Zawieszanie i wolna praca komputera

**Posty:** 319 · przez **hugo91** 15 Lip 2011, 14:52

Witam, mam problem odnosnie komputera, a mianowicie odpalam dzis ta skrzynkee loguje sie na moj profil i zacina sie on juz na pulpicie, czasem go poresetuje z 10-15 razy az dziala w porzadku, przwracanie systemu niestety nie pomoglo, da sie cos z tym fantem zrobic czy niezabardzo?

1. Najpierw pozbywamy się programu emulującego + sptd.sys - zrobione
system xp 32 bit

Kod: Zaznacz wszystko: GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-07-15 14:56:47 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 WDC_WD1600JB-00GVC0 rev.08.02D08 Running: 6z2riqqn.exe; Driver: C:\DOCUME~1\XP\USTAWI~1\Temp\pxtdrpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF6119202] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF617FCB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF613D6C1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF611B81C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF611B874] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF611B98A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF613D075] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF611B772] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF611B8C4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF611B7C6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF611B938] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF6119226] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF613DD87] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF613E03D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF611BC0E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF613DBF2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF613DA5D] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF617FD62] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF6118FF0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF611924A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF611BD82] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF6119CDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF611B84C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF611B89C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF611B9B4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF613D3D1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF611B79E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF611BA46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF611B904] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF611B7F4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF611BB2A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF611B962] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF617FDFA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF613D8D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF6119BA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF613D72A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF6188E48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF613C6E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF611926E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF6119292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF611904A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF6119186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF613DE8E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF6119162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF61191AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF61192B6] INT 0x62 ? 825A7CB8 INT 0x82 ? 825A7CB8 INT 0x83 ? 825A7CB8 INT 0xB4 ? 82283CB8 INT 0xB4 ? 82283CB8 INT 0xB4 ? 82283CB8 INT 0xB4 ? 82283CB8 INT 0xB4 ? 82283CB8 INT 0xB4 ? 82283CB8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF6195902] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 26B4 80501EEC 4 Bytes [E8, C6, 13, F6] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B8EC 4 Bytes CALL F611A335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1DB4 5 Bytes JMP F61912BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805B8C2C 5 Bytes JMP F6192D5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C74CC 7 Bytes JMP F6195906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text sptd.sys F8450000 32 Bytes [E0, 36, 6D, 80, 5E, 87, 6D, ...] .text sptd.sys F8450024 408 Bytes [72, 1A, 53, 80, 80, 4F, 54, ...] .text sptd.sys F84501BD 15 Bytes [70, 53, 80, A2, F7, 5C, 80, ...] .text sptd.sys F84501D4 4 Bytes [F3, A5, 6A, 4D] {REP MOVSD ; PUSH 0x4d} .text sptd.sys F84501DC 1 Byte [02] .text ... .sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xF84FA9E3] ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7B35380, 0x346307, 0xE8000020] .text USBPORT.SYS!DllUnload F7A7B8AC 5 Bytes JMP 822831C8 .text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP F611CCCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP F611CBDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP F611BF60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP F611CE38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP F611D040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP F611CB4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP F611BE9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 3 Bytes JMP F611C1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3585 BF85E558 1 Byte [36] .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP F611C352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F852 3 Bytes JMP F611BE84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 8C BF85F856 1 Byte [36] .text win32k.sys!EngCreatePalette + 5454 BF864C1E 3 Bytes JMP F611CC04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5458 BF864C22 1 Byte [36] .text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP F611C32A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP F611CD80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP F611CF9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP F611BFD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP F611C06A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP F611C0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP F611C114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP F611BDB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP F611BF1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP F611C034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP F611C46C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP F611CEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[144] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[144] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[144] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[144] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[144] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[144] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[144] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[144] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[144] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[144] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[144] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[144] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[144] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[144] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[180] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[180] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[180] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[180] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[180] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[180] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[180] