prosím o kontrolu logu

[tuaoid]

2010-03-05 17:44:37 ----HD---- C:\Program Files\Zero G Registry
2010-03-05 17:43:57 ----D---- C:\Program Files\112dB Redline Reverb
2010-03-05 17:43:27 ----D---- C:\Program Files\112dB Redline Monitor
2010-03-05 17:43:27 ----D---- C:\Program Files\112dB
2010-03-05 17:40:48 ----D---- C:\Program Files\Propellerhead Reason
2010-03-05 17:39:42 ----A---- C:\WINDOWS\system32\SYNSOEMU.DLL
2010-03-05 17:39:36 ----D---- C:\Program Files\Common Files\VST3
2010-03-05 17:39:01 ----D---- C:\Program Files\Common Files\Steinberg
2010-03-05 17:39:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Steinberg
2010-03-05 17:37:42 ----D---- C:\Program Files\Steinberg
2010-03-05 17:37:42 ----D---- C:\Documents and Settings\Tuaoid\Data aplikací\Steinberg
2010-03-05 17:16:58 ----D---- C:\Program Files\Ableton Live 8
2010-03-05 17:15:43 ----D---- C:\Documents and Settings\Tuaoid\Data aplikací\WinRAR
2010-03-05 17:08:54 ----D---- C:\Program Files\Valve
2010-03-05 17:08:14 ----D---- C:\Documents and Settings\Tuaoid\Data aplikací\Ableton
2010-03-05 17:08:08 ----A---- C:\WINDOWS\system32\ReWire.dll
2010-03-05 17:07:56 ----D---- C:\Program Files\Ableton Live 7
2010-03-05 16:49:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\ALM
2010-03-05 16:37:58 ----RA---- C:\WINDOWS\system32\AdobePDFUI.dll
2010-03-05 16:37:58 ----RA---- C:\WINDOWS\system32\AdobePDF.dll
2010-03-05 16:28:40 ----D---- C:\Program Files\Adobe Media Player
2010-03-05 16:28:39 ----D---- C:\Documents and Settings\Tuaoid\Data aplikací\Macromedia
2010-03-05 16:27:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-03-05 16:27:20 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-03-05 16:23:54 ----D---- C:\Program Files\Adobe
2010-03-05 16:23:54 ----D---- C:\Documents and Settings\Tuaoid\Data aplikací\Adobe
2010-03-05 16:21:41 ----D---- C:\Program Files\Common Files\Macrovision Shared
2010-03-05 16:05:47 ----D---- C:\Program Files\Common Files\Adobe
2010-03-05 16:04:11 ----D---- C:\Documents and Settings\Tuaoid\Data aplikací\Mozilla
2010-03-05 16:04:02 ----A---- C:\WINDOWS\TRNCOM.INI
2010-03-05 16:02:48 ----D---- C:\Program Files\PC Translator 09
2010-03-05 16:02:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\LangSoft
2010-03-05 16:02:24 ----D---- C:\Documents and Settings\Tuaoid\Data aplikací\LangSoft
2010-03-05 16:01:58 ----D---- C:\Program Files\Java
2010-03-05 16:01:57 ----D---- C:\Program Files\Common Files\Java
2010-03-05 16:01:43 ----D---- C:\Documents and Settings\Tuaoid\Data aplikací\Sun
2010-03-05 16:01:03 ----D---- C:\Program Files\WinRAR
2010-03-05 16:00:10 ----D---- C:\Documents and Settings\Tuaoid\Data aplikací\GHISLER
2010-03-05 15:58:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
2010-03-05 15:58:32 ----D---- C:\Program Files\Common Files\ACD Systems
2010-03-05 15:58:32 ----D---- C:\Program Files\ACD Systems
2010-03-05 15:57:39 ----D---- C:\Program Files\The KMPlayer
2010-03-05 15:57:11 ----D---- C:\Program Files\Mozilla Firefox
2010-03-05 15:56:07 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2010-03-05 15:56:06 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-03-05 15:56:06 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-03-05 15:56:06 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-03-05 15:56:06 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-03-05 15:56:06 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-03-05 15:56:06 ----N---- C:\WINDOWS\system32\pxafs.dll
2010-03-05 15:56:06 ----N---- C:\WINDOWS\system32\px.dll
2010-03-05 15:56:04 ----D---- C:\Program Files\Winamp
2010-03-05 15:56:04 ----D---- C:\Documents and Settings\Tuaoid\Data aplikací\Winamp
2010-03-05 15:55:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2010-03-05 15:53:45 ----N---- C:\WINDOWS\system32\msxml3a.dll
2010-03-05 15:53:04 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-03-05 15:53:04 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-03-05 15:53:02 ----D---- C:\Program Files\CyberLink
2010-03-05 15:51:24 ----D---- C:\Program Files\A4Tech
2010-03-05 15:50:09 ----A---- C:\WINDOWS\system32\h323log.txt
2010-03-05 15:48:43 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-03-05 15:48:11 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-03-05 15:47:40 ----N---- C:\WINDOWS\Ctregrun.exe
2010-03-05 15:46:55 ----D---- C:\WINDOWS\RegisteredPackages
2010-03-05 15:46:52 ----N---- C:\WINDOWS\system32\CTSVCCTL.EXE
2010-03-05 15:46:52 ----N---- C:\WINDOWS\system32\CTSVCCDA.EXE
2010-03-05 15:46:24 ----A---- C:\WINDOWS\system32\usbui.dll
2010-03-05 15:45:32 ----N---- C:\WINDOWS\Updreg.EXE
2010-03-05 15:45:32 ----D---- C:\WINDOWS\system32\Defaults
2010-03-05 15:44:39 ----SHD---- C:\WINDOWS\Installer
2010-03-05 15:44:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-05 15:44:38 ----D---- C:\Program Files\Common Files\ODBC
2010-03-05 15:44:38 ----A---- C:\WINDOWS\ODBCINST.INI
2010-03-05 15:44:35 ----RD---- C:\Program Files
2010-03-05 15:44:35 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-03-05 15:44:35 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-05 15:44:35 ----D---- C:\Program Files\Common Files
2010-03-05 15:44:32 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-03-05 15:44:32 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-03-05 15:44:32 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-03-05 15:44:31 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-03-05 15:44:31 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-03-05 15:44:31 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-03-05 15:44:31 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-03-05 15:44:31 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-03-05 15:44:31 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-03-05 15:44:31 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-03-05 15:44:31 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-03-05 15:44:31 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-03-05 15:44:31 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-03-05 15:44:30 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-03-05 15:44:30 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-03-05 15:44:29 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-03-05 15:44:29 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-03-05 15:44:29 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-03-05 15:44:29 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-03-05 15:44:29 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-03-05 15:44:29 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-03-05 15:44:29 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-03-05 15:44:29 ----RA---- C:\WINDOWS\system32\e10kxwdm.ini
