 00D32D00 .text C:\WINDOWS\system32\hkcmd.exe[636] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 00D32B60 .text C:\WINDOWS\system32\hkcmd.exe[636] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00D31EA0 .text C:\WINDOWS\system32\hkcmd.exe[636] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00D31C40 .text C:\WINDOWS\system32\hkcmd.exe[636] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00D32100 .text C:\WINDOWS\system32\hkcmd.exe[636] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 00D31B60 .text C:\WINDOWS\system32\hkcmd.exe[636] WS2_32.dll!send 71A5428A 5 Bytes JMP 00D32E60 .text C:\WINDOWS\system32\igfxpers.exe[648] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C723F0 .text C:\WINDOWS\system32\igfxpers.exe[648] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C72690 .text C:\WINDOWS\system32\igfxpers.exe[648] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C7D2AA .text C:\WINDOWS\system32\igfxpers.exe[648] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00C7D166 .text C:\WINDOWS\system32\igfxpers.exe[648] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C711C0 .text C:\WINDOWS\system32\igfxpers.exe[648] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00C71400 .text C:\WINDOWS\system32\igfxpers.exe[648] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00C72350 .text C:\WINDOWS\system32\igfxpers.exe[648] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00C71000 .text C:\WINDOWS\system32\igfxpers.exe[648] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00C710A0 .text C:\WINDOWS\system32\igfxpers.exe[648] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00C722F0 .text C:\WINDOWS\system32\igfxpers.exe[648] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 00C72D00 .text C:\WINDOWS\system32\igfxpers.exe[648] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 00C72B60 .text C:\WINDOWS\system32\igfxpers.exe[648] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00C71EA0 .text C:\WINDOWS\system32= 58714\igfxpers.exe[648] WININET.dll!HttpSendRequestA 2007-09-19 09text C 3FD1EE89 5 Bytes JMP 00C71C40 .text C:\WINDOWS\system32\igfxpers.exe[648] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00C72100 .text C:\WINDOWS\system32\igfxpers.exe[648] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 00C71B60 .text C:\WINDOWS\system32\igfxpers.exe[648] WS2_32.dll!send 71A5428A 5 Bytes JMP 00C72E60 .text C:\WINDOWS\system32\igfxsrvc.exe[688] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 010523F0 .text C:\WINDOWS\system32\igfxsrvc.exe[688] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01052690 .text C:\WINDOWS\system32\igfxsrvc.exe[688] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0105D2AA .text C:\WINDOWS\system32\igfxsrvc.exe[688] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0105D166 .text C:\WINDOWS\system32\igfxsrvc.exe[688] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 010511C0 .text C:\WINDOWS\system32\igfxsrvc.exe[688] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01051400 .text C:\WINDOWS\system32\igfxsrvc.exe[688] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 01052350 .text C:\WINDOWS\system32\igfxsrvc.exe[688] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01051000 .text C:\WINDOWS\system32\igfxsrvc.exe[688] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 010510A0 .text C:\WINDOWS\system32\igfxsrvc.exe[688] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 010522F0 .text C:\WINDOWS\system32\igfxsrvc.exe[688] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 01052D00 .text C:\WINDOWS\system32\igfxsrvc.exe[688] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 01052B60 .text C:\WINDOWS\system32\igfxsrvc.exe[688] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 01051EA0 .text C:\WINDOWS\system32\igfxsrvc.exe[688] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 01051C40 .text C:\WINDOWS\system32\igfxsrvc.exe[688] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 01052100 .text C:\WINDOWS\system32\igfxsrvc.exe[688] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 01051B60 .text C:\WINDOWS\system32\igfxsrvc.exe[688] WS2_32.dll!send 71A5428A 5 Bytes JMP 01052E60 .text C:\WINDOWS\system32\csrss.exe[788] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 010923F0 .text C:\WINDOWS\system32\csrss.exe[788] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01092690 .text C:\WINDOWS\system32\csrss.exe[788] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0109D2AA .text C:\WINDOWS\system32\csrss.exe[788] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0109D166 .text C:\WINDOWS\system32\csrss.exe[788] KERNEL32.dll!CreateFileA 7C801A24 5 Bytes JMP 010911C0 .text C:\WINDOWS\system32\csrss.exe[788] KERNEL32.dll!CreateFileW 7C810770 5 Bytes JMP 01091400 .text C:\WINDOWS\system32\csrss.exe[788] KERNEL32.dll!MoveFileW 7C821271 5 Bytes JMP 01092350 .text C:\WINDOWS\system32\csrss.exe[788] KERNEL32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01091000 .text C:\WINDOWS\system32\csrss.exe[788] KERNEL32.dll!CopyFileW 7C82F88F 5 Bytes JMP 010910A0 .text C:\WINDOWS\system32\csrss.exe[788] KERNEL32.dll!MoveFileA 7C835ED7 5 Bytes JMP 010922F0 .text C:\WINDOWS\system32\csrss.exe[788] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 01092D00 .text C:\WINDOWS\system32\csrss.exe[788] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 01092B60 .text C:\WINDOWS\system32\csrss.exe[788] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 01091EA0 .text C:\WINDOWS\system32\csrss.exe[788] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 01091C40 .text C:\WINDOWS\system32\csrss.exe[788] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 01092100 .text C:\WINDOWS\system32\csrss.exe[788] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 01091B60 .text C:\WINDOWS\system32\csrss.exe[788] WS2_32.dll!send 71A5428A 5 Bytes JMP 01092E60 .text C:\WINDOWS\system32\winlogon.exe[820] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 011223F0 .text C:\WINDOWS\system32\winlogon.exe[820] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01122690 .text C:\WINDOWS\system32\winlogon.exe[820] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0112D2AA .text C:\WINDOWS\system32\winlogon.exe[820] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0112D166 .text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011211C0 .text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01121400 .text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 01122350 .text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01121000 .text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 011210A0 .text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 011222F0 .text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 01122D00 .text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 01122B60 .text C:\WINDOWS\system32\winlogon.exe[820] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 01121B60 .text C:\WINDOWS\system32\winlogon.exe[820] WS2_32.dll!send 71A5428A 5 Bytes JMP 01122E60 .text C:\WINDOWS\system32\winlogon.exe[820] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 01121EA0 .text C:\WINDOWS\system32\winlogon.exe[820] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 01121C40 .text C:\WINDOWS\system32\winlogon.exe[820] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 01122100 .