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[180] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[180] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[180] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[180] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[180] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[180] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[180] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\ctfmon.exe[192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[192] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[192] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[192] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\ctfmon.exe[192] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\ctfmon.exe[192] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\ctfmon.exe[192] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\ctfmon.exe[192] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\ctfmon.exe[192] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\ctfmon.exe[192] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\ctfmon.exe[192] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\ctfmon.exe[192] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\ctfmon.exe[192] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\ctfmon.exe[192] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\ctfmon.exe[192] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\ctfmon.exe[192] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\ctfmon.exe[192] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\Program Files\DC++\DCPlusPlus.exe[256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\DC++\DCPlusPlus.exe[256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\DC++\DCPlusPlus.exe[256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\DC++\DCPlusPlus.exe[256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\DC++\DCPlusPlus.exe[256] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\DC++\DCPlusPlus.exe[256] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\DC++\DCPlusPlus.exe[256] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\DC++\DCPlusPlus.exe[256] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\DC++\DCPlusPlus.exe[256] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\DC++\DCPlusPlus.exe[256] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\DC++\DCPlusPlus.exe[256] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\DC++\DCPlusPlus.exe[256] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\DC++\DCPlusPlus.exe[256] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\DC++\DCPlusPlus.exe[256] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\DC++\DCPlusPlus.exe[256] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\DC++\DCPlusPlus.exe[256] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\DC++\DCPlusPlus.exe[256] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\System32\smss.exe[656] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[740] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00581014 .text C:\WINDOWS\system32\winlogon.exe[764] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00580804 .text C:\WINDOWS\system32\winlogon.exe[764] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00580A08 .text C:\WINDOWS\system32\winlogon.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00580C0C .text C:\WINDOWS\system32\winlogon.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00580E10 .text C:\WINDOWS\system32\winlogon.exe[764] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005801F8 .text C:\WINDOWS\system32\winlogon.exe[764] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005803FC .text C:\WINDOWS\system32\winlogon.exe[764] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00580600 .text C:\WINDOWS\system32\winlogon.exe[764] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00590804 .text C:\WINDOWS\system32\winlogon.exe[764] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00590A08 .text C:\WINDOWS\system32\winlogon.exe[764] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00590600 .text C:\WINDOWS\system32\winlogon.exe[764] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005901F8 .text C:\WINDOWS\system32\winlogon.exe[764] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005903FC .text C:\WINDOWS\system32\services.exe[808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[808] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\services.exe[808] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\services.exe[808] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\services.exe[808] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\services.exe[808] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\lsass.exe[820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[820] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\lsass.exe[820] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\lsass.exe[820] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\lsass.exe[820] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\lsass.exe[820] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\nvsvc32.exe[1404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\nvsvc32.exe[1404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\nvsvc32.exe[1404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1404] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\nvsvc32.exe[1404] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\nvsvc32.exe[1404] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\nvsvc32.exe[1404] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\nvsvc32.exe[1404] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\nvsvc32.exe[1404] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\nvsvc32.exe[1404] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\nvsvc32.exe[1404] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\nvsvc32.exe[1404] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\nvsvc32.exe[1404] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\nvsvc32.exe[1404] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\nvsvc32.exe[1404] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\nvsvc32.exe[1404] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1640] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[1740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1740] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[1740] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1740] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\spoolsv.exe[1740] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[1740] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[1740] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\spoolsv.exe[1740] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\spoolsv.exe[1740] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[1740] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[1740] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\spoolsv.exe[1740] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\spoolsv.exe[1740] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\spoolsv.exe[1740] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\spoolsv.exe[1740] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\spoolsv.exe[1740] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\Explorer.EXE[1868] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[1868] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1868] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[1868] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1868] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 004D1014 .text