2010-03-05 15:44:29 ----RA---- C:\WINDOWS\system32\ctzapxx.ini
2010-03-05 15:44:29 ----D---- C:\WINDOWS\system32\Data
2010-03-05 15:44:29 ----A---- C:\WINDOWS\INRES.DLL
2010-03-05 15:44:29 ----A---- C:\WINDOWS\CTDCRES.DLL
2010-03-05 15:44:28 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-03-05 15:44:28 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-03-05 15:44:28 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-03-05 15:44:28 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-03-05 15:44:28 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-03-05 15:44:26 ----A---- C:\WINDOWS\system32\kbdycl.dll
2010-03-05 15:44:26 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2010-03-05 15:44:26 ----A---- C:\WINDOWS\system32\kbdsl.dll
2010-03-05 15:44:26 ----A---- C:\WINDOWS\system32\kbdro.dll
2010-03-05 15:44:26 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2010-03-05 15:44:26 ----A---- C:\WINDOWS\system32\kbdpl.dll
2010-03-05 15:44:26 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2010-03-05 15:44:26 ----A---- C:\WINDOWS\system32\kbdhu.dll
2010-03-05 15:44:26 ----A---- C:\WINDOWS\system32\kbdcr.dll
2010-03-05 15:44:26 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2010-03-05 15:44:25 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-03-05 15:44:25 ----A---- C:\WINDOWS\system32\irclass.dll
2010-03-05 15:44:25 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-03-05 15:44:25 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-03-05 15:44:24 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-03-05 15:44:23 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-03-05 15:44:23 ----A---- C:\WINDOWS\system32\batt.dll
2010-03-05 15:44:19 ----A---- C:\WINDOWS\system32\storprop.dll
2010-03-05 15:44:19 ----A---- C:\WINDOWS\notepad.exe
2010-03-05 15:44:09 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-03-05 15:43:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Creative
2010-03-05 15:43:32 ----D---- C:\Documents and Settings\Tuaoid\Data aplikací\Creative
2010-03-05 15:43:19 ----N---- C:\WINDOWS\system32\ctdvda32.dll
2010-03-05 15:42:34 ----D---- C:\Program Files\Creative
2010-03-05 15:42:19 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-05 15:42:19 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-05 15:42:14 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-03-05 15:41:57 ----D---- C:\Documents and Settings
2010-03-05 15:41:56 ----SHD---- C:\System Volume Information
2010-03-05 15:40:53 ----RSH---- C:\boot.ini
2010-03-05 15:39:01 ----D---- C:\Documents and Settings\Tuaoid\Data aplikací\ATI
2010-03-05 15:38:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-05 15:38:09 ----RSD---- C:\WINDOWS\Fonts
2010-03-05 15:38:09 ----RD---- C:\WINDOWS\Web
2010-03-05 15:38:09 ----HD---- C:\WINDOWS\inf
2010-03-05 15:38:09 ----D---- C:\WINDOWS\WinSxS
2010-03-05 15:38:09 ----D---- C:\WINDOWS\twain_32
2010-03-05 15:38:09 ----D---- C:\WINDOWS\Temp
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\wins
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\wbem
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\usmt
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\spool
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\ShellExt
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\Setup
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\ras
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\oobe
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\npp
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\mui
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\inetsrv
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\IME
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\icsxml
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\ias
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\export
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\drivers
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\dhcp
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\config
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\3com_dmi
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\3076
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\2052
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\1054
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\1042
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\1041
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\1037
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\1033
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\1031
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\1029
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\1028
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32\1025
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system32
2010-03-05 15:38:09 ----D---- C:\WINDOWS\system
2010-03-05 15:38:09 ----D---- C:\WINDOWS\security
2010-03-05 15:38:09 ----D---- C:\WINDOWS\Resources
2010-03-05 15:38:09 ----D---- C:\WINDOWS\repair
2010-03-05 15:38:09 ----D---- C:\WINDOWS\Provisioning
2010-03-05 15:38:09 ----D---- C:\WINDOWS\pchealth
2010-03-05 15:38:09 ----D---- C:\WINDOWS\PeerNet
2010-03-05 15:38:09 ----D---- C:\WINDOWS\mui
2010-03-05 15:38:09 ----D---- C:\WINDOWS\msapps
2010-03-05 15:38:09 ----D---- C:\WINDOWS\msagent
2010-03-05 15:38:09 ----D---- C:\WINDOWS\Media
2010-03-05 15:38:09 ----D---- C:\WINDOWS\java
2010-03-05 15:38:09 ----D---- C:\WINDOWS\ime
2010-03-05 15:38:09 ----D---- C:\WINDOWS\Help
2010-03-05 15:38:09 ----D---- C:\WINDOWS\ehome
2010-03-05 15:38:09 ----D---- C:\WINDOWS\Driver Cache
2010-03-05 15:38:09 ----D---- C:\WINDOWS\Debug
2010-03-05 15:38:09 ----D---- C:\WINDOWS\Cursors
2010-03-05 15:38:09 ----D---- C:\WINDOWS\Connection Wizard
2010-03-05 15:38:09 ----D---- C:\WINDOWS\Config
2010-03-05 15:38:09 ----D---- C:\WINDOWS\AppPatch
2010-03-05 15:38:09 ----D---- C:\WINDOWS\addins
2010-03-05 15:38:09 ----D---- C:\WINDOWS
2010-03-05 15:37:31 ----D---- C:\Program Files\Common Files\ATI Technologies
2010-03-05 15:28:19 ----RSD---- C:\WINDOWS\assembly
2010-03-05 15:28:04 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-05 15:26:36 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2010-03-05 15:26:34 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2010-03-05 15:26:30 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2010-03-05 15:26:07 ----D---- C:\Program Files\ATI Technologies
2010-03-05 15:24:12 ----A---- C:\WINDOWS\RTacDbg.txt
2010-03-05 15:22:31 ----D---- C:\WINDOWS\ASUSInstAll
2010-03-05 15:21:55 ----D---- C:\Program Files\NVIDIA Corporation
2010-03-05 15:21:25 ----A---- C:\WINDOWS\system32\CapabilityTable.exe
2010-03-05 15:21:14 ----N---- C:\WINDOWS\system32\nvuide.exe
