[barnaba]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:25:53, on 2010-02-25
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\SysOp\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Usługa bramy warstwy aplikacji (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7432 bytes

[WebCM]

Czysto. Dla pewności podaj log z OTL.

Otwórz menedżer zadań - CTRL+SHIFT+ESC. Przejdź do zakładki PROCESY. Które zajmują najwięcej mocy procesora lub pamięci? Masz dużo aplikacji w autostarcie.

[barnaba]

najwiecej pozera mi svchost cmdagent

a poniżej skan z otl

OTL logfile created on: 2010-02-25 15:01:16 - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\SysOp\Moje dokumenty\Downloads
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

502,00 Mb Total Physical Memory | 108,00 Mb Available Physical Memory | 22,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10,74 Gb Total Space | 1,24 Gb Free Space | 11,56% Space Free | Partition Type: NTFS
Drive D: | 26,51 Gb Total Space | 13,82 Gb Free Space | 52,11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COA12
Current User Name: SysOp
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-02-25 15:01:06 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SysOp\Moje dokumenty\Downloads\OTL.exe
PRC - [2010-02-25 14:17:27 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
PRC - [2010-02-05 19:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
PRC - [2010-02-02 12:08:31 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010-02-02 12:08:23 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009-10-11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-10-11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-09-12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2009-09-12 00:34:00 | 002,524,416 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodtray.exe
PRC - [2009-08-31 17:07:34 | 011,391,592 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe
PRC - [2009-08-31 15:56:26 | 000,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
PRC - [2008-12-31 18:03:17 | 001,553,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-01-05 20:35:36 | 000,618,557 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006-01-05 20:27:12 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2005-11-17 10:27:56 | 015,600,128 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2005-09-27 11:41:56 | 000,569,413 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2005-09-27 11:37:48 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005-09-27 11:37:20 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005-09-27 11:34:42 | 000,389,189 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005-09-27 11:30:00 | 000,536,649 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005-09-27 11:28:12 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005-09-27 11:27:34 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005-07-19 10:10:06 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005-07-19 10:06:12 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005-01-08 06:17:16 | 000,102,491 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005-01-08 06:16:04 | 000,692,315 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


========== Modules (SafeList) ==========

MOD - [2010-02-25 15:01:06 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SysOp\Moje dokumenty\Downloads\OTL.exe
MOD - [2010-02-02 12:08:54 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2005-01-08 06:17:08 | 000,069,723 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ALG)
SRV - [2010-02-02 12:08:23 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009-10-11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-09-12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2006-01-05 20:27:12 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005-09-27 11:30:00 | 000,536,649 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2005-09-27 11:28:12 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2005-09-27 11:27:34 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2010-02-02 12:08:54 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010-02-02 12:08:53 | 000,134,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010-02-02 12:08:53 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009-10-19 13:25:17 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-10-19 12:12:42 | 000,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009-04-28 21:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009-01-18 16:19:10 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\porttalk.sys -- (PortTalk)
DRV - [2008-12-31 17:40:38 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)
DRV - [2008-12-31 17:40:28 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2008-04-13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2008-04-13 20:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008-04-13 20:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006-01-05 20:11:24 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006-01-05 20:09:38 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006-01-05 20:08:20 | 000,850,282 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006-01-05 20:05:48 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006-01-05 20:02:08 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005-11-17 14:45:40 | 004,069,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005-09-30 10:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005-09-27 12:01:12 | 000,013,440 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005-09-12 09:49:44 | 003,298,432 | ---- | M] (IntelŸ Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Sterownik karty Intel(R)
DRV - [2005-07-19 10:34:22 | 001,049,180 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005-01-08 06:03:42 | 000,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2001-08-17 23:49:56 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\SysOp\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (cr1t1cal)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-10-19 11:17:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-02-25 14:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-02-25 13:57:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\SysOp\Recent
[2010-02-24 21:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Pulpit\cs config
[2010-02-24 20:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Pulpit\scripts
[2010-02-24 20:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Pulpit\resource
[2010-02-24 15:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010-02-24 13:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\GMABooster
[2010-01-28 15:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2009-10-19 11:19:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2009-10-19 11:19:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-10-19 11:17:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-10-19 11:17:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[3 C:\WINDOWS\*.tmp files C:\WINDOWS\*.tmp ]
[1 C:\WINDOWS\System32\*.tmp files C:\WINDOWS\System32\*.tmp ]