C:\WINDOWS\Explorer.EXE[1868] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 004D0804 .text C:\WINDOWS\Explorer.EXE[1868] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 004D0A08 .text C:\WINDOWS\Explorer.EXE[1868] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 004D0C0C .text C:\WINDOWS\Explorer.EXE[1868] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 004D0E10 .text C:\WINDOWS\Explorer.EXE[1868] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004D01F8 .text C:\WINDOWS\Explorer.EXE[1868] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004D03FC .text C:\WINDOWS\Explorer.EXE[1868] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 004D0600 .text C:\WINDOWS\Explorer.EXE[1868] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004E0804 .text C:\WINDOWS\Explorer.EXE[1868] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004E0A08 .text C:\WINDOWS\Explorer.EXE[1868] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004E0600 .text C:\WINDOWS\Explorer.EXE[1868] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004E01F8 .text C:\WINDOWS\Explorer.EXE[1868] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004E03FC .text C:\WINDOWS\system32\wuauclt.exe[1976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\wuauclt.exe[1976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[1976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\wuauclt.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\wuauclt.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\wuauclt.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\wuauclt.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\wuauclt.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\wuauclt.exe[1976] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\wuauclt.exe[1976] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\wuauclt.exe[1976] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\wuauclt.exe[1976] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\wuauclt.exe[1976] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\wuauclt.exe[1976] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\wuauclt.exe[1976] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\wuauclt.exe[1976] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\wuauclt.exe[1976] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\XP\Pulpit\6z2riqqn.exe[2548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Documents and Settings\XP\Pulpit\6z2riqqn.exe[2548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\XP\Pulpit\6z2riqqn.exe[2548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Documents and Settings\XP\Pulpit\6z2riqqn.exe[2548] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\XP\Pulpit\6z2riqqn.exe[2548] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009C1014 .text C:\Documents and Settings\XP\Pulpit\6z2riqqn.exe[2548] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009C0804 .text C:\Documents and Settings\XP\Pulpit\6z2riqqn.exe[2548] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009C0A08 .text C:\Documents and Settings\XP\Pulpit\6z2riqqn.exe[2548] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009C0C0C .text C:\Documents and Settings\XP\Pulpit\6z2riqqn.exe[2548] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009C0E10 .text C:\Documents and Settings\XP\Pulpit\6z2riqqn.exe[2548] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C01F8 .text C:\Documents and Settings\XP\Pulpit\6z2riqqn.exe[2548] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C03FC .text C:\Documents and Settings\XP\Pulpit\6z2riqqn.exe[2548] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009C0600 .text C:\Documents and Settings\XP\Pulpit\6z2riqqn.exe[2548] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804 .text C:\Documents and Settings\XP\Pulpit\6z2riqqn.exe[2548] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08 .text C:\Documents and Settings\XP\Pulpit\6z2riqqn.exe[2548] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600 .text C:\Documents and Settings\XP\Pulpit\6z2riqqn.exe[2548] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8 .text C:\Documents and Settings\XP\Pulpit\6z2riqqn.exe[2548] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F845220E] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F845170C] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F8451EEE] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F845170C] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F84518F0] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F8451832] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F84520CC] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F8451EEE] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8465F56] sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[808] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002 IAT C:\WINDOWS\system32\services.exe[808] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 825D41E8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBPDO-0 824531E8 Device \Driver\usbuhci \Device\USBPDO-1 824531E8 Device \Driver\usbuhci \Device\USBPDO-2 824531E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{5537C5BE-1136-4770-ABBE-181D7AE6F279} 820501E8 Device \Driver\usbuhci \Device\USBPDO-3 824531E8 Device \Driver\usbehci \Device\USBPDO-4 8243C1E8 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Cdrom \Device\CdRom0 8228C1E8 Device \Driver\atapi \Device\Ide\IdePort0 [F83BBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F83BBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [F83BBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [F83BBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-10 [F83BBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-1b [F83BBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-8 [F83BBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Cdrom \Device\CdRom1 8228C1E8 Device \Driver\usbstor \Device\00000066 823FB430 Device \Driver\usbstor \Device\00000067 823FB430 Device \Driver\usbstor \Device\00000068 823FB430 Device \Driver\usbstor \Device\00000069 823FB430 Device \Driver\NetBT \Device\NetBt_Wins_Export 820501E8 Device \Driver\NetBT \Device\NetbiosSmb 820501E8 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbstor \Device\0000006a 823FB430 Device \Driver\usbuhci \Device\USBFDO-0 824531E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{9078DB0B-47AA-48FF-A0FD-CED0485EBBF0} 820501E8 Device \Driver\usbuhci \Device\USBFDO-1 824531E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81DBF1E8 Device \Driver\usbuhci \Device\USBFDO-2 824531E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 81DBF1E8 Device \Driver\usbuhci \Device\USBFDO-3 824531E8 Device \Driver\usbehci \Device\USBFDO-4 8243C1E8 Device \FileSystem\Cdfs \Cdfs 8229D408 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 MBR read error Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0 ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\XP\Cookies\xp@programosy[2].txt 359 bytes File C:\Documents and Settings\XP\Ustawienia lokalne\Temporary Internet Files\Content.IE5\9013BN2Y\down[1] 0 bytes File C:\Documents and Settings\XP\Ustawienia lokalne\Temporary Internet Files\Content.IE5\9013BN2Y\httpErrorPagesScripts[1] 0 bytes File C:\Documents and Settings\XP\Ustawienia lokalne\Temporary Internet Files\Content.IE5\J08AAPTE\help[1] 0 bytes File C:\Documents and Settings\XP\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OBVVIWAU\tabswelcome[1] 0 bytes File C:\Documents and Settings\XP\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OBVVIWAU\tab_icon[1] 0 bytes File C:\WINDOWS\Temp\_avast_\unp33805707.tmp (size mismatch) 107008/0 bytes executable ---- EOF - GMER 1.0.15 ----