2010-03-05 15:21:13 ----A---- C:\WINDOWS\system32\NVCOI.DLL
2010-03-05 15:21:13 ----A---- C:\WINDOWS\system32\idecoiins.dll
2010-03-05 15:21:13 ----A---- C:\WINDOWS\system32\idecoi.dll
2010-03-05 15:20:45 ----A---- C:\WINDOWS\system32\fdco1ins.dll
2010-03-05 15:20:45 ----A---- C:\WINDOWS\system32\fdco1.dll
2010-03-05 15:20:42 ----A---- C:\WINDOWS\system32\nvunrm.exe
2010-03-05 15:20:41 ----A---- C:\WINDOWS\system32\nvconrm.dll
2010-03-05 15:20:41 ----A---- C:\WINDOWS\system32\bdco1ins.dll
2010-03-05 15:20:41 ----A---- C:\WINDOWS\system32\bdco1.dll
2010-03-05 15:20:35 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2010-03-05 15:20:28 ----D---- C:\WINDOWS\OPTIONS
2010-03-05 15:20:28 ----D---- C:\Program Files\ASUS WiFi-AP Solo
2010-03-05 15:20:27 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-05 15:20:22 ----D---- C:\Program Files\Common Files\InstallShield
2010-03-05 15:20:20 ----RA---- C:\WINDOWS\system32\raidmgmt.ini
2010-03-05 15:20:20 ----RA---- C:\WINDOWS\system32\AsusSetup.ini
2010-03-05 15:20:20 ----RA---- C:\WINDOWS\system32\AsusSetup.exe
2010-03-05 15:18:28 ----A---- C:\WINDOWS\Ascd_log.ini
2010-03-05 15:18:17 ----A---- C:\WINDOWS\Ascd_tmp.ini
2010-03-05 15:18:10 ----A---- C:\WINDOWS\AS_Debug.txt
2010-03-05 15:16:07 ----D---- C:\WINDOWS\Prefetch
2010-03-05 15:11:31 ----N---- C:\WINDOWS\system32\msxml6r.dll
2010-03-05 15:11:31 ----N---- C:\WINDOWS\system32\msxml6.dll
2010-03-05 15:11:24 ----N---- C:\WINDOWS\system32\comsdupd.exe
2010-03-05 15:11:22 ----N---- C:\WINDOWS\system32\credssp.dll
2010-03-05 15:11:22 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2010-03-05 15:11:22 ----N---- C:\WINDOWS\system32\azroles.dll
2010-03-05 15:11:22 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2010-03-05 15:11:22 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2010-03-05 15:11:22 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2010-03-05 15:11:22 ----N---- C:\WINDOWS\system32\aaclient.dll
2010-03-05 15:11:22 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2010-03-05 15:11:22 ----A---- C:\WINDOWS\system32\ati3duag.dll
2010-03-05 15:11:22 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2010-03-05 15:11:22 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2010-03-05 15:11:21 ----N---- C:\WINDOWS\system32\dot3ui.dll
2010-03-05 15:11:21 ----N---- C:\WINDOWS\system32\dot3svc.dll
2010-03-05 15:11:21 ----N---- C:\WINDOWS\system32\dot3msm.dll
2010-03-05 15:11:21 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2010-03-05 15:11:21 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2010-03-05 15:11:21 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2010-03-05 15:11:21 ----N---- C:\WINDOWS\system32\dot3api.dll
2010-03-05 15:11:21 ----N---- C:\WINDOWS\system32\dimsroam.dll
2010-03-05 15:11:21 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2010-03-05 15:11:21 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2010-03-05 15:11:20 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2010-03-05 15:11:20 ----N---- C:\WINDOWS\system32\eapsvc.dll
2010-03-05 15:11:20 ----N---- C:\WINDOWS\system32\eapqec.dll
2010-03-05 15:11:20 ----N---- C:\WINDOWS\system32\eappprxy.dll
2010-03-05 15:11:20 ----N---- C:\WINDOWS\system32\eapphost.dll
2010-03-05 15:11:20 ----N---- C:\WINDOWS\system32\eappgnui.dll
2010-03-05 15:11:20 ----N---- C:\WINDOWS\system32\eappcfg.dll
2010-03-05 15:11:20 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2010-03-05 15:11:20 ----N---- C:\WINDOWS\system32\eapolqec.dll
2010-03-05 15:11:19 ----N---- C:\WINDOWS\system32\napipsec.dll
2010-03-05 15:11:19 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2010-03-05 15:11:19 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2010-03-05 15:11:19 ----N---- C:\WINDOWS\system32\mssha.dll
2010-03-05 15:11:19 ----N---- C:\WINDOWS\system32\mmcperf.exe
2010-03-05 15:11:19 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2010-03-05 15:11:19 ----N---- C:\WINDOWS\system32\mmcex.dll
2010-03-05 15:11:19 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2010-03-05 15:11:19 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2010-03-05 15:11:19 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2010-03-05 15:11:19 ----N---- C:\WINDOWS\system32\kmsvc.dll
2010-03-05 15:11:19 ----N---- C:\WINDOWS\system32\kbdpash.dll
2010-03-05 15:11:19 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2010-03-05 15:11:19 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2010-03-05 15:11:19 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2010-03-05 15:11:18 ----N---- C:\WINDOWS\system32\s3gnb.dll
2010-03-05 15:11:18 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2010-03-05 15:11:18 ----N---- C:\WINDOWS\system32\rasqec.dll
2010-03-05 15:11:18 ----N---- C:\WINDOWS\system32\qutil.dll
2010-03-05 15:11:18 ----N---- C:\WINDOWS\system32\qcliprov.dll
2010-03-05 15:11:18 ----N---- C:\WINDOWS\system32\qagentrt.dll
2010-03-05 15:11:18 ----N---- C:\WINDOWS\system32\qagent.dll
2010-03-05 15:11:18 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2010-03-05 15:11:18 ----N---- C:\WINDOWS\system32\onex.dll
2010-03-05 15:11:18 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2010-03-05 15:11:18 ----N---- C:\WINDOWS\system32\napstat.exe
2010-03-05 15:11:18 ----N---- C:\WINDOWS\system32\napmontr.dll
2010-03-05 15:11:17 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2010-03-05 15:11:17 ----N---- C:\WINDOWS\system32\verclsid.exe
2010-03-05 15:11:17 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-03-05 15:11:17 ----N---- C:\WINDOWS\system32\tspkg.dll
2010-03-05 15:11:17 ----N---- C:\WINDOWS\system32\tsgqec.dll
2010-03-05 15:11:17 ----N---- C:\WINDOWS\system32\slserv.exe
2010-03-05 15:11:17 ----N---- C:\WINDOWS\system32\slrundll.exe
2010-03-05 15:11:17 ----N---- C:\WINDOWS\system32\slgen.dll
2010-03-05 15:11:17 ----N---- C:\WINDOWS\system32\slextspk.dll
2010-03-05 15:11:17 ----N---- C:\WINDOWS\system32\slcoinst.dll
2010-03-05 15:11:17 ----N---- C:\WINDOWS\system32\setupn.exe
2010-03-05 15:11:16 ----N---- C:\WINDOWS\system32\wmphoto.dll
2010-03-05 15:11:16 ----N---- C:\WINDOWS\system32\wlanapi.dll
2010-03-05 15:11:16 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2010-03-05 15:11:16 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2010-03-05 15:11:15 ----N---- C:\WINDOWS\system32\xmllite.dll
2010-03-05 15:11:14 ----N---- C:\WINDOWS\slrundll.exe
2010-03-05 15:11:14 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-05 15:11:14 ----D---- C:\WINDOWS\l2schemas
2010-03-05 15:11:13 ----D---- C:\WINDOWS\system32\cs
2010-03-05 15:11:13 ----D---- C:\WINDOWS\system32\bits
2010-03-05 15:09:57 ----D---- C:\WINDOWS\ServicePackFiles
2010-03-05 15:08:04 ----D---- C:\WINDOWS\network diagnostic