========== Files - Modified Within 30 Days ==========

[2010-02-25 15:02:04 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1965331169-1177238915-1001UA.job
[2010-02-25 14:17:28 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\HijackThis.lnk
[2010-02-25 13:50:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-25 13:49:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-25 13:49:43 | 000,127,705 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010-02-25 13:48:52 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\SysOp\NTUSER.DAT
[2010-02-25 13:48:52 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\SysOp\ntuser.ini
[2010-02-25 13:48:25 | 005,004,800 | -H-- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-02-25 13:40:52 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010-02-24 20:26:20 | 000,003,184 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\config.cfg
[2010-02-24 20:08:23 | 000,000,555 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\userconfig.cfg
[2010-02-24 15:24:34 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Game Booster.lnk
[2010-02-24 13:07:58 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\GMABooster.lnk
[2010-02-23 21:52:38 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Counter-Strike Source.lnk
[2010-02-23 17:42:00 | 1362,167,406 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\CSS_FULL_Oct-15-07_DiGiTALZonE_2FINISH.exe
[2010-02-23 12:24:25 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-22 19:02:23 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1965331169-1177238915-1001Core.job
[2010-02-22 14:28:07 | 000,057,856 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\CV-Grzegorz Pazik.doc
[2010-02-12 22:36:08 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\CS.lnk
[2010-02-12 17:02:58 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Google Chrome.lnk
[2010-02-02 12:08:54 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2010-02-02 12:08:54 | 000,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2010-02-02 12:08:53 | 000,134,344 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2010-02-02 12:08:53 | 000,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2010-01-30 21:30:41 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\*.tmp files C:\WINDOWS\*.tmp ]
[1 C:\WINDOWS\System32\*.tmp files C:\WINDOWS\System32\*.tmp ]

========== Files Created - No Company Name ==========

[2010-02-25 14:17:28 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\HijackThis.lnk
[2010-02-24 20:26:50 | 000,003,184 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\config.cfg
[2010-02-24 20:26:48 | 000,000,555 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\userconfig.cfg
[2010-02-24 15:24:34 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Game Booster.lnk
[2010-02-24 13:07:58 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\GMABooster.lnk
[2010-02-23 21:17:55 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\Counter-Strike Source.lnk
[2010-02-23 21:06:05 | 1362,167,406 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\CSS_FULL_Oct-15-07_DiGiTALZonE_2FINISH.exe
[2010-02-12 22:21:00 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\CS.lnk
[2010-01-28 15:17:29 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009-10-23 00:05:01 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-10-19 21:56:05 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2009-10-19 13:25:17 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-10-19 12:53:57 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-10-19 12:07:51 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006-01-05 20:21:18 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005-10-14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005-10-14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005-10-14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005-10-14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005-10-14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005-10-14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005-10-14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005-10-14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005-02-17 10:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005-02-17 10:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001-11-14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
< End of report >

[ Dodano: 2010-02-25, 15:06 ]
ślęcząc na necie czytałem o jakichś zbędnikach, więc stąd moje pytanie co mogę wyłączyć
jak to zrobić no i czy nie wiąże sie to jakoś z niebezpieczenstwem dla kompa?

[@Blade@]

Cytat:

najwiecej pozera mi svchost cmdagent

Ten drugi to proces od Comodo, przeinstaluj go i sprawdź, czy dalej muli.

