Po připojení k internetu se PC během pár vteřin zcela sekne

Zpráva

jan.stuchly · #1 Příspěvek od **jan.stuchly** » 15 úno 2011 11:18

Dobrý den, moc Vás tímto prosím o pomoc. Mám problém - pokaždé, když se připojím k internetu, tak se PC zcela sekne a nelze jej ani restartovat. V důsledku tohoto tedy nemohu ani aktualizovat Spybot a Avast. Těmito programy jsem nicméně zkoušel prohledávat disk, ale nic nenašly. Použil jsme také program Cleaner, jak jste doporučovali. Rovněž jsem chtěl vyzkoušet program Spyware Terminator, ale nevěděl jsem že, se bude chtít připojit k internetu. Program Spybot jsem tedy odinstaloval, abych nepoužíval oba programy najednou (jak jste doporučovali), a teď díky tomu nemám ani jeden - oba se musí připojit k internetu

Pro komunikaci s Vámi tedy musím používat jiný PC a log vždy kopírovat.
Moc Vám děkuji za ochotu mi pomoci, log zasílám. Díky moc, Honza Stuchlý, Ostrava.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Rodina Stuchlá at 2011-02-15 11:01:34
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 38 GB (33%) free of 114 GB
Total RAM: 1022 MB (68% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-29 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll [2009-11-02 1085080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-11-06 159744]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-20 7581696]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-07-20 86016]
"nwiz"=nwiz.exe /installquiet /nodetect []
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-07-27 61952]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"USIUDF_Eject_Monitor"=C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe [2004-12-23 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-08-04 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"RemoteControl9"=C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-04-27 87336]
"PDVD9LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2009-04-27 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-05-07 75048]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2006-03-01 90112]
"SME"=C:\Documents and Settings\All Users\Data aplikací\f63042\SMf63_2121.exe /s []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"

======List of files/folders created in the last 1 months======

2011-02-15 11:01:35 ----D---- C:\Program Files\trend micro
2011-02-15 11:01:34 ----D---- C:\rsit
2011-02-15 10:25:32 ----D---- C:\Program Files\CCleaner
2011-02-11 21:27:50 ----A---- C:\WINDOWS\AviSplitter.INI
2011-01-18 14:21:20 ----D---- C:\Documents and Settings\Rodina Stuchlá\Data aplikací\Photodex
2011-01-16 14:15:45 ----D---- C:\Program Files\Photodex Presenter
2011-01-16 14:15:45 ----D---- C:\Documents and Settings\Rodina Stuchlá\Data aplikací\Netscape
2011-01-16 10:17:37 ----D---- C:\Program Files\Photodex

======List of files/folders modified in the last 1 months======

2011-02-15 11:01:35 ----RD---- C:\Program Files
2011-02-15 11:00:55 ----D---- C:\WINDOWS\Prefetch
2011-02-15 10:56:32 ----D---- C:\WINDOWS\Temp
2011-02-15 10:41:03 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-15 10:40:32 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-02-15 10:39:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-15 10:39:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-02-15 10:37:01 ----D---- C:\WINDOWS
2011-02-15 10:30:52 ----D---- C:\WINDOWS\Minidump
2011-02-15 10:30:52 ----D---- C:\WINDOWS\Debug
2011-02-15 10:09:36 ----D---- C:\WINDOWS\system32\drivers\etc
2011-02-14 17:32:38 ----A---- C:\WINDOWS\NeroDigital.ini
2011-02-14 11:14:40 ----D---- C:\WINDOWS\system32
2011-02-14 11:14:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-02-14 10:32:19 ----D---- C:\Program Files\Mozilla Firefox
2011-02-11 23:44:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-02-11 23:43:54 ----D---- C:\Documents and Settings\Rodina Stuchlá\Data aplikací\Adobe
2011-01-28 11:20:59 ----A---- C:\WINDOWS\win.ini
2011-01-23 15:58:31 ----D---- C:\Video
2011-01-16 14:15:45 ----D---- C:\Documents and Settings\Rodina Stuchlá\Data aplikací\Mozilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2006-06-28 8192]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 USIUDF;USIUDF; C:\WINDOWS\System32\Drivers\USIUDF.sys [2004-07-07 292896]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/08/06 10:06:54]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-11-01 604928]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-04-11 179200]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-07-27 581632]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-08-29 990592]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-08-29 208384]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-20 3685152]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-11-01 51584]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2006-07-06 47744]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-08-29 728576]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-03 11136]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-03 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-29 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-20 143426]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-04-27 271760]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe [2011-01-16 181312]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-03-13 49152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-26 126976]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]