2010-03-05 15:06:26 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-05 15:06:23 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-03-05 15:04:42 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-03-05 15:02:23 ----D---- C:\WINDOWS\system32\NtmsData
2010-03-05 15:00:49 ----D---- C:\Documents and Settings\Tuaoid\Data aplikací\Identities
2010-03-05 15:00:48 ----HD---- C:\Program Files\Uninstall Information
2010-03-05 15:00:31 ----ASH---- C:\Documents and Settings\Tuaoid\Data aplikací\desktop.ini
2010-03-05 15:00:30 ----SD---- C:\Documents and Settings\Tuaoid\Data aplikací\Microsoft
2010-03-05 14:59:44 ----D---- C:\WINDOWS\SoftwareDistribution
2010-03-05 14:59:42 ----SD---- C:\WINDOWS\system32\Microsoft
2010-03-05 14:59:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-05 14:56:58 ----D---- C:\WINDOWS\system32\xircom
2010-03-05 14:56:58 ----D---- C:\Program Files\xerox
2010-03-05 14:56:58 ----D---- C:\Program Files\microsoft frontpage
2010-03-05 14:55:57 ----A---- C:\WINDOWS\control.ini
2010-03-05 14:55:57 ----A---- C:\AUTOEXEC.BAT
2010-03-05 14:55:39 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-03-05 14:54:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-05 14:54:46 ----RD---- C:\WINDOWS\Offline Web Pages
2010-03-05 14:54:46 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-03-05 14:54:40 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-03-05 14:54:35 ----HD---- C:\Program Files\WindowsUpdate
2010-03-05 14:54:30 ----D---- C:\Program Files\Online Services
2010-03-05 14:54:18 ----D---- C:\WINDOWS\system32\DirectX
2010-03-05 14:54:04 ----A---- C:\WINDOWS\system32\atrace.dll
2010-03-05 14:54:02 ----A---- C:\WINDOWS\system32\desktop.ini
2010-03-05 14:54:02 ----A---- C:\WINDOWS\desktop.ini
2010-03-05 14:53:57 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-03-05 14:53:56 ----A---- C:\WINDOWS\system32\acctres.dll
2010-03-05 14:53:55 ----D---- C:\Program Files\Common Files\Services
2010-03-05 14:53:54 ----SD---- C:\WINDOWS\Tasks
2010-03-05 14:53:54 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-03-05 14:53:53 ----D---- C:\Program Files\Common Files\MSSoap
2010-03-05 14:53:50 ----D---- C:\WINDOWS\system32\Macromed
2010-03-05 14:53:50 ----D---- C:\WINDOWS\srchasst
2010-03-05 14:53:48 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-03-05 14:53:48 ----A---- C:\WINDOWS\system32\wups.dll
2010-03-05 14:53:48 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-03-05 14:53:48 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-03-05 14:53:48 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-03-05 14:53:48 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-03-05 14:53:47 ----N---- C:\WINDOWS\system32\wuauclt.exe
2010-03-05 14:53:47 ----N---- C:\WINDOWS\system32\qmgr.dll
2010-03-05 14:53:47 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-03-05 14:53:47 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-03-05 14:53:47 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-03-05 14:53:47 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-03-05 14:53:47 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-03-05 14:53:45 ----D---- C:\Program Files\Movie Maker
2010-03-05 14:53:42 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-03-05 14:53:42 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-03-05 14:53:42 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-03-05 14:53:42 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-03-05 14:53:40 ----A---- C:\WINDOWS\system32\fltmc.exe
2010-03-05 14:53:40 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-03-05 14:53:39 ----N---- C:\WINDOWS\system32\srsvc.dll
2010-03-05 14:53:39 ----D---- C:\WINDOWS\system32\Restore
2010-03-05 14:53:39 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-03-05 14:53:39 ----A---- C:\WINDOWS\system32\srclient.dll
2010-03-05 14:53:39 ----A---- C:\WINDOWS\system32\ils.dll
2010-03-05 14:53:38 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-03-05 14:53:38 ----A---- C:\WINDOWS\system32\msconf.dll
2010-03-05 14:53:38 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-03-05 14:53:38 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-03-05 14:53:38 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-03-05 14:53:36 ----D---- C:\Program Files\NetMeeting
2010-03-05 14:53:36 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-03-05 14:53:36 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-03-05 14:53:35 ----A---- C:\WINDOWS\system32\inetres.dll
2010-03-05 14:53:35 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-03-05 14:53:34 ----N---- C:\WINDOWS\system32\schedsvc.dll
2010-03-05 14:53:34 ----D---- C:\Program Files\Outlook Express
2010-03-05 14:53:34 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-03-05 14:53:34 ----A---- C:\WINDOWS\system32\mstask.dll
2010-03-05 14:53:34 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-03-05 14:53:34 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-03-05 14:53:33 ----A---- C:\WINDOWS\system32\isign32.dll
2010-03-05 14:53:33 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-03-05 14:53:30 ----D---- C:\Program Files\Common Files\System
2010-03-05 14:53:29 ----D---- C:\Program Files\Internet Explorer
2010-03-05 14:52:51 ----D---- C:\Program Files\ComPlus Applications
2010-03-05 14:52:48 ----A---- C:\WINDOWS\vbaddin.ini
2010-03-05 14:52:48 ----A---- C:\WINDOWS\vb.ini
2010-03-05 14:52:41 ----D---- C:\WINDOWS\Registration
2010-03-05 14:52:30 ----D---- C:\Program Files\Windows Media Player
2010-03-05 14:52:24 ----D---- C:\Program Files\Messenger
2010-03-05 14:52:21 ----D---- C:\Program Files\MSN Gaming Zone
2010-03-05 14:52:21 ----A---- C:\WINDOWS\system32\write.exe
2010-03-05 14:52:11 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-03-05 14:52:11 ----A---- C:\WINDOWS\system32\hticons.dll
2010-03-05 14:52:10 ----A---- C:\WINDOWS\system32\winchat.exe
2010-03-05 14:52:10 ----A---- C:\WINDOWS\system32\avwav.dll
2010-03-05 14:52:10 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-03-05 14:52:10 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-03-05 14:52:05 ----A---- C:\WINDOWS\system32\charmap.exe
2010-03-05 14:52:05 ----A---- C:\WINDOWS\system32\getuname.dll
2010-03-05 14:52:05 ----A---- C:\WINDOWS\system32\calc.exe
2010-03-05 14:52:04 ----A---- C:\WINDOWS\system32\winmine.exe
2010-03-05 14:52:04 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-03-05 14:52:04 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-03-05 14:52:04 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-03-05 14:52:04 ----A---- C:\WINDOWS\system32\tskill.exe
2010-03-05 14:52:04 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-03-05 14:52:04 ----A---- C:\WINDOWS\system32\tscon.exe