Przeskanuj plik: C:\WINDOWS\System32\sysdm.cpl na http://www.virustotal.com/pl/ i podaj wyniki

Usuniemy trochę zbędników z autostartu.
Wklej do notatnika:

Kod:

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"=- "Adobe Reader Speed Launcher"=- "Alcmtr"=- "igfxhkcmd"=- "igfxpers"=- "igfxtray"=- "RTHDCPL"=- "SunJavaUpdateSched"=-

Plik Zapisz jako Ustaw rozszerzenie z TXT na Wszystkie pliki zapisz pod nazwą FIX.REG uruchom utworzony plik i potwierdź

[barnaba]

co do COMODO to już załatwilem problem cmdagent ciagle jest jednak jednak prawie wcale nie obciąza kompa,

wpisałem w rejestr
reszta bez zmian:/

skan z C:\WINDOWS\System32\sysdm.cpl na http://www.virustotal.com/pl/

Antywirus Wersja Ostatnia aktualizacja Wynik
AhnLab-V3 5.0.0.2 2009.05.09 -
AntiVir 7.9.0.166 2009.05.08 -
Antiy-AVL 2.0.3.1 2009.05.08 -
Authentium 5.1.2.4 2009.05.09 -
Avast 4.8.1335.0 2009.05.09 -
AVG 8.5.0.327 2009.05.10 -
BitDefender 7.2 2009.05.10 -
CAT-QuickHeal 10.00 2009.05.09 -
ClamAV 0.94.1 2009.05.10 -
Comodo 1156 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.10 -
eSafe 7.0.17.0 2009.05.07 -
eTrust-Vet 31.6.6497 2009.05.08 -
F-Prot 4.4.4.56 2009.05.09 -
F-Secure 8.0.14470.0 2009.05.09 -
Fortinet 3.117.0.0 2009.05.10 -
GData 19 2009.05.10 -
Ikarus T3.1.1.49.0 2009.05.10 -
K7AntiVirus 7.10.729 2009.05.08 -
Kaspersky 7.0.0.125 2009.05.10 -
McAfee 5610 2009.05.09 -
McAfee+Artemis 5610 2009.05.09 -
McAfee-GW-Edition 6.7.6 2009.05.10 -
Microsoft 1.4602 2009.05.10 -
NOD32 4063 2009.05.08 -
Norman 2009.05.08 -
nProtect 2009.1.8.0 2009.05.10 -
Panda 10.0.0.14 2009.05.10 -
PCTools 4.4.2.0 2009.05.07 -
Rising 21.28.62.00 2009.05.10 -
Sophos 4.41.0 2009.05.10 -
Sunbelt 3.2.1858.2 2009.05.09 -
Symantec 1.4.4.12 2009.05.10 -
TheHacker 6.3.4.1.324 2009.05.09 -
TrendMicro 8.950.0.1092 2009.05.08 -
VBA32 3.12.10.4 2009.05.09 -
ViRobot 2009.5.9.1727 2009.05.09 -
VirusBuster 4.6.5.0 2009.05.09 -
Dodatkowe informacje
File size: 609280 bytes
MD5 : 95851342bb7e29e7d7ee438a651dae8b
SHA1 : 4aa61f400e9494f58e9e548e3bfcb530e6fd52f4
SHA256: c48a05a820f340b5f8b66ba0be0d0296b98eb358480a98a018a80e9e30c52641
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x38B6
timedatestamp.....: 0x41109767 (Wed Aug 4 09:59:35 2004)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1C6EB 0x1C800 6.42 701d35c55a484d2eddb8357d2fff6050
.data 0x1E000 0x6F10 0x1400 3.06 bec9fe0369810a58ab3f54392256ed15
.rsrc 0x25000 0x749E4 0x74A00 6.95 1a1d6a3452ddfa77613b256826c27dc6
.reloc 0x9A000 0x1FF4 0x2000 6.15 2843324fd6a3fb9224729968bc53fda1

( 19 imports )