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00F423F0 .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00F42690 .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00F4D2AA .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00F4D166 .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F411C0 .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00F41400 .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00F42350 .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00F41000 .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00F410A0 .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00F422F0 .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 00F42D00 .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 00F42B60 .text C:\WINDOWS\system32\services.exe[864] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 00F41B60 .text C:\WINDOWS\system32\services.exe[864] WS2_32.dll!send 71A5428A 5 Bytes JMP 00F42E60 .text C:\WINDOWS\system32\services.exe[864] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00F41EA0 .text C:\WINDOWS\system32\services.exe[864] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00F41C40 .text C:\WINDOWS\system32\services.exe[864] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00F42100 .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 008823F0 .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00882690 .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0088D2AA .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0088D166 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008811C0 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00881400 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00882350 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00881000 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 008810A0 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 008822F0 .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 00882D00 .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 00882B60 .text C:\WINDOWS\system32\svchost.exe[1052] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 00881B60 .text C:\WINDOWS\system32\svchost.exe[1052] WS2_32.dll!send 71A5428A 5 Bytes JMP 00882E60 .text C:\WINDOWS\system32\svchost.exe[1052] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00881EA0 .text C:\WINDOWS\system32\svchost.exe[1052] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00881C40 .text C:\WINDOWS\system32\svchost.exe[1052] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00882100 .text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A23F0 .text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A2690 .text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000AD2AA .text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000AD166 .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 000A1400 .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 000A2350 .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 000A1000 .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000A10A0 .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000A22F0 .text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 000A2D00 .text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 000A2B60 .text C:\WINDOWS\System32\svchost.exe[1060] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 000A1EA0 .text C:\WINDOWS\System32\svchost.exe[1060] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 000A1C40 .text C:\WINDOWS\System32\svchost.exe[1060] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 000A2100 .text C:\WINDOWS\System32\svchost.exe[1060] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 000A1B60 .text C:\WINDOWS\System32\svchost.exe[1060] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A2E60 .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009F23F0 .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009F2690 .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009FD2AA .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 009FD166 .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009F11C0 .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009F1400 .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 009F2350 .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 009F1000 .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 009F10A0 .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 009F22F0 .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 009F2D00 .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 009F2B60 .text C:\WINDOWS\system32\svchost.exe[1120] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 009F1B60 .text C:\WINDOWS\system32\svchost.exe[1120] WS2_32.dll!send 71A5428A 5 Bytes JMP 009F2E60 .text C:\WINDOWS\system32\svchost.exe[1120] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 009F1EA0 .text C:\WINDOWS\system32\svchost.exe[1120] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 009F1C40 .text C:\WINDOWS\system32\svchost.exe[1120] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 009F2100 .text C:\WINDOWS\system32\wscntfy.exe[1212] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A23F0 .text C:\WINDOWS\system32\wscntfy.exe[1212] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A2690 .text C:\WINDOWS\system32\wscntfy.exe[1212] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000AD2AA .text C:\WINDOWS\system32\wscntfy.exe[1212] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000AD166 .text C:\WINDOWS\system32\wscntfy.exe[1212] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\wscntfy.exe[1212] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 000A1400 .text C:\WINDOWS\system32\wscntfy.exe[1212] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 000A2350 .text C:\WINDOWS\system32\wscntfy.exe[1212] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\wscntfy.exe[1212] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\wscntfy.exe[1212] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000A22F0 .text C:\WINDOWS\system32\wscntfy.exe[1212] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 000A2D00 .text C:\WINDOWS\system32\wscntfy.exe[1212] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 000A2B60 .text C:\WINDOWS\system32\wscntfy.exe[1212] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 000A1EA0 .text C:\WINDOWS\system32\wscntfy.exe[1212] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 000A1C40 .text C:\WINDOWS\system32\wscntfy.exe[1212] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 000A2100 .text C:\WINDOWS\system32\wscntfy.exe[1212] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 000A1B60 .text C:\WINDOWS\system32\wscntfy.exe[1212] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A2E60 .text C:\WINDOWS\system32\wdfmgr.exe[1332] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000923F0 .text C:\WINDOWS\system32\wdfmgr.exe[1332] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00092690 .text C:\WINDOWS\system32\wdfmgr.exe[1332] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0009D2AA .text C:\WINDOWS\system32\wdfmgr.exe[1332] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0009D166 .text C:\WINDOWS\system32\wdfmgr.exe[1332] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000911C0 .text