2010-03-05 14:52:04 ----A---- C:\WINDOWS\system32\sol.exe
2010-03-05 14:52:04 ----A---- C:\WINDOWS\system32\reset.exe
2010-03-05 14:52:04 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-03-05 14:52:04 ----A---- C:\WINDOWS\system32\freecell.exe
2010-03-05 14:52:03 ----A---- C:\WINDOWS\system32\shadow.exe
2010-03-05 14:52:03 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-03-05 14:52:03 ----A---- C:\WINDOWS\system32\regini.exe
2010-03-05 14:52:03 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-03-05 14:52:03 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-03-05 14:52:03 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-03-05 14:52:03 ----A---- C:\WINDOWS\system32\msg.exe
2010-03-05 14:52:03 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-03-05 14:52:03 ----A---- C:\WINDOWS\system32\logoff.exe
2010-03-05 14:52:03 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-03-05 14:52:02 ----A---- C:\WINDOWS\system32\stclient.dll
2010-03-05 14:52:02 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-03-05 14:52:02 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-03-05 14:52:02 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-03-05 14:52:02 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-03-05 14:52:02 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-03-05 14:52:02 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-03-05 14:52:02 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-03-05 14:51:58 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-03-05 14:51:57 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-03-05 14:51:57 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-03-05 14:51:57 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-03-05 14:51:57 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-03-05 14:51:56 ----D---- C:\Program Files\Windows NT
2010-03-05 14:51:56 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-03-05 14:51:56 ----A---- C:\WINDOWS\system32\spider.exe
2010-03-05 14:51:56 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-03-05 14:51:56 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-03-05 14:51:55 ----N---- C:\WINDOWS\system32\termsrv.dll
2010-03-05 14:51:55 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-03-05 14:51:55 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-03-05 14:51:55 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-03-05 14:51:55 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-03-05 14:51:55 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-03-05 14:51:55 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-03-05 14:51:55 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-03-05 14:51:55 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-03-05 14:51:55 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-03-05 14:51:55 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-03-05 14:51:55 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-03-05 14:51:55 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-03-05 14:51:55 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-03-05 14:51:54 ----D---- C:\WINDOWS\system32\MsDtc
2010-03-05 14:51:54 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-03-05 14:51:54 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-03-05 14:51:54 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-03-05 14:51:54 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-03-05 14:51:54 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-03-05 14:51:54 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-03-05 14:51:54 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-03-05 14:51:54 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-03-05 14:51:53 ----D---- C:\WINDOWS\system32\Com
2010-03-05 14:51:53 ----A---- C:\WINDOWS\system32\colbact.dll
2010-03-05 14:51:53 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-03-05 14:51:53 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-03-05 14:51:53 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-03-05 14:51:53 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-03-05 14:51:52 ----A---- C:\WINDOWS\system32\comuid.dll
2010-03-05 14:51:52 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-03-05 14:51:52 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-03-05 14:51:48 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-03-05 14:51:48 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-03-05 14:51:48 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-03-05 14:51:48 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2010-03-16 14:41:04 ----A---- C:\WINDOWS\system.ini
2010-03-08 12:15:47 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2006-01-11 8704]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys [2006-07-24 9341]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-09-12 110592]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-03-06 21035]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2006-01-11 13312]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-03 4605952]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2004-09-23 645872]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2004-09-23 371376]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2004-09-23 6096]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2004-09-23 130288]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2004-09-23 145488]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2004-09-23 904880]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2004-09-23 148464]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-09-12 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-09-12 19968]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2004-09-23 178672]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 ayzg8ja9;ayzg8ja9; C:\WINDOWS\system32\drivers\ayzg8ja9.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Tuaoid\LOCALS~1\Temp\catchme.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2004-09-22 340128]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-09-05 176128]
S3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-03 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe [2006-09-11 172032]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-13 20543]
R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120]
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-12 153376]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-09-11 135227]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-09-11 65599]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-12-20 593920]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-05 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