> advapi32.dll: OpenProcessToken, RegSaveKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegLoadKeyW, RegUnLoadKeyW, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, RegOpenKeyExW, RegCloseKey, RegSetKeySecurity, RegCreateKeyW, RegOpenKeyW, RegEnumKeyW, RegGetKeySecurity, RegSetValueExW, RegEnumValueW, RegEnumKeyExW, RegDeleteKeyW, RegQueryValueExW, RegQueryInfoKeyW, RegDeleteValueW, RegCreateKeyExW, InitializeAcl, AddAccessAllowedAce, GetAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, GetLengthSid, CopySid, LookupAccountSidW, OpenSCManagerW, OpenServiceW, QueryServiceStatus, CloseServiceHandle, ChangeServiceConfigW, StartServiceW, GetUserNameW, RegFlushKey
> comctl32.dll: CreatePropertySheetPageW, -, -, PropertySheetW, -, -, -, -, InitCommonControlsEx, -
> comdlg32.dll: GetOpenFileNameW
> gdi32.dll: GetDeviceCaps, SelectObject, DeleteObject, CreateFontIndirectW, GetTextExtentPointW, GetObjectW
> imagehlp.dll: UnMapAndLoad, MapAndLoad
> imm32.dll: ImmAssociateContext
> kernel32.dll: SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetTempPathW, GetTempFileNameW, CopyFileW, FileTimeToLocalFileTime, FileTimeToSystemTime, GetDateFormatW, GetFileAttributesExW, GlobalUnlock, SetLastError, LoadLibraryExW, GetACP, GetSystemDefaultLangID, _lopen, _llseek, _lread, _lclose, SetFileAttributesA, _lcreat, _lwrite, GetFullPathNameW, GetWindowsDirectoryW, lstrcpynW, WritePrivateProfileStringW, WideCharToMultiByte, WritePrivateProfileSectionA, GetSystemDirectoryW, GetPrivateProfileStringW, GetPrivateProfileIntW, GetPrivateProfileSectionA, DeleteCriticalSection, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapFree, GetProcessHeap, HeapAlloc, GlobalLock, LoadLibraryExA, FreeLibrary, LoadLibraryW, lstrcmpW, CloseHandle, LocalFree, LocalReAlloc, LocalAlloc, GetCurrentProcess, lstrlenW, FindClose, FindNextFileW, DeleteFileW, RemoveDirectoryW, lstrcmpiW, SetFileAttributesW, GetLastError, FindFirstFileW, SetCurrentDirectoryW, GetCurrentDirectoryW, GlobalFree, GlobalReAlloc, GlobalAlloc, lstrcpyW, CreateDirectoryW, GetVolumeInformationW, GetProcAddress, lstrcatW, FormatMessageW, LocalLock, LocalUnlock, LocalHandle, CreateMutexW, GetVersionExW, DeviceIoControl, CreateFileW, GetDriveTypeW, QueryDosDeviceW, GetDiskFreeSpaceW, GetSystemInfo, GetFileAttributesW, GlobalMemoryStatusEx, GetLogicalDrives, GetEnvironmentVariableW, ExpandEnvironmentStringsW, lstrlenA, lstrcatA, MultiByteToWideChar
> msvcrt.dll: toupper, isalpha, wcstoul, wcscpy, _ultow, wcslen, iswctype, wcspbrk, _ftol, _vsnwprintf, ceil, wcsncpy, _vsnprintf, _wcsicmp, strchr, _snwprintf, wcsncmp, _wtoi, wcsstr, wcscat, __3@YAXPAX@Z, __CxxFrameHandler, tolower, _except_handler3, _wcsnicmp, __2@YAPAXI@Z
> ntdll.dll: RtlFreeUnicodeString, RtlInitUnicodeString, RtlCopySid, NtQueryInformationToken, RtlConvertSidToUnicodeString, RtlAdjustPrivilege, RtlGetNtProductType, NtQuerySystemInformation, NtCreatePagingFile, RtlGetSetBootStatusData, RtlLockBootStatusData, RtlUnlockBootStatusData, NtSetSystemInformation, NtClose, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, RtlLengthSid
> ole32.dll: CoInitialize, CoCreateInstance, ReleaseStgMedium, CoInitializeSecurity, CoUninitialize
> oleaut32.dll: -, -, -
> rpcrt4.dll: UuidToStringW, RpcStringFreeW, UuidCreate
> setupapi.dll: pSetupDoesUserHavePrivilege, pSetupIsUserAdmin
> shell32.dll: SHBrowseForFolderW, SHGetPathFromIDListW, -, ShellExecuteExW, -, ExtractIconW, -, -, -, -, -, -, -
> shlwapi.dll: StrCmpIW, StrFormatByteSizeW, PathFileExistsW, -, StrCatBuffW, SHRegGetUSValueW, SHRegSetUSValueW, -, StrToIntExW, AssocQueryStringW, SHGetValueW, wnsprintfW, StrCpyNW, SHRegGetBoolUSValueW
> user32.dll: GetDlgItemTextW, SetWindowLongW, SetDlgItemTextW, GetFocus, SetFocus, EnableWindow, wsprintfW, GetWindowLongW, WinHelpW, DialogBoxParamW, SendDlgItemMessageW, DestroyIcon, EndDialog, GetSystemMetrics, ShowCursor, LoadCursorW, SetCursor, GetDlgItem, GetDC, ReleaseDC, wvsprintfW, SendMessageW, MessageBoxW, RegisterWindowMessageW, LoadStringW, CheckDlgButton, CheckRadioButton, IsDlgButtonChecked, PostMessageW, GetParent, GetDlgItemInt, SetDlgItemInt, CharUpperW, MapDialogRect, SendMessageTimeoutW, GetClientRect, MessageBeep, IsWindowEnabled, SetWindowTextW, GetKeyboardType, SendMessageA, CharLowerW, SetTimer, SetWindowPos, MapWindowPoints, GetWindowRect, ShowWindow, LoadImageW, RegisterClipboardFormatW, ScreenToClient, GetWindowTextLengthW, LoadIconW, GetMessagePos
> userenv.dll: -, DeleteProfileW
> usp10.dll: ScriptIsComplex
> version.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