C:\WINDOWS\system32\wdfmgr.exe[1332] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00091400 .text C:\WINDOWS\system32\wdfmgr.exe[1332] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00092350 .text C:\WINDOWS\system32\wdfmgr.exe[1332] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00091000 .text C:\WINDOWS\system32\wdfmgr.exe[1332] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000910A0 .text C:\WINDOWS\system32\wdfmgr.exe[1332] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000922F0 .text C:\WINDOWS\system32\wdfmgr.exe[1332] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 00092D00 .text C:\WINDOWS\system32\wdfmgr.exe[1332] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 00092B60 .text C:\WINDOWS\system32\wdfmgr.exe[1332] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00091EA0 .text C:\WINDOWS\system32\wdfmgr.exe[1332] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00091C40 .text C:\WINDOWS\system32\wdfmgr.exe[1332] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00092100 .text C:\WINDOWS\system32\wdfmgr.exe[1332] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 00091B60 .text C:\WINDOWS\system32\wdfmgr.exe[1332] WS2_32.dll!send 71A5428A 5 Bytes JMP 00092E60 .text C:\WINDOWS\System32\svchost.exe[1472] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 008523F0 .text C:\WINDOWS\System32\svchost.exe[1472] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00852690 .text C:\WINDOWS\System32\svchost.exe[1472] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0085D2AA .text C:\WINDOWS\System32\svchost.exe[1472] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0085D166 .text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008511C0 .text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00851400 .text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00852350 .text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00851000 .text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 008510A0 .text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 008522F0 .text C:\WINDOWS\System32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 00852D00 .text C:\WINDOWS\System32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 00852B60 .text C:\WINDOWS\System32\svchost.exe[1472] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 00851B60 .text C:\WINDOWS\System32\svchost.exe[1472] WS2_32.dll!send 71A5428A 5 Bytes JMP 00852E60 .text C:\WINDOWS\System32\svchost.exe[1472] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00851EA0 .text C:\WINDOWS\System32\svchost.exe[1472] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00851C40 .text C:\WINDOWS\System32\svchost.exe[1472] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00852100 .text C:\Documents and Settings\menel\Moje dokumenty\Downloads\m7t9yoeu.exe[1564] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 001623F0 .text C:\Documents and Settings\menel\Moje dokumenty\Downloads\m7t9yoeu.exe[1564] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00162690 .text C:\Documents and Settings\menel\Moje dokumenty\Downloads\m7t9yoeu.exe[1564] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0016D2AA .text C:\Documents and Settings\menel\Moje dokumenty\Downloads\m7t9yoeu.exe[1564] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0016D166 .text C:\Documents and Settings\menel\Moje dokumenty\Downloads\m7t9yoeu.exe[1564] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text C:\Documents and Settings\menel\Moje dokumenty\Downloads\m7t9yoeu.exe[1564] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00161400 .text C:\Documents and Settings\menel\Moje dokumenty\Downloads\m7t9yoeu.exe[1564] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00162350 .text C:\Documents and Settings\menel\Moje dokumenty\Downloads\m7t9yoeu.exe[1564] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00161000 .text C:\Documents and Settings\menel\Moje dokumenty\Downloads\m7t9yoeu.exe[1564] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 001610A0 .text C:\Documents and Settings\menel\Moje dokumenty\Downloads\m7t9yoeu.exe[1564] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 001622F0 .text C:\Documents and Settings\menel\Moje dokumenty\Downloads\m7t9yoeu.exe[1564] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 00162D00 .text C:\Documents and Settings\menel\Moje dokumenty\Downloads\m7t9yoeu.exe[1564] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 00162B60 .text C:\Documents and Settings\menel\Moje dokumenty\Downloads\m7t9yoeu.exe[1564] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00161EA0 .text C:\Documents and Settings\menel\Moje dokumenty\Downloads\m7t9yoeu.exe[1564] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00161C40 .text C:\Documents and Settings\menel\Moje dokumenty\Downloads\m7t9yoeu.exe[1564] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00162100 .text C:\Documents and Settings\menel\Moje dokumenty\Downloads\m7t9yoeu.exe[1564] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 00161B60 .text C:\Documents and Settings\menel\Moje dokumenty\Downloads\m7t9yoeu.exe[1564] WS2_32.dll!send 71A5428A 5 Bytes JMP 00162E60 .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 006823F0 .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00682690 .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0068D2AA .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0068D166 .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006811C0 .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00681400 .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00682350 .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00681000 .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 006810A0 .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 006822F0 .text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyExW 77DC774C 3 Bytes JMP 00682D00 .text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyExW + 4 77DC7750 1 Byte [88] .text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyExA 77DCE834 3 Bytes JMP 00682B60 .text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyExA + 4 77DCE838 1 Byte [88] .text C:\WINDOWS\system32\svchost.exe[1600] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 00681B60 .text C:\WINDOWS\system32\svchost.exe[1600] WS2_32.dll!send 71A5428A 5 Bytes JMP 00682E60 .text C:\WINDOWS\system32\svchost.exe[1600] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00681EA0 .text C:\WINDOWS\system32\svchost.exe[1600] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00681C40 .text C:\WINDOWS\system32\svchost.exe[1600] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00682100 .text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A23F0 .text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A2690 .text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000AD2AA .text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000AD166 .text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 000A1400 .text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 000A2350 .text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CopyFileA \WINDOWS\system32\csrssexe 7C8286FE 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000A22F0 .text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 000A2D00 .text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 