[Tom8sh16]

Tyto soubory:
C:\WINDOWS\system32\smrgdf.exe
C:\WINDOWS\system32\iolobtdfg.exe
otestujte na virustotal.com a vložte sem pouze odkazy (linky) k výsledkům.
Pokud se u nějakého souboru zobrazí, že už dříve byl testován, klikněte na tlačítko Otestovat soubor znovu.

(Poznámka: pokud by nějaké soubory nebyly k nalezení, přesvědčte se, zda máte zapnuté zobrazování skrytých souborů a složek, pokud ne, tak Nabídka Start -> Ovládací panely -> Možnosti složky -> Zobrazení -> Zobrazovat skryté soubory a složky -> OK)

[tuaoid]

http://www.virustotal.com/cs/analisis/1 ... 1268754739
http://www.virustotal.com/cs/analisis/0 ... 1268754894

[Tom8sh16]

OK, už by to mělo být čisté. Jaký je stav PC?

[tuaoid]

díky. zkusím restart

[tuaoid]

lišta šlape akorát se vyskytl jiný nesmysl a to, že chrome který je hlavní prohlížeč hlásí chybu: s pamětí nelze provést operaci: written a mozilla se nerozběhne vůbec. pouze iexplorer se snaží ale bere si 60% CPU...

[Tom8sh16]

Jde o všeobecnou chybu programu, zkuste Chrome přeinstalovat.

Ještě klikněte v mém podpisu na GMER, pošlete sem oba logy.

[tuaoid]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-16 20:44:23
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Tuaoid\LOCALS~1\Temp\kwkirkoc.sys


---- System - GMER 1.0.15 ----

SSDT spla.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spla.sys ZwEnumerateValueKey [0xB9ECE132]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A7CB1F8

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

[tuaoid]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-16 23:21:45
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Tuaoid\LOCALS~1\Temp\kwkirkoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAC3AF6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAC3AF574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAC3AFA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAC3AF14C]
SSDT spla.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spla.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAC3AF64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAC3AF08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAC3AF0F0]
SSDT spla.sys ZwQueryKey [0xB9ECE20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAC3AF76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAC3AF72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAC3AF8AE]