( 1 exports )

> CPlApplet, EnableExecuteProtectionSupportW, ModifyExecuteProtectionSupportW, NoExecuteAddFileOptOutList, NoExecuteAddFileOptOutListW, NoExecuteProcessExceptionW, NoExecuteRemoveFileOptOutList, NoExecuteRemoveFileOptOutListW
TrID : File type identification
Win 9x/ME Control Panel applet (43.5%)
Win32 Executable Generic (23.9%)
Win32 Dynamic Link Library (generic) (21.2%)
Generic Win/DOS Executable (5.6%)
DOS Executable Generic (5.6%)
ssdeep: 12288:UDi59ecky9QjNriYsz0Pwo8/14agyAWu3n439NelO:UD2Aby9QBGYsz0Pwo8/14agyAW
PEiD : -
RDS : NSRL Reference Data Set
-

[ Dodano: 2010-02-25, 16:14 ]
Obecny status: zakończono
Wynik: 0/38 (0.00%)

[@Blade@]

Hmm, dorzuć jeszcze log z GMER

[WebCM]

Otwórz msconfig, wejdź do zakładki USŁUGI, ukryj wszystkie Microsoftu i napisz, co się wyświetla. Ewentualnie przejdź do services.msc i sprawdź, czy widzisz jakieś nieznane usługi (to też nie jest takie proste do wykrycia, gdy usługa działa jako składnik innej).

Spróbuj wyłączyć na chwilę Comodo, także usługi powiązane z tym programem. Jeśli svchost dalej będzie pokazywał 100%, może to wskazywać na ukrytą infekcję.

[barnaba]

z msconfiga:

usługa udostępniania w sieci programu windows media player

3 procesy z intela

O&O defrag

java Quick starter

windows card space

usługa bramy warstwy aplikacji

no i ciągle comodo choc zamknąłem go na 30 sposobów:/

a teraz najbardziej zamula mi chyba GMER nawet raz mi sie niebieski ekran ukazał na lapku:/

[ Dodano: 2010-02-25, 18:09 ]
a co do svchost to ciagle wystepuje i to na 5pozycjach, a to se system a to ze uługa sieciowa albo lokalna sporo mi to łącznie zajmuje:/

[@Blade@]

Cytat:

a teraz najbardziej zamula mi chyba GMER

Pracuje, więc to normalne. Czekamy na log.

Cytat:

a co do svchost to ciagle wystepuje i to na 5pozycjach

Taka ilość procesów svchost.exe jest normalna.

Cytat:

no i ciągle comodo choc zamknąłem go na 30 sposobów:/

Skoro nadal zamula to go całkiem odinstaluj.