000A2B60 .text C:\WINDOWS\system32\svchost.exe[1620] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 000A1EA0 .text C:\WINDOWS\system32\svchost.exe[1620] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 000A1C40 .text C:\WINDOWS\system32\svchost.exe[1620] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 000A2100 .text C:\WINDOWS\system32\svchost.exe[1620] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 000A1B60 .text C:\WINDOWS\system32\svchost.exe[1620] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A2E60 .text D:\LogMeIn Hamachi\hamachi-2.exe[1728] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 001623F0 .text D:\LogMeIn Hamachi\hamachi-2.exe[1728] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00162690 .text D:\LogMeIn Hamachi\hamachi-2.exe[1728] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0016D2AA .text D:\LogMeIn Hamachi\hamachi-2.exe[1728] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0016D166 .text D:\LogMeIn Hamachi\hamachi-2.exe[1728] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text D:\LogMeIn Hamachi\hamachi-2.exe[1728] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00161400 .text D:\LogMeIn Hamachi\hamachi-2.exe[1728] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00162350 .text D:\LogMeIn Hamachi\hamachi-2.exe[1728] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00161000 .text D:\LogMeIn Hamachi\hamachi-2.exe[1728] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 001610A0 .text D:\LogMeIn Hamachi\hamachi-2.exe[1728] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 001622F0 .text D:\LogMeIn Hamachi\hamachi-2.exe[1728] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 00161B60 .text D:\LogMeIn Hamachi\hamachi-2.exe[1728] WS2_32.dll!send 71A5428A 5 Bytes JMP 00162E60 .text D:\LogMeIn Hamachi\hamachi-2.exe[1728] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 00162D00 .text D:\LogMeIn Hamachi\hamachi-2.exe[1728] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 00162B60 .text D:\LogMeIn Hamachi\hamachi-2.exe[1728] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00161EA0 .text D:\LogMeIn Hamachi\hamachi-2.exe[1728] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00161C40 .text D:\LogMeIn Hamachi\hamachi-2.exe[1728] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00162100 .text C:\WINDOWS\System32\svchost.exe[1800] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00EE23F0 .text C:\WINDOWS\System32\svchost.exe[1800] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00EE2690 .text C:\WINDOWS\System32\svchost.exe[1800] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00EED2AA .text C:\WINDOWS\System32\svchost.exe[1800] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00EED166 .text C:\WINDOWS\System32\svchost.exe[1800] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00EE11C0 .text C:\WINDOWS\System32\svchost.exe[1800] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00EE1400 .text C:\WINDOWS\System32\svchost.exe[1800] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00EE2350 .text C:\WINDOWS\System32\svchost.exe[1800] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00EE1000 .text C:\WINDOWS\System32\svchost.exe[1800] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00EE10A0 .text C:\WINDOWS\System32\svchost.exe[1800] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00EE22F0 .text C:\WINDOWS\System32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 00EE2D00 .text C:\WINDOWS\System32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 00EE2B60 .text C:\WINDOWS\System32\svchost.exe[1800] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 00EE1B60 .text C:\WINDOWS\System32\svchost.exe[1800] WS2_32.dll!send 71A5428A 5 Bytes JMP 00EE2E60 .text C:\WINDOWS\System32\svchost.exe[1800] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00EE1EA0 .text C:\WINDOWS\System32\svchost.exe[1800] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00EE1C40 .text C:\WINDOWS\System32\svchost.exe[1800] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00EE2100 .text C:\WINDOWS\system32\spoolsv.exe[1840] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A323F0 .text C:\WINDOWS\system32\spoolsv.exe[1840] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A32690 .text C:\WINDOWS\system32\spoolsv.exe[1840] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A3D2AA .text C:\WINDOWS\system32\spoolsv.exe[1840] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00A3D166 .text C:\WINDOWS\system32\spoolsv.exe[1840] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A311C0 .text C:\WINDOWS\system32\spoolsv.exe[1840] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A31400 .text C:\WINDOWS\system32\spoolsv.exe[1840] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00A32350 .text C:\WINDOWS\system32\spoolsv.exe[1840] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00A31000 .text C:\WINDOWS\system32\spoolsv.exe[1840] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00A310A0 .text C:\WINDOWS\system32\spoolsv.exe[1840] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00A322F0 .text C:\WINDOWS\system32\spoolsv.exe[1840] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 00A32D00 .text C:\WINDOWS\system32\spoolsv.exe[1840] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 00A32B60 .text C:\WINDOWS\system32\spoolsv.exe[1840] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00A31EA0 .text C:\WINDOWS\system32\spoolsv.exe[1840] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00A31C40 .text C:\WINDOWS\system32\spoolsv.exe[1840] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00A32100 .text C:\WINDOWS\system32\spoolsv.exe[1840] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 00A31B60 .text C:\WINDOWS\system32\spoolsv.exe[1840] WS2_32.dll!send 71A5428A 5 Bytes JMP 00A32E60 .text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A23F0 .text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A2690 .text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000AD2AA .text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000AD166 .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 000A1400 .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 000A2350 .