zachwile dojdzie otl, ale narazie gmera wrzuce bo mozliwe ze sie zdazy zaciac on..

mam !
http://www.wklej.org/id/562122/
http://www.wklej.org/id/562123/

**Posty:** 18165 · przez **wojtas** 16 Lip 2011, 14:53

a czemu widze w OTL :

DRV - [2011-07-15 14:35:47 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

daj nowego loga z OTL.

**Posty:** 319 · przez **hugo91** 17 Lip 2011, 14:25

juz poszlo

Kod: Zaznacz wszystko: OTL logfile created on: 2011-07-17 14:25:01 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\XP\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 510,42 Mb Total Physical Memory | 262,59 Mb Available Physical Memory | 51,44% Memory free 1,22 Gb Paging File | 1,04 Gb Available in Paging File | 85,21% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 15,04 Gb Total Space | 6,15 Gb Free Space | 40,89% Space Free | Partition Type: NTFS Drive D: | 40,04 Gb Total Space | 14,25 Gb Free Space | 35,60% Space Free | Partition Type: NTFS Drive E: | 40,04 Gb Total Space | 13,09 Gb Free Space | 32,70% Space Free | Partition Type: NTFS Drive F: | 40,04 Gb Total Space | 23,35 Gb Free Space | 58,30% Space Free | Partition Type: NTFS Drive G: | 13,88 Gb Total Space | 0,24 Gb Free Space | 1,73% Space Free | Partition Type: NTFS Computer Name: ANGELS | User Name: XP | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-07-15 14:37:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XP\Pulpit\OTL.exe PRC - [2011-07-04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011-07-04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2008-05-17 14:36:34 | 001,503,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-09-05 11:20:12 | 000,036,352 | ---- | M] (VisualTaskTips.com) -- C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe PRC - [2006-08-04 14:59:16 | 000,062,976 | ---- | M] (Alexander Avdonin) -- C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe PRC - [2005-04-10 18:04:27 | 001,163,264 | ---- | M] () -- C:\Program Files\DC++\DCPlusPlus.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-07-15 14:37:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XP\Pulpit\OTL.exe MOD - [2011-07-04 13:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2007-09-05 11:20:04 | 000,007,680 | ---- | M] () -- C:\Program Files\Utilities\VisualTaskTips\VttHooks.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011-07-04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-07-04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011-07-04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011-07-04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011-07-04 13:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011-07-04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011-07-04 13:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011-07-04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2008-05-17 14:49:14 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\VIBUS.sys -- (VIBUS) DRV - [2008-05-17 14:49:14 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\VIDEX32.sys -- (VIDEX32) DRV - [2008-01-24 23:36:16 | 004,127,488 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2007-11-21 01:09:22 | 000,104,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006-05-04 19:02:58 | 000,380,928 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) DRV - [2003-07-02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie_rsearch.html IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1645522239-220523388-1417001333-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie_rsearch.html IE - HKU\S-1-5-21-1645522239-220523388-1417001333-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1645522239-220523388-1417001333-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-1645522239-220523388-1417001333-1002\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\S-1-5-21-1645522239-220523388-1417001333-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://pejaslumsattack.pl/" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-07-15 16:27:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-05-24 20:00:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-05-24 21:31:21 | 000,000,000 | ---D | M] [2011-05-24 20:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XP\Dane aplikacji\Mozilla\Extensions [2011-05-24 22:09:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XP\Dane aplikacji\Mozilla\Firefox\Profiles\1gv10fkc.default\extensions [2011-05-24 20:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- [2011-07-15 16:27:29 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2011-05-25 18:30:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011-04-14 18:59:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2001-08-23 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKU\.DEFAULT..\Run: [Skype] File not found O4 - HKU\.DEFAULT..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin) O4 - HKU\.DEFAULT..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com) O4 - HKU\S-1-5-18..\Run: [Skype] File not found O4 - HKU\S-1-5-18..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin) O4 - HKU\S-1-5-18..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com) O4 - HKU\S-1-5-20..\Run: [Skype] File not found O4 - HKU\S-1-5-20..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin) O4 - HKU\S-1-5-20..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com) O4 - HKU\S-1-5-21-1645522239-220523388-1417001333-1002..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-1645522239-220523388-1417001333-1002..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin) O4 - HKU\S-1-5-21-1645522239-220523388-1417001333-1002..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com) O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found O4 - Startup: C:\Documents and Settings\XP\Menu Start\Programy\Autostart\DC++.lnk = C:\Program Files\DC++\DCPlusPlus.