[barnaba]

z GMER'a


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-25 18:10:14
Windows 5.1.2600 Dodatek Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\SysOp\USTAWI~1\Temp\kgtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xAAADDBDA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xAAADD1B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xAAADD840]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xAAADE35A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xAAADD09A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xAAADF06A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xAAADF302]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xAAADCC60]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xAAADDFC4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xAAADE174]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xAAADCA92]
SSDT splm.sys ZwEnumerateKey [0xF8292CA4]
SSDT splm.sys ZwEnumerateValueKey [0xF8293032]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xAAADECEC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xAAADD43C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xAAADDA1C]
SSDT splm.sys ZwOpenKey [0xF82740C0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xAAADC7C2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xAAADD6CC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xAAADC93A]
SSDT splm.sys ZwQueryKey [0xF829310A]
SSDT splm.sys ZwQueryValueKey [0xF8292F8A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xAAADE720]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xAAADF648]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xAAADEA88]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xAAADDDC0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xAAADEE9A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)

[ Dodano: 2010-02-25, 18:14 ]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xAAADD3D6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xAAADD5C0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xAAADCF64]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xAAADCE32]

INT 0x62 ? 8238BBF8
INT 0x73 ? 8234EBF8
INT 0xA4 ? 8234EBF8
INT 0xB4 ? 8234EBF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 26AC 80501EE4 4 Bytes JMP CC08AAAD
? splm.sys Nie można odnaleźć określonego pliku. !
.text USBPORT.SYS!DllUnload F7E948AC 5 Bytes JMP 8234E1D8
.text aleo894d.SYS F7AB8386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aleo894d.SYS F7AB83AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aleo894d.SYS F7AB83C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aleo894d.SYS F7AB83C9 1 Byte [30]
.text aleo894d.SYS F7AB83C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text win32k.sys!EngCreatePalette + 64F5 BF87F800 9 Bytes CALL B687F808
.text win32k.sys!EngCreatePalette + 64FF BF87F80A 83 Bytes [47, 08, 8B, 46, 0C, 03, C1, ...]
.text win32k.sys!EngCreatePalette + 6553 BF87F85E 68 Bytes [46, 20, 89, 47, 30, 8B, 46, ...]
.text win32k.sys!EngCreatePalette + 6598 BF87F8A3 40 Bytes [47, 50, 8B, 46, 60, 89, 47, ...]
.text win32k.sys!EngCreatePalette + 65C1 BF87F8CC 15 Bytes [74, 08, 0D, 00, 40, 00, 00, ...]
.text ...
.text win32k.sys!EngCreateSemaphore + 8 BF87F9B8 18 Bytes [90, 90, 90, 90, 90, FF, 35, ...]
.text win32k.sys!EngCreateSemaphore + 1B BF87F9CB 137 Bytes [74, 14, FF, 35, 20, AB, 9A, ...]
.text win32k.sys!EngCreateSemaphore + A5 BF87FA55 15 Bytes [88, 60, 01, 00, 00, 5E, 5D, ...] {MOV [EAX+0x1], AH; ADD [EAX], AL; POP ESI; POP EBP; RET 0x8; NOP ; NOP ; NOP ; NOP ; NOP }
.text win32k.sys!EngCreateSemaphore + B5 BF87FA65 43 Bytes [FF, 55, 8B, EC, 8B, 01, 5D, ...]