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000A22F0 .text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 000A2D00 .text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 000A2B60 .text C:\WINDOWS\system32\svchost.exe[1972] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 000A1EA0 .text C:\WINDOWS\system32\svchost.exe[1972] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 000A1C40 .text C:\WINDOWS\system32\svchost.exe[1972] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 000A2100 .text C:\WINDOWS\system32\svchost.exe[1972] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 000A1B60 .text C:\WINDOWS\system32\svchost.exe[1972] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A2E60 .text C:\WINDOWS\system32\ctfmon.exe[2152] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000B23F0 .text C:\WINDOWS\system32\ctfmon.exe[2152] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000B2690 .text C:\WINDOWS\system32\ctfmon.exe[2152] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000BD2AA .text C:\WINDOWS\system32\ctfmon.exe[2152] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000BD166 .text C:\WINDOWS\system32\ctfmon.exe[2152] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000B11C0 .text C:\WINDOWS\system32\ctfmon.exe[2152] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 000B1400 .text C:\WINDOWS\system32\ctfmon.exe[2152] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 000B2350 .text C:\WINDOWS\system32\ctfmon.exe[2152] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 000B1000 .text C:\WINDOWS\system32\ctfmon.exe[2152] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000B10A0 .text C:\WINDOWS\system32\ctfmon.exe[2152] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000B22F0 .text C:\WINDOWS\system32\ctfmon.exe[2152] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 000B2D00 .text C:\WINDOWS\system32\ctfmon.exe[2152] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 000B2B60 .text C:\WINDOWS\system32\ctfmon.exe[2152] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 000B1EA0 .text C:\WINDOWS\system32\ctfmon.exe[2152] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 000B1C40 .text C:\WINDOWS\system32\ctfmon.exe[2152] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 000B2100 .text C:\WINDOWS\system32\ctfmon.exe[2152] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 000B1B60 .text C:\WINDOWS\system32\ctfmon.exe[2152] WS2_32.dll!send 71A5428A 5 Bytes JMP 000B2E60 .text C:\Program Files\Opera\Opera.exe[2440] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 001623F0 .text C:\Program Files\Opera\Opera.exe[2440] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00162690 .text C:\Program Files\Opera\Opera.exe[2440] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0016D2AA .text C:\Program Files\Opera\Opera.exe[2440] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0016D166 .text C:\Program Files\Opera\Opera.exe[2440] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text C:\Program Files\Opera\Opera.exe[2440] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00161400 .text C:\Program Files\Opera\Opera.exe[2440] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00162350 .text C:\Program Files\Opera\Opera.exe[2440] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00161000 .text C:\Program Files\Opera\Opera.exe[2440] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 001610A0 .text C:\Program Files\Opera\Opera.exe[2440] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 001622F0 .text C:\Program Files\Opera\Opera.exe[2440] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 00162D00 .text C:\Program Files\Opera\Opera.exe[2440] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 00162B60 .text C:\Program Files\Opera\Opera.exe[2440] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00161EA0 .text C:\Program Files\Opera\Opera.exe[2440] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00161C40 .text C:\Program Files\Opera\Opera.exe[2440] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00162100 .text C:\Program Files\Opera\Opera.exe[2440] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 00161B60 .text C:\Program Files\Opera\Opera.exe[2440] WS2_32.dll!send 71A5428A 5 Bytes JMP 00162E60 .text C:\WINDOWS\system32\svchost.exe[2680] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A23F0 .text C:\WINDOWS\system32\svchost.exe[2680] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A2690 .text C:\WINDOWS\system32\svchost.exe[2680] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000AD2AA .text C:\WINDOWS\system32\svchost.exe[2680] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000AD166 .text C:\WINDOWS\system32\svchost.exe[2680] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\svchost.exe[2680] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 000A1400 .text C:\WINDOWS\system32\svchost.exe[2680] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 000A2350 .text C:\WINDOWS\system32\svchost.exe[2680] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\svchost.exe[2680] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\svchost.exe[2680] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000A22F0 .text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 000A2D00 .text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 000A2B60 .text C:\WINDOWS\system32\svchost.exe[2680] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 000A1EA0 .text C:\WINDOWS\system32\svchost.exe[2680] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 000A1C40 .text C:\WINDOWS\system32\svchost.exe[2680] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 000A2100 .text C:\WINDOWS\system32\svchost.exe[2680] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 000A1B60 .text C:\WINDOWS\system32\svchost.exe[2680] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A2E60 .text C:\WINDOWS\System32\alg.exe[3316] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A23F0 .text C:\WINDOWS\System32\alg.exe[3316] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A2690 .text C:\WINDOWS\System32\alg.exe[3316] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000AD2AA .text C:\WINDOWS\System32\alg.exe[3316] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000AD166 .text C:\WINDOWS\System32\alg.exe[3316] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\System32\alg.exe[3316] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 000A1400 .text C:\WINDOWS\System32\alg.exe[3316] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 000A2350 .text C:\WINDOWS\System32\alg.exe[3316] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 000A1000 .text C:\WINDOWS\System32\alg.exe[3316] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000A10A0 .text C:\WINDOWS\System32\alg.exe[3316] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000A22F0 .text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!RegCreateKeyExW 77DC774C 5 Bytes JMP 000A2D00 .text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!RegCreateKeyExA 77DCE834 5 Bytes JMP 000A2B60 .text C:\WINDOWS\System32\alg.exe[3316] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 000A1B60 .text C:\WINDOWS\System32\alg.exe[3316] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A2E60 .text C:\WINDOWS\System32\alg.exe[3316] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 000A1EA0 .text C:\WINDOWS\System32\alg.exe[3316] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 000A1C40 .text C:\WINDOWS\System32\alg.exe[3316] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 000A2100 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00169300077d Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00169300077d (not active ControlSet) Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x95 0xF2 0x70 0xEC ... Reg HKLM\SOFTWARE\Classes\CLSID\{7457386a-2090-4f1a-8814-42225102e6cc}@Model 114 Reg HKLM\SOFTWARE\Classes\CLSID\{7457386a-2090-4f1a-8814-42225102e6cc}@Therad 30 Reg HKLM\SOFTWARE\Classes\CLSID\{7457386a-2090-4f1a-8814-42225102e6cc}@MData 0x2B 0x8F 0x78 0x29 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Rjgkgb C:\Documents and Settings\menel\Dane aplikacji\Rjgkgb.exe Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\menel\Dane aplikacji\Rjgkgb.exe Rjgkgb ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\menel\Dane aplikacji\Rjgkgb.exe 237568 bytes executable ---- EOF - GMER 1.0.15 ----