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-21-1645522239-220523388-1417001333-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1645522239-220523388-1417001333-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-21-1645522239-220523388-1417001333-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-21-1645522239-220523388-1417001333-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-1645522239-220523388-1417001333-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-1645522239-220523388-1417001333-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-21-1645522239-220523388-1417001333-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-21-1645522239-220523388-1417001333-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O15 - HKU\.DEFAULT\..Trusted Domains: google.com ([mail] https in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: google.com ([mail] https in Trusted sites) O15 - HKU\S-1-5-20\..Trusted Domains: google.com ([mail] https in Trusted sites) O15 - HKU\S-1-5-21-1645522239-220523388-1417001333-1002\..Trusted Domains: google.com ([mail] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 94.246.129.1 94.246.129.3 94.246.129.2 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\XP\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\XP\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O27 - HKLM IFEO\notepad.exe: Debugger - C:\WINDOWS\system32\Notepad2.exe () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-05-24 19:21:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-07-17 14:18:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\XP\Recent [2011-07-15 14:37:06 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\XP\Pulpit\OTL.scr [2011-07-15 14:37:01 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\XP\Pulpit\OTL.com [2011-07-15 14:36:56 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\XP\Pulpit\OTL.exe [2011-07-15 14:35:31 | 000,607,288 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\XP\Pulpit\SPTDinst-v178-x86.exe [2011-07-14 17:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Pulpit\Instrukcja_PDF [2011-07-04 21:03:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\XP\Moje dokumenty\Moje wideo [2011-07-04 21:03:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\XP\Moje dokumenty\Moje obrazy [2011-07-04 21:03:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\XP\Moje dokumenty\Moja muzyka [2011-07-04 21:03:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje wideo [2011-07-03 20:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\.gstreamer-0.10 [2011-06-30 17:57:56 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2011-06-30 17:57:56 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2011-06-30 17:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\avast! Free Antivirus [2011-06-30 17:57:54 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2011-06-30 17:57:53 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2011-06-30 17:57:53 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2011-06-30 17:57:53 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2011-06-30 17:57:53 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2011-06-30 17:57:53 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2011-06-30 17:57:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011-06-30 17:57:35 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2011-06-30 17:57:35 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-07-17 14:24:03 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2011-07-17 14:22:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-07-17 14:20:59 | 000,190,954 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\pul.JPG [2011-07-16 17:34:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-07-15 16:27:30 | 000,002,644 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011-07-15 14:37:14 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XP\Pulpit\OTL.scr [2011-07-15 14:37:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XP\Pulpit\OTL.com [2011-07-15 14:37:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XP\Pulpit\OTL.exe [2011-07-15 14:36:41 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\6z2riqqn.exe [2011-07-15 14:35:33 | 000,607,288 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\XP\Pulpit\SPTDinst-v178-x86.exe [2011-07-14 20:30:14 | 000,057,868 | ---- | M] () -- C:\Documents and Settings\XP\Moje dokumenty\Obraz(4).jpeg [2011-07-13 20:44:31 | 000,110,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-07-12 16:51:37 | 211,204,677 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\videoplayback[1].mp4 [2011-07-11 11:50:31 | 000,083,771 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\DSC00075.JPG [2011-07-11 11:50:21 | 000,091,964 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\DSC00076.JPG [2011-07-11 11:35:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\XP\DSC01084.JPG [2011-07-11 11:18:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\XP\przelew.pdf [2011-07-07 17:43:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\XP\_DSC2928.JPG [2011-07-07 17:38:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\XP\Nowy folder (2).rar [2011-07-04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2011-07-04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2011-07-04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2011-07-04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2011-07-04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2011-07-04 13:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2011-07-04 13:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2011-07-04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2011-07-04 13:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2011-07-04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2011-07-02 15:08:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\XP\l.jpg [2011-06-29 22:53:41 | 000,497,670 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-06-29 22:53:41 | 000,439,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-06-29 22:53:41 | 000,087,452 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-06-29 22:53:41 | 000,070,218 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-06-18 11:39:59 | 000,072,057 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\DSC00069.JPG [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-07-17 14:20:59 | 000,190,954 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\pul.JPG [2011-07-15 14:36:41 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\6z2riqqn.exe [2011-07-14 