.text win32k.sys!EngCreateSemaphore + E1 BF87FA91 63 Bytes CALL BF80179F \SystemRoot\System32\win32k.sys (Współużytkowany sterownik Win32/Microsoft Corporation)
.text ...
.text win32k.sys!EngEraseSurface + 67 BF882F9C 58 Bytes [4E, 10, D1, E1, 03, C1, 03, ...]
.text win32k.sys!EngEraseSurface + A2 BF882FD7 13 Bytes [7E, 14, 03, 7C, 9E, 83, F8, ...]
.text win32k.sys!EngEraseSurface + B0 BF882FE5 27 Bytes [FF, FF, 89, 85, 64, FE, FF, ...]
.text win32k.sys!EngEraseSurface + CC BF883001 33 Bytes [6C, FE, FF, FF, 83, BD, 64, ...]
.text win32k.sys!EngEraseSurface + EE BF883023 1 Byte [57]
.text ...
.text win32k.sys!EngCreateDeviceSurface + 4D BF888C1B 73 Bytes [FF, 55, 8B, EC, 83, EC, 10, ...]
.text win32k.sys!EngCreateDeviceSurface + 97 BF888C65 81 Bytes [48, 48, 89, 4E, 38, 8B, 4E, ...]
.text win32k.sys!EngCreateDeviceSurface + E9 BF888CB7 39 Bytes [39, 5D, F8, 0F, 84, 48, 01, ...]
.text win32k.sys!EngCreateDeviceSurface + 111 BF888CDF 6 Bytes [00, 6A, 01, 6A, 01, 6A]
.text win32k.sys!EngCreateDeviceSurface + 118 BF888CE6 20 Bytes CALL BF833B5D \SystemRoot\System32\win32k.sys (Współużytkowany sterownik Win32/Microsoft Corporation)
.text ...
.text win32k.sys!EngGetCurrentCodePage + 15 BF88C9B4 112 Bytes [90, 90, 90, 90, 90, 33, C0, ...]
.text win32k.sys!EngGetCurrentCodePage + 86 BF88CA25 17 Bytes [0F, 85, 6A, 01, 00, 00, E8, ...]
.text win32k.sys!EngGetCurrentCodePage + 98 BF88CA37 28 Bytes JMP BF88CBE2 \SystemRoot\System32\win32k.sys (Współużytkowany sterownik Win32/Microsoft Corporation)
.text win32k.sys!EngGetCurrentCodePage + B5 BF88CA54 50 Bytes [01, 00, 00, 68, 70, 45, 99, ...]
.text win32k.sys!EngGetCurrentCodePage + E9 BF88CA88 26 Bytes [FF, 89, 5D, FC, 8B, 45, 0C, ...]
.text ...
.text win32k.sys!EngFntCacheLookUp + 24 BF89A3CE 29 Bytes [F6, 05, 70, 56, 9A, BF, 01, ...]
.text win32k.sys!EngFntCacheLookUp + 42 BF89A3EC 20 Bytes [4D, 1C, 85, C9, 74, 77, C1, ...]
.text win32k.sys!EngFntCacheLookUp + 58 BF89A402 106 Bytes [03, 02, 83, C2, 04, EB, EF, ...]
.text win32k.sys!EngFntCacheLookUp + C3 BF89A46D 163 Bytes [83, 48, 10, 02, EB, 7A, A1, ...]
.text win32k.sys!EngFntCacheLookUp + 167 BF89A511 46 Bytes [C7, F7, F1, 8B, 4D, 10, 8B, ...]
.text ...
.text win32k.sys!EngFntCacheAlloc + 6D BF89A8DE 127 Bytes [71, 18, 89, 78, 10, 8B, 15, ...]
.text win32k.sys!EngFntCacheAlloc + ED BF89A95E 191 Bytes [33, C9, 8A, 68, 02, 56, 8A, ...]
.text win32k.sys!EngFntCacheAlloc + 1AD BF89AA1E 1 Byte [55]
.text win32k.sys!EngFntCacheAlloc + 1AD BF89AA1E 148 Bytes [55, 10, 72, F1, 5E, 8B, C7, ...]
.text win32k.sys!EngFntCacheAlloc + 242 BF89AAB3 149 Bytes [FF, 55, 8B, EC, 83, EC, 0C, ...]
.text ...
.text win32k.sys!EngWideCharToMultiByte + 69 BF89BF8A 51 Bytes CALL BF89BF20 \SystemRoot\System32\win32k.sys (Współużytkowany sterownik Win32/Microsoft Corporation)
.text win32k.sys!EngWideCharToMultiByte + 9D BF89BFBE 86 Bytes JMP BF89C0FC \SystemRoot\System32\win32k.sys (Współużytkowany sterownik Win32/Microsoft Corporation)
.text win32k.sys!EngWideCharToMultiByte + F4 BF89C015 19 Bytes JMP 4B35B31C
.text win32k.sys!EngWideCharToMultiByte + 108 BF89C029 23 Bytes [37, 8B, 43, 08, 89, 47, 04, ...]
.text win32k.sys!EngWideCharToMultiByte + 120 BF89C041 27 Bytes [8D, 42, 24, 89, 45, E4, 83, ...]
.text ...
.text win32k.sys!EngMultiByteToUnicodeN + 7 BF89DF14 6 Bytes [25, F0, CE, 98, BF, 90] {AND EAX, 0xbf98cef0; NOP }
.text win32k.sys!EngMultiByteToUnicodeN + 11 BF89DF1E 117 Bytes [8B, FF, 55, 8B, EC, 56, 8B, ...]
.text win32k.sys!EngMultiByteToUnicodeN + 87 BF89DF94 89 Bytes [75, FC, 57, 6A, FB, 6A, 01, ...]
.text win32k.sys!EngMultiByteToUnicodeN + E1 BF89DFEE 1 Byte [F7]
.text win32k.sys!EngMultiByteToUnicodeN + F0 BF89DFFD 76 Bytes [33, C0, 40, C3, 8B, 08, EB, ...]
.text ...