kernel32\WINDOWS\System32\algtext C

**Posty:** 18165 · przez **wojtas** 18 Cze 2012, 16:52

Combofixa nie używamy na własną rękę, log z DDS nie potrzebny jeśli jest OTL

odinstaluj : uTorrentControl2 Toolbar

zastosuj ten skaner ( powiedz czy coś wykrył, skanuj dopóki nie będzie nic wykrywał)

http://www.sophos.com/support/disinfection/jeefoa.html

sprawdź czy coś znajdują poniższe skanery:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixVirut.com
oraz ten:
http://www.freedrweb.com/download+cureit/

powiedz czy coś znalazły, jakieś infekcje, zapisz sobie nazwę

jeśli nie przejdziemy do usuwania .

**Posty:** 3 · przez **noffyoi** 18 Cze 2012, 19:03

Zacząłem od Dr.Web, po szybkim skanie 4infekcje: 2x Adware Softonic w Softonic Downloaderach, BackDoor.IRC.Bot.911 w rjgkgb.exe i ostatni Trojan.Siggen.4.5725 w OTL.exe do kwarantanny. Wcześniej nie mogłem odpisać, powiniem przywrócić ustawienia do momentu przed użyciem combofixa? zapewne zbyt pochopnie go użyłem i jeśli coś poszło nie tak, będzie trzeba walczyć z kolejnymi konsekwencjami. Dwa pierwsze linki mi nie działają.
Zauważone: wszystkie strony z sophos oprócz wiki i spohos for mac home edition > "nie można znaleźć serwera". Z symantec podobnie, stronki sklepów, w których można zakupić ten program działają.
Zauważone: kolejny szybki skan z Dr.Web i znowu Backdoor z rjgkgb.exe, usunięte. Pełny skan A0109908.exe taki sam Backdoor oraz A0109683 - podejrzenie BATCH.Virus. Mam zamiar wykonać jeszcze jeden skan, ale to potrwa. Po tych działaniach stronka z tym pierwszym linkiem się otwiera, druga też się pobiera. Zrobie skany i podziele się spostrzeżeniami jutro.

**Posty:** 18165 · przez **wojtas** 18 Cze 2012, 23:08

ok czekam na wyniki, plus nowy log z OTL dorzuć

żeby sprawdzić jak sytuacja

**Posty:** 3 · przez **noffyoi** 19 Cze 2012, 12:10

Dzisiaj uruchomiłem laptopa i internet działał, ale narazie nie mam zamiaru świętować:) idę zainstalować jakiegoś antyvirusa, teraz dam loga z symantec, zaś virut nic nie wykrył. Niedługo zedytuje wraz z logiem z OTL.