INT 0x63 ? 8A841BF8
INT 0x73 ? 8A7D0BF8
INT 0xA4 ? 8A841BF8
INT 0xB4 ? 8A841BF8

---- Kernel code sections - GMER 1.0.15 ----

? spla.sys Systém nemůže nalézt uvedený soubor. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8F5F000, 0x22F0B7, 0xE8000020]
.text USBPORT.SYS!DllUnload B8F028AC 5 Bytes JMP 8A2074E0
.text a2dj4oon.SYS B8C03386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a2dj4oon.SYS B8C033AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a2dj4oon.SYS B8C033C4 3 Bytes [00, 80, 02]
.text a2dj4oon.SYS B8C033C9 1 Byte [30]
.text a2dj4oon.SYS B8C033C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wscntfy.exe[148] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[148] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wscntfy.exe[148] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[148] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[148] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[148] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\wscntfy.exe[148] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[148] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[148] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[148] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[148] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009D0001
.text C:\WINDOWS\system32\wscntfy.exe[148] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[220] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[220] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[220] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[220] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[220] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[220] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[220] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[220] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[220] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[220] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[220] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BD0001
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[228] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[228] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[228] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[228] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[228] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[228] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[228] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[228] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[228] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[228] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[228] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03A90001
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[300] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[300] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[300] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[300] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[300] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[300] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[300] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[300] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[300] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[300] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[300] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003E0001
.text C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe[324] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe[324] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe[324] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe[324] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe[324] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe[324] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe[324] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe[324] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe[324] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe[324] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe[324] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001
.text C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe[348] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe[348] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe[348] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe[348] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe[348] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe[348] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe[348] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe[348] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe[348] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe[348] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe[348] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BD0001
.text C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe[392] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe[392] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe[392] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe[392] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe[392] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe[392] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe[392] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe[392] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe[392] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe[392] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe[392] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01190001
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[408] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[408] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[408] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[408] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[408] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[408] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[408] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[408] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[408] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[408] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[408] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009E0001
.text C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe[432] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe[432] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe[432] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe[432] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe[432] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe[432] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe[432] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe[432] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe[432] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe[432] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe[432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01360001
.text C:\WINDOWS\system32\ctfmon.exe[464] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[464] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[464] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[464] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[464] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[464] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[464] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[464] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[464] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[464] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[464] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A10001
.text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[528] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[528] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[528] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[528] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[528] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[528] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[528] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[528] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[528] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[528] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[528] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01320001
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[544] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[544] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[544] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[544] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[544] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[544] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[544] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[544] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[544] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[544] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[544] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 05560001
.text C:\WINDOWS\system32\csrss.exe[704] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[704] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[704] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[704] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\csrss.exe[704] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[704] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\csrss.exe[704] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[704] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\csrss.exe[704] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[704] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\csrss.exe[704] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015A0001
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\winlogon.exe[736] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01540001
.text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013F0001
.text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E90001
.text C:\WINDOWS\system32\Ati2evxx.exe[964] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[964] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\Ati2evxx.exe[964] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[964] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[964] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[964] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\Ati2evxx.exe[964] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[964] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[964] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[964] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[964] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010A0001
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DB0001
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FC0001
.text C:\WINDOWS\System32\svchost.exe[1140] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1140] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1140] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1140] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\WINDOWS\System32\svchost.exe[1140] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1140] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1140] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1140] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[1140] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1140] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01850001
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AE0001
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A30001
.text C:\WINDOWS\system32\spoolsv.exe[1364] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1364] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1364] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1364] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1364] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1364] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\spoolsv.exe[1364] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1364] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1364] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1364] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1364] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C90001
.text C:\WINDOWS\system32\Ati2evxx.exe[1556] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1556] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\Ati2evxx.exe[1556] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1556] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[1556] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1556] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\Ati2evxx.exe[1556] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1556] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[1556] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1556] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[1556] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DC0001
.text C:\WINDOWS\Explorer.EXE[1748] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1748] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[1748] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1748] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\WINDOWS\Explorer.EXE[1748] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1748] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[1748] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1748] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\WINDOWS\Explorer.EXE[1748] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1748] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B70001
.text C:\Documents and Settings\Tuaoid\Plocha\gmer.exe[1756] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Tuaoid\Plocha\gmer.exe[1756] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Documents and Settings\Tuaoid\Plocha\gmer.exe[1756] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Tuaoid\Plocha\gmer.exe[1756] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Documents and Settings\Tuaoid\Plocha\gmer.exe[1756] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Tuaoid\Plocha\gmer.exe[1756] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\Tuaoid\Plocha\gmer.exe[1756] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Tuaoid\Plocha\gmer.exe[1756] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Documents and Settings\Tuaoid\Plocha\gmer.exe[1756] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Tuaoid\Plocha\gmer.exe[1756] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Documents and Settings\Tuaoid\Plocha\gmer.exe[1756] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B30001
.text C:\Documents and Settings\Tuaoid\Plocha\gmer.exe[1756] kernel32.dll!FreeLibrary + 15

[tuaoid]