[ Dodano: 2010-02-25, 18:15 ]
---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 02251950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 022582B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 022518D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 02251890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 022519B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 02251910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 02251A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 02251970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 022518F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 02251930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 022519D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 02251990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 022518B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 02251A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 02254550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 022581E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 022519F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02251B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02251D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 02251AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02251AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02251D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02251A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02251A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02251A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02251D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 02251CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 02251D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02251B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 02251C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 02251C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!OpenFile 7C82196A 2 Bytes JMP 02251B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [A3, 85]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 02251BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 02251B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 02251B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 02251CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 02251CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 02251C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 02251BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 02251C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 02251C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 02251BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02251D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 02251AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 02251480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 02251640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 02251000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 02251250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] USER32.dll!EndTask 7E3A9FF5 5 Bytes JMP 02257E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 02257BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 02257D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 02251E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 02251E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] SHELL32.dll!ShellExecuteExW 00522F03 5 Bytes JMP 02251E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] SHELL32.dll!ShellExecuteEx 00560E25 5 Bytes JMP 02251DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] SHELL32.dll!ShellExecuteA 00561150 5 Bytes JMP 02251DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[288] SHELL32.dll!ShellExecuteW 005D5BF0 5 Bytes JMP 02251DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!OpenFile 7C82196A 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] USER32.dll!EndTask 7E3A9FF5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[296] WS2_32.dll!WSASocketA

[ Dodano: 2010-02-25, 18:17 ]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!MoveFileWithProgressW

[ Dodano: 2010-02-25, 18:18 ]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!OpenFile 7C82196A 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[368] kernel32.dll!MoveFileA

[ Dodano: 2010-02-25, 18:25 ]
nie no nie moge wkleic tych danych na stronke za duzo tego, a nawet teraz mi sie wyswietla ze nie moge wyslac wiecej niż 3 linijki tekstu wiec moze wysłać to jakoś w postaci notatnika??

[ Dodano: 2010-02-25, 18:42 ]
teraz to juz nic mi nie idzie wkleić cały czas wyswietla mi sie :

Your message is too long. It can not be more than 65500 chars.

no bulwers normalnie,

[@Blade@]

Wrzuć to na stronę http://wklej.to/, a w poście podaj tylko link.

[barnaba]

sory ale już drugi raz wywalilo mi błąd, niebieskie tlo i komunikat ze mam przejsc na tryb awaryjny ,

jak zrobiilem to

Usuniemy trochę zbędników z autostartu.
Wklej do notatnika:
Kod:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"Adobe Reader Speed Launcher"=-
"Alcmtr"=-
"igfxhkcmd"=-
"igfxpers"=-
"igfxtray"=-
"RTHDCPL"=-
"SunJavaUpdateSched"=-

Plik Zapisz jako Ustaw rozszerzenie z TXT na Wszystkie pliki zapisz pod nazwą FIX.REG uruchom utworzony plik i potwierdź

no i od tamtej pory wyskakuje mi problem

[ Dodano: 2010-02-25, 19:09 ]
a możę to GMER tak wpływa na mój system??

[@Blade@]

To pewnie wina Gmera. Zastosuj się do tego http://www.searchengines....unce&f=99&id=20 i spróbuj wtedy zrobić log z Gmer.