Kod: Zaznacz wszystko: RESOLVE Version 1.04 Copyright (c) 2003, Sophos Plc, www.sophos.com System disinfection for W32/Jeefo Data Version 1.00, Plugin Version 1.01 System scan started at 22:37 on 18 June 2012 Checking for W32/Jeefo in memory W32/Jeefo was not found active in memory Checking for files affected by W32/Jeefo Scanning C: Scanning D: Scanning C: Scanning D: System scan finished at 22:41 on 18 June 2012 Infected processes found : 0 Processes terminated or disinfected : 0 Infected files found : 0 Infected files deleted : 0 RESOLVE Version 1.04 Copyright (c) 2003, Sophos Plc, www.sophos.com System disinfection for W32/Jeefo Data Version 1.00, Plugin Version 1.01 System scan started at 22:44 on 18 June 2012 Checking for W32/Jeefo in memory W32/Jeefo was not found active in memory Checking for files affected by W32/Jeefo Scanning C: Scanning D: Scanning C: Error opening file C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat Error opening file C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat Error opening file C:\Documents and Settings\All Users\Menu Start\Programy\ffdshow\Konfiguracja dekodera dYwieku ffdshow.lnk Error opening file C:\Documents and Settings\LocalService\Cookies\index.dat Error opening file C:\Documents and Settings\LocalService\NTUSER.DAT Error opening file C:\Documents and Settings\LocalService\ntuser.dat.LOG Error opening file C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Error opening file C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Error opening file C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Error opening file C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Error opening file C:\Documents and Settings\menel\Cookies\index.dat Error opening file C:\Documents and Settings\menel\ntuser.dat Error opening file C:\Documents and Settings\menel\NTUSER.DAT.LOG Error opening file C:\Documents and Settings\menel\Pulpit\lol\menel\muzyka od kbn\DDK_RPK-Slowo_Dla_Ludzi_Cz.2-PL-2011-EMPiK\02-ddk_rpk-codzienno?_feat._tps_martin_jsp-empik.mp3 Error opening file C:\Documents and Settings\menel\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Error opening file C:\Documents and Settings\menel\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Error opening file C:\Documents and Settings\menel\Ustawienia lokalne\Historia\History.IE5\index.dat Error opening file C:\Documents and Settings\menel\Ustawienia lokalne\Historia\History.IE5\MSHist012012061820120619\index.dat Error opening file C:\Documents and Settings\menel\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Error opening file C:\Documents and Settings\NetworkService\Cookies\index.dat Error opening file C:\Documents and Settings\NetworkService\NTUSER.DAT Error opening file C:\Documents and Settings\NetworkService\ntuser.dat.LOG Error opening file C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Error opening file C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Error opening file C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia\History.IE5\index.dat Error opening file C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Error opening file C:\pagefile.sys Error opening file C:\resolve.log Error opening file C:\System Volume Information\_restore{53767FB6-A045-45D8-AF8C-C34CCD2772FF}\RP284\change.log Error opening file C:\WINDOWS\Debug\PASSWD.LOG Error opening file C:\WINDOWS\SchedLgU.Txt Error opening file C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Error opening file C:\WINDOWS\Sti_Trace.log Error opening file C:\WINDOWS\system32\config\AppEvent.Evt Error opening file C:\WINDOWS\system32\config\default Error opening file C:\WINDOWS\system32\config\default.LOG Error opening file C:\WINDOWS\system32\config\Internet.evt Error opening file C:\WINDOWS\system32\config\SAM Error opening file C:\WINDOWS\system32\config\SAM.LOG Error opening file C:\WINDOWS\system32\config\SecEvent.Evt Error opening file C:\WINDOWS\system32\config\SECURITY Error opening file C:\WINDOWS\system32\config\SECURITY.LOG Error opening file C:\WINDOWS\system32\config\software Error opening file C:\WINDOWS\system32\config\software.LOG Error opening file C:\WINDOWS\system32\config\SysEvent.Evt Error opening file C:\WINDOWS\system32\config\system Error opening file C:\WINDOWS\system32\config\system.LOG Error opening file C:\WINDOWS\system32\h323log.txt Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Error opening file C:\WINDOWS\wiadebug.log Error opening file C:\WINDOWS\wiaservc.log Error opening file C:\WINDOWS\WindowsUpdate.log Scanning D: Error opening file D:\Nexon\Atlantica\NBATTLEFIELD\TRIGGERDATA\TriggerData? ?? ??.lnk Error opening file D:\Nexon\Atlantica\NGImg\USE_MPOTION - ???.NIF Error opening file D:\Nexon\Atlantica\NModel\Accessaries_Korea\DefaultTexture\??002.dds Error opening file D:\Nexon\Atlantica\NModel\Accessaries_Korea\LowerTexture\??002.dds System scan finished at 23:08 on 18 June 2012 Infected processes found : 0 Processes terminated or disinfected : 0 Infected files found : 0 Infected files deleted : 0