.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1832] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1832] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1832] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1832] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1832] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1832] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1832] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1832] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1832] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1832] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01F60001
.text C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe[1840] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe[1840] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe[1840] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe[1840] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe[1840] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe[1840] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe[1840] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe[1840] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe[1840] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe[1840] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe[1840] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F70001
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1856] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1856] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1856] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1856] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1856] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1856] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1856] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1856] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1856] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1856] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1856] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D40001
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1896] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1896] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1896] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1896] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1896] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1896] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1896] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1896] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1896] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1896] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1896] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 011E0001
.text C:\Program Files\Winamp\winampa.exe[1932] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Winamp\winampa.exe[1932] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Winamp\winampa.exe[1932] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Winamp\winampa.exe[1932] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\Winamp\winampa.exe[1932] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Winamp\winampa.exe[1932] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Winamp\winampa.exe[1932] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Winamp\winampa.exe[1932] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\Winamp\winampa.exe[1932] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Winamp\winampa.exe[1932] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\Winamp\winampa.exe[1932] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008B0001
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1992] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1992] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1992] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1992] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1992] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1992] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1992] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1992] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1992] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1992] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1992] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CD0001
.text C:\WINDOWS\system32\CTsvcCDA.EXE[2092] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTsvcCDA.EXE[2092] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\CTsvcCDA.EXE[2092] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTsvcCDA.EXE[2092] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\CTsvcCDA.EXE[2092] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTsvcCDA.EXE[2092] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\CTsvcCDA.EXE[2092] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTsvcCDA.EXE[2092] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\CTsvcCDA.EXE[2092] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTsvcCDA.EXE[2092] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\CTsvcCDA.EXE[2092] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003E0001
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2120] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2120] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2120] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2120] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2120] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2120] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2120] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2120] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2120] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2120] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2120] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008F0001
.text C:\Program Files\iolo\common\lib\ioloServiceManager.exe[2220] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iolo\common\lib\ioloServiceManager.exe[2220] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\iolo\common\lib\ioloServiceManager.exe[2220] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iolo\common\lib\ioloServiceManager.exe[2220] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\iolo\common\lib\ioloServiceManager.exe[2220] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iolo\common\lib\ioloServiceManager.exe[2220] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\iolo\common\lib\ioloServiceManager.exe[2220] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iolo\common\lib\ioloServiceManager.exe[2220] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\iolo\common\lib\ioloServiceManager.exe[2220] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iolo\common\lib\ioloServiceManager.exe[2220] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\iolo\common\lib\ioloServiceManager.exe[2220] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01330001
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2236] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2236] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2236] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2236] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2236] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2236] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2236] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2236] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2236] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2236] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2236] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00630001
.text C:\Program Files\Java\jre6\bin\jqs.exe[2276] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2276] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[2276] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2276] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2276] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2276] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Java\jre6\bin\jqs.exe[2276] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2276] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2276] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2276] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2276] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E30001
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2312] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2312] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2312] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2312] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2312] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2312] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2312] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2312] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2312] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2312] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2312] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A30001
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2312] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[2764] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[2764] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[2764] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[2764] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[2764] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[2764] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[2764] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[2764] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[2764] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[2764] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[2764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00740001
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[2764] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2820] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2820] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2820] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2820] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2820] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2820] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2820] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2820] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2820] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2820] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2820] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AD0001
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2820] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe[3000] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe[3000] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe[3000] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe[3000] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe[3000] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe[3000] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe[3000] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe[3000] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe[3000] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe[3000] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe[3000] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D30001
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe[3000] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[3044] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[3044] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[3044] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[3044] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[3044] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[3044] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[3044] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[3044] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[3044] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[3044] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[3044] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B60001
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[3044] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3572] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3572] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3572] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3572] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3572] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3572] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3572] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3572] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3572] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3572] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3572] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AF0001
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3572] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3856] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3856] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3856] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3856] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3856] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3856] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3856] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3856] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3856] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3856] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3856] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B10001
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3856] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\WINDOWS\System32\alg.exe[4040] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[4040] ntdll.dll!NtCreateProcess + 4 7C90D134 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\alg.exe[4040] ntdll.dll!NtCreateProcessEx 7C90D140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[4040] ntdll.dll!NtCreateProcessEx + 4 7C90D144 2 Bytes [11, 5F]
.text C:\WINDOWS\System32\alg.exe[4040] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[4040] ntdll.dll!NtResumeThread + 4 7C90DB24 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\System32\alg.exe[4040] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[4040] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\alg.exe[4040] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[4040] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\alg.exe[4040] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00720001
.text C:\WINDOWS\System32\alg.exe[4040] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spla.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spla.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spla.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spla.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spla.sys
IAT \SystemRoot\System32\Drivers\a2dj4oon.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a2dj4oon.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\a2dj4oon.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a2dj4oon.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\a2dj4oon.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a2dj4oon.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a2dj4oon.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\a2dj4oon.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a2dj4oon.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\a2dj4oon.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a2dj4oon.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\a2dj4oon.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a2dj4oon.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\a2dj4oon.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a2dj4oon.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[780] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[780] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A7CB1F8

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBPDO-0 8A0FC500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A8421F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A8421F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A8421F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A8421F8
Device \Driver\usbehci \Device\USBPDO-1 8A0D5500

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1 8A8421F8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume2 8A8421F8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1 8A8421F8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume2 8A8421F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7CE1F8
Device \Driver\PCI_PNP8236 \Device\00000058 spla.sys
Device \Driver\Cdrom \Device\CdRom0 8A288500
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7CE1F8
Device \Driver\Cdrom \Device\CdRom1 8A288500
Device \Driver\atapi \Device\Ide\IdePort0 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\nvata \Device\00000080 8A8411F8
Device \Driver\nvata \Device\00000083 8A8411F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 88BE0500
Device \Driver\sptd \Device\858253236 spla.sys
Device \Driver\NetBT \Device\NetbiosSmb 88BE0500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBFDO-0 8A0FC500
Device \Driver\usbehci \Device\USBFDO-1 8A0D5500
Device \Driver\nvata \Device\NvAta0 8A8411F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 885911F8
Device \Driver\nvata \Device\0000007b 8A8411F8
Device \Driver\nvata \Device\NvAta1 8A8411F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 885911F8
Device \Driver\nvata \Device\0000007c 8A8411F8
Device \Driver\nvata \Device\NvAta2 8A8411F8
Device \Driver\Ftdisk \Device\FtControl 8A7CE1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D4869222-5009-4D0F-A73F-C99A1394A617} 88BE0500
Device \Driver\nvata \Device\0000007f 8A8411F8
Device \Driver\a2dj4oon \Device\Scsi\a2dj4oon1 89FD8368
Device \Driver\SI3132 \Device\Scsi\SI31321 8A7CC1F8
Device \Driver\a2dj4oon \Device\Scsi\a2dj4oon1Port6Path0Target0Lun0 89FD8368
Device \FileSystem\Cdfs \Cdfs 88574500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF8 0x72 0xE4 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x45 0x63 0xAA 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC8 0x73 0xEC 0x50 ...

---- EOF - GMER 1.0.15 ----

[Tom8sh16]

Dobrý večer, nezlobte se prosím, ale logy zkontroluji až zítra.

[Tom8sh16]

Odinstalujte Daemon Tools, pokud máte nainstalovaný Alcohol 120%, odinstalujte i ten (je to nutné, později můžete programy znovu nainstalovat).

Potom stáhněte SPTD

Kód: Vybrat vše

http://www.duplexsecure.com/en/downloads

▪ Vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64bit).
▪ Uložte na plochu a spusťte.
▪ Zvolte možnost Uninstall.
▪ Restartujte PC.

Potom stáhněte MBR

Kód: Vybrat vše

http://download.viry.cz/tools/mbr.exe

Uložte na plochu. Pak klikněte na Nabídka Start -> Spustit -> Tam napište tohle:

Kód: Vybrat vše

"%userprofile%\plocha\mbr.exe" -t

Stiskněte Enter. Problikne okno programu a na ploše se objeví MBR.txt, jehož obsah pošlete sem.

Zároveň sem pošlete i nové logy z GMERu