20:30:42 | 000,057,868 | ---- | C] () -- C:\Documents and Settings\XP\Moje dokumenty\Obraz(4).jpeg [2011-07-12 16:57:03 | 211,204,677 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\videoplayback[1].mp4 [2011-07-11 11:35:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\XP\DSC01084.JPG [2011-07-11 11:18:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\XP\przelew.pdf [2011-07-11 10:43:21 | 000,091,964 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\DSC00076.JPG [2011-07-10 23:08:13 | 000,083,771 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\DSC00075.JPG [2011-07-07 17:43:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\XP\_DSC2928.JPG [2011-07-07 17:38:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\XP\Nowy folder (2).rar [2011-07-02 15:08:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\XP\l.jpg [2011-06-18 10:33:57 | 000,072,057 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\DSC00069.JPG [2011-06-06 12:49:18 | 000,013,705 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat [2011-06-02 06:50:52 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2011-06-02 06:50:52 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2011-06-02 06:50:52 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2011-05-24 21:31:58 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011-05-24 21:09:06 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2011-05-24 21:09:06 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2011-05-24 21:09:06 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2011-05-24 21:09:06 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2011-05-24 21:09:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2011-05-24 21:09:05 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2011-05-24 21:09:05 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2011-05-24 21:09:05 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2011-05-24 21:05:33 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011-05-24 21:02:42 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2011-05-24 20:58:23 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2011-05-24 20:56:47 | 000,110,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-05-24 19:39:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011-05-24 19:32:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011-05-24 19:31:19 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011-05-24 19:31:16 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011-05-24 19:31:15 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2011-05-24 19:31:15 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011-05-24 19:31:13 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-05-24 19:18:53 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011-05-24 19:16:50 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\Cabarc.exe [2011-05-24 19:16:50 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\Cabtool.exe [2011-05-24 19:16:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\WallChan.exe [2011-05-24 19:16:48 | 000,001,128 | ---- | C] () -- C:\WINDOWS\System32\WC.com [2011-05-24 19:16:45 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PCalc.exe [2011-05-24 19:16:45 | 000,210,432 | ---- | C] () -- C:\WINDOWS\System32\Notepad2.exe [2011-05-24 19:16:45 | 000,008,636 | ---- | C] () -- C:\WINDOWS\System32\modifyPE.exe [2011-05-24 19:16:45 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\Notepad2.ini [2011-05-24 19:16:44 | 000,828,416 | ---- | C] () -- C:\WINDOWS\System32\mmm.exe [2011-05-24 19:16:44 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\mmm.dll [2011-05-24 19:16:44 | 000,068,608 | ---- | C] () -- C:\WINDOWS\System32\metapath.exe [2011-05-24 19:16:44 | 000,001,630 | ---- | C] () -- C:\WINDOWS\System32\metapath.ini [2011-05-24 19:16:42 | 001,152,165 | ---- | C] () -- C:\WINDOWS\System32\HFExtract.exe [2011-05-24 19:16:40 | 000,110,085 | ---- | C] () -- C:\WINDOWS\System32\cdimage.exe [2011-05-24 19:16:32 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll [2008-04-14 23:16:20 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008-03-06 02:37:26 | 000,000,183 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006-12-31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2001-08-23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001-08-23 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001-08-23 14:00:00 | 000,497,670 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2001-08-23 14:00:00 | 000,439,042 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001-08-23 14:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2001-08-23 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001-08-23 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001-08-23 14:00:00 | 000,087,452 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2001-08-23 14:00:00 | 000,070,218 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001-08-23 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001-08-23 14:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2001-08-23 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001-08-23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [color=#E56717]========== LOP Check ==========[/color] [2011-06-30 17:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2011-05-24 20:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2011-07-09 03:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2011-05-24 19:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2011-05-24 19:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\URSoft [2011-05-24 19:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\uTorrent [2011-05-24 19:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\Xentient [2011-05-24 19:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gość\Dane aplikacji\URSoft [2011-05-24 19:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gość\Dane aplikacji\uTorrent [2011-05-24 19:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gość\Dane aplikacji\Xentient [2011-05-24 20:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dane aplikacji\Gadu-Gadu 10 [2011-06-03 21:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dane aplikacji\OpenFM [2011-05-24 19:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dane aplikacji\URSoft [2011-05-24 19:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dane aplikacji\uTorrent [2011-05-24 19:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dane aplikacji\Xentient [2011-07-17 14:24:03 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B3D74A13 < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-07-17 14:25:01 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\XP\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 510,42 Mb Total Physical Memory | 262,59 Mb Available Physical Memory | 51,44% Memory free 1,22 Gb Paging File | 1,04 Gb Available in Paging File | 85,21% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 15,04 Gb Total Space | 6,15 Gb Free Space | 40,89% Space Free | Partition Type: NTFS Drive D: | 40,04 Gb Total Space | 14,25 Gb Free Space | 35,60% Space Free | Partition Type: NTFS Drive E: | 40,04 Gb Total Space | 13,09 Gb Free Space | 32,70% Space Free | Partition Type: NTFS Drive F: | 40,04 Gb Total Space | 23,35 Gb Free Space | 58,30% Space Free | Partition Type: NTFS Drive G: | 13,88 Gb Total Space | 0,24 Gb Free Space | 1,73% Space Free | Partition Type: NTFS Computer Name: ANGELS | User Name: XP | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) .inf [@ = inffile] -- C:\WINDOWS\System32\Notepad2.exe () .ini [@ = inifile] -- C:\WINDOWS\System32\Notepad2.exe () .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l .txt [@ = txtfile] -- C:\WINDOWS\System32\Notepad2.exe () [HKEY_USERS\S-1-5-21-1645522239-220523388-1417001333-1002\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- C:\WINDOWS\system32\Notepad2.exe %1 () batfile [open] -- "%1" %* cmdfile [edit] -- C:\WINDOWS\system32\Notepad2.exe %1 () cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [open] -- C:\WINDOWS\system32\Notepad2.exe %1 () inifile [open] -- C:\WINDOWS\system32\Notepad2.exe %1 () InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l jsfile [edit] -- C:\WINDOWS\system32\Notepad2.exe %1 () jsefile [edit] -- C:\WINDOWS\system32\Notepad2.exe %1 () piffile [open] -- "%1" %* regfile [edit] -- C:\WINDOWS\system32\Notepad2.exe %1 () regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- C:\WINDOWS\system32\Notepad2.exe %1 () vbefile [edit] -- C:\WINDOWS\system32\Notepad2.exe %1 () vbsfile [edit] -- C:\WINDOWS\system32\Notepad2.exe %1 () wsffile [edit] -- C:\WINDOWS\system32\Notepad2.exe %1 () Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [New Window] -- explorer.exe %1 (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "AC" = Attribute Changer 6.0a "AddOnInstaller" = AddonInstaller (SendTo) "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "avast" = avast! Free Antivirus "CCleaner" = CCleaner "CPLBonus" = Kels' CPL Bonus Pack! "CWK" = CWK (Czasowy Wyłącznik Komputera) "DC++" = DC++ 0.674 "DriveSpace" = Drive Space Indicator "Gadu-Gadu 10" = Gadu-Gadu 10 "GMailFS" = GMail Drive Shell Extension "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.9.0 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "mmm" = PowerTweaK Menu (mmm) "Mozilla Firefox 4.0.1 (x86 pl)" = Mozilla Firefox 4.0.1 (x86 pl) "NetSender_is1" = NetSender 3.0 "nLite_Plus" = nLite Plus "NVIDIA Drivers" = NVIDIA Drivers "qt7lite_is1" = QT Lite 2.5.1 "Refreshem" = RefreshEM "RegShot" = RegShot "Reshack" = Resource Hacker "SendTO" = Sendto Xtras "TaskSwitchXP" = TaskSwitchXP "Total Video Converter 3.12_is1" = Total Video Converter 3.12 080330 "Unlocker" = Unlocker 1.8.7 "VisualTaskTips" = Visual Task Tips 2.3 "VLC media player" = VLC media player 1.1.0 "Winamp" = Winamp "WinRAR archiver" = WinRAR archiver "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1645522239-220523388-1417001333-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Diablo II" = Diablo II "uTorrent" = µTorrent [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-05-24 13:25:31 | Computer Name = ANGELS | Source = MsiInstaller | ID = 10005 Description = Product: Microsoft .NET Framework 3.0 Service Pack 1 -- Error 2004.Method SHGetFolderPath failed. HRESULT: 0x80004005. Error - 2011-05-24 13:25:31 | Computer Name = ANGELS | Source = MsiInstaller | ID = 10005 Description = Product: Microsoft .NET Framework 3.0 Service Pack 1 -- Error 2004.Method GetFontCacheDataFolder failed. HRESULT: 0x80004005. Error - 2011-05-25 12:18:48 | Computer Name = ANGELS | Source = MsiInstaller | ID = 11935 Description = Produkt: Microsoft .NET Framework 3.0 Service Pack 2 -- Błąd 1935. Wystąpił błąd podczas instalowania zestawu 'System.Runtime.Serialization,fileVersion="3.0.4506.3636",culture="neutral",version="3.0.0.0",publicKeyToken="b77a5c561934e089",processorArchitecture="MSIL"'. Zobacz Pomoc i obsługę techniczną, aby uzyskać więcej informacji. HRESULT: 0x80070020. interfejs asemblacji: IAssemblyCacheItem, funkcja: Commit, składnik: {CA8693B8-3F44-47A7-B1C7-D1BDB9C580E1} Error - 2011-05-25 12:18:56 | Computer Name = ANGELS | Source = MsiInstaller | ID = 1023 Description = Produkt: Microsoft .NET Framework 3.0 Service Pack 2 - nie można zainstalować aktualizacji 'KB976769v2'. Kod błędu 1603. Dodatkowe informacje są dostępne w pliku dziennika C:\DOCUME~1\XP\USTAWI~1\Temp\Microsoft .NET Framework 3.0-KB982168_20110525_161408171-Msi1.txt. Error - 2011-05-25 12:22:17 | Computer Name = ANGELS | Source = HotFixInstaller | ID = 5000 Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb982168, P2 1045, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10 1935. [ System Events ] Error - 2011-06-08 12:35:16 | Computer Name = ANGELS | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 2011-06-08 12:35:19 | Computer Name = ANGELS | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 2011-06-08 13:41:25 | Computer Name = ANGELS | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 2011-06-08 19:05:14 | Computer Name = ANGELS | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 2011-06-08 19:05:42 | Computer Name = ANGELS | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 2011-06-09 04:10:24 | Computer Name = ANGELS | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 2011-06-09 04:10:49 | Computer Name = ANGELS | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811} < End of report >