Zainstalowałem PC Tools z opcją Spyware Doctora, 5zagrożeń i 300 infekcji (większość to Application.WhiteSmoke). Bez licencji, tego się nie pozbęde, dlatego instaluje wersje anyvira free, zobacze co wykaże skan. 13:13 skan potrwa jeszcze jakieś 1h40min, potem 8h50min!, dlatego napisze nazwy reszty paskudztw: Trackware.TrackingCookie'rem, Application.TrackingCookies, Trojan-Downloader.Murlo, Trojan.Generic. Po skanie robię loga z OTL. Hmmm. Skan nadal na 3%, a czas wydłużył się do 14h44min. xD 22h^. 44h, zdecydowanie licznik się popsuł lub ten skan jest, jaki jest. To, że problem leżał z zawirusowaniu, nie ulega wątpliwości, ale jak się teraz tego pozbyć. Odpaliłbym Dr.Web na full scan, teraz mi się przypomniało, że nie skończył on pracy ostatnio, ale to też zejdzie czasu. Czekam na jakieś instrukcje, bo jestem trochę skołowany. Tak nawiasem uruchomiłem parę razy laptopa i internet zdawał się zdziałać, ale nie mogłem wypróbować w żadnych aplikacjach, sam teraz zastanawiam, jak to teraz wygląda. Skany, antywirusy i skany. 13:41 4%, czas się zmienił na lepsze, widocznie, jakieś pliki sprawiły, że skan zaczął wariować. 13:49 7% skan wykrył po dwie infekcje: Application.TrackingCookie, Trojan.ADH i Trojan.Gen. 14:05 11%, zastanawia mnie słuszność tego skanowania, to nadal PC Tools, doktorek wykonał szybki skan w 5min, ale nim nie mogłem usunąć problemów, więc czy PC Tools Antyvi Free je rozwiąże, czy marnuje czas, bo wynik skanu może być taki sam lub gorszy. 14:11 16% do tej pory do pozbywania się pomniejszych szkodników typu cookie używałem asc. Wiem, że miałem gdzieś IObit Malware Fighter, zawsze mogę go poszukać i zobaczyć co zdziała. 14:18 19% i wykryty Suspicious.Cloud.7.L. Przynajmniej będę miał nazwy wszystkiego, czego trzeba się pozbyć.
Edit: 16:04 net nadal działa po włączeniu, 8infekcji +3 zagrożeń i wszystkich się pozbyłem po tym skanie z wersji free. Teraz log w OTL i test osobisty jakości połączenia. Zuważyłem, że mógłbym powtórzyć skan tym sophos, tylko z administratora.
Edit: 17:03 sprawdzałem, jak sprawdza się w aplikacjach, pomijając zmiany jakie wprowadziło używanie antywirusa, jest poprawa, znaczenie mniej przerywa połączenie. Internet działa po wyłączeniu laptopa, nadal nie świętuje. Może to ze względu na to, że jeszcze od groma wirusów jest^^ Czekam na dalszą współpracę. Tak nawiasem Wireless Router Netgear WGR614v9, a modem cisco EPC3212. W moich dokumentach znalazłem odzyskany fragment plików WGR614v9-V1.1.2.30.chk. On był tam od dłuższego czasu:) Ustawienia routera są poprawne oraz przeinstalowałem wcześniej stery od karty i sam router, wtedy wykluczyłem problem z nim, a skoro odwirusowywanie pomogło, to sądze, że dalej będzie to pomagało, zobacze ile uda się jeszcze oczyścić z wirusów. Czekam na instrukcje co z tymi logami, czy używać jeszcze jakiś skanerów.
Edit: 18:10 2infekcje i jedno zagrożenie mniej - sprawka PC Tools AntiVirus Free. Z zagrożeń zostało jeszcze jedno jeśli się nie myle. Moje ogólne wrażenia mogę być mylne, nie znam się, a stan odnosnie poprawy może być chwilowy, albo w rzeczywistości okazać się gorszy niż był - mam tu głównie na myśli szereg optymalizacji i tego combofixa, które wykonałem 2 dni temu, kiedy już problem nie dawał mi spokoju. Jeśli będzie potrzeba przeinstaluje pownownie wszystko związane z internetem. Czekam:)

Edit: 22:54 wszystko jest czyste, zero zagrożeń i zero infekcji, dam zaraz kolejnego loga z OTL:)

Dodano Dzisiaj, 23:09:
Oto i najnowsze logi.

**Posty:** 18165 · przez **wojtas** 21 Cze 2012, 19:15

odinstaluj PC Tools Anti-Spam Toolbar oraz PC Tools Security ( w zamian tego zainstaluj Malwarebytes )

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
[2012-06-19 22:52:11 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012-06-19 22:51:04 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job
[2012-06-09 21:07:44 | 000,045,194 | ---- | M] () -- C:\Documents and Settings\menel\Dane aplikacji\room_v3.dat
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:430C6D84

:Commands
[emptytemp]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).