**Posty:** 18165 · przez **wojtas** 17 Lip 2011, 15:56

nic konkretnego...
Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
O4 - HKU\.DEFAULT..\Run: [Skype] File not found
O4 - HKU\S-1-5-18..\Run: [Skype] File not found
O4 - HKU\S-1-5-20..\Run: [Skype] File not found
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
[2011-07-17 14:24:03 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B3D74A13

[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
* Skasuj stan przywracania systemu

Zaktualizuj zabezpieczenia:
>>> Internet Explorer 8

>>> Java™ 6
>>> Mozilla Firefox 5.0
>>> Avast 6 (odinstaluj starszą wersję i zainstaluj nową)

napisz jak sytuacja z komputerem

Autor postu otrzymał pochwałę

**Posty:** 319 · przez **hugo91** 18 Lip 2011, 03:53

zrobilem tak jak mowiles z tym otl, lecz no po tm komputer juz calkiem sie wieszal, skonczylem wlasnie robic formata i wg, i probleem dalej wystepuje.. moje pytanie brzmi co moze byc przyczyna tego ze komputer sie wiesza czasem nawet jak wyskakuje okienko windows xp i sie laduje pasek ?

nareperwowane :banan:

wzialem wypielem wszystko co sie da zz blaszaka przedmuchalem powpinalem i teraz dziala poprawnie nie zawiesza sie, dziekujee bardzoo

EOT!