-----------------EOF-----------------

#2 Příspěvek od **stell** » 15 úno 2011 13:26

zdravim

Stiahnes>>OTMoveIt3 by OldTimer >.podla navodu vloz text a klik-Moveit>>log po restarte vloz sem

Kód: Vybrat vše

:processes
explorer.exe

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Documents and Settings\All Users\Data aplikací\f63042\SMf63_2121.exe
C:\Documents and Settings\All Users\Data aplikací\f63042
ipconfig /flushdns /c 
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SME"=-
:Commands 
[resethosts] 
[CreateRestorePoint] 
[emptytemp] 
[start explorer]
[Reboot]

Stiahnes>>mbam-setup
Nainstalovat, aktualizovat, a spustit skan.
Spravit Uplny skan, co najde daj zmazat,
Log vloz sem.
Podrobny Navod:
http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

jan.stuchly · #3 Příspěvek od **jan.stuchly** » 15 úno 2011 20:23

Ahoj, předem moc děkuju za ochotu mi pomoci. Tady je tedy ten log z programu OTM:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\Temp\_avast5_\unp215002021.tmp moved successfully.
C:\WINDOWS\Temp\_avast5_\unp215187274.tmp moved successfully.
C:\WINDOWS\Temp\_avast5_\unp265095626.tmp moved successfully.
C:\WINDOWS\Temp\_avast5_\unp265136998.tmp moved successfully.
C:\Documents and Settings\All Users\Data aplikací\f63042\SMf63_2121.exe moved successfully.
C:\Documents and Settings\All Users\Data aplikací\f63042 folder moved successfully.
< ipconfig /flushdns /c >
No captured output from command...
C:\Documents and Settings\Rodina Stuchlá\Plocha\cmd.bat deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SME deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTM Restore Point (0)

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Rodina Stuchlá
->Temp folder emptied: 99239759 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 614241 bytes
->FireFox cache emptied: 56362161 bytes
->Flash cache emptied: 1818 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 131614 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 149,00 mb

OTM by OldTimer - Version 3.1.17.2 log created on 02152011_191001

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Tadyje log z programu MBAM u rychlého testu:

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verze databáze: 5363

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

15.2.2011 19:20:48
mbam-log-2011-02-15 (19-20-48).txt

Typ kontroly: Rychlý test
Testované objekty: 125449
Uplynulý čas: 3 minut, 16 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

A tady je log z programu MBAM u úplného testu:

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verze databáze: 5363

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

15.2.2011 20:09:30
mbam-log-2011-02-15 (20-09-30).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 176385
Uplynulý čas: 34 minut, 0 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\rodina stuchlá\dokumenty\Já\Pro WIN\cyberlink powerdvd 9.1719 ultra version + keygen [h33t] - cazor\Keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\documents and settings\rodina stuchlá\dokumenty\Já\Pro WIN\keyfinder\keyfinder.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

Zatím tedy moc DÍKY a jsem zvědav, zda ti ty klikyháky, co jsem tady kopíroval, nějak pomůžou Hezký zbytek dne. Honza.

jan.stuchly · #4 Příspěvek od **jan.stuchly** » 15 úno 2011 20:38

Ahoj, jinak - zkusil jsem po tom všem PC připojit k internetu a zatím pořád stejný výsledek

Po 10 vteřinách se znovu zasekl

#5 Příspěvek od **stell** » 16 úno 2011 06:22

Stiahnite si prosím TDSSKiller a uložte ho na plochu.

2x-klik na TDSSKiller.exe- spustiť aplikáciu, potom na Spustiť kontrolu-klik- Start Scan.
Ak je infikovaný súbor detekovaný, bude predvolená akcia Cure, kliknite na tlačidlo Continue.
Ak podozrivý[suspicious] súbor je detekovaný, bude predvolená akcia Skip, kliknite na Continue.
Môže vás požiadať, aby ste reštartovali počítač na dokončenie procesu. Kliknite na Reboot Now.
Ak nevyžaduje reštart, kliknite na tlačidlo Report. Log súbor by sa mal objaviť. Prosím, skopírujte a vložte obsah súboru tu.
Ak je vyžadované reštartovanie počítača, správa je k dispozícii vo vašom koreňovom adresári (zvyčajne C:\ zložka) vo forme "TDSSKiller. _log.txt". Prosím, skopírujte a vložte obsah súboru tu.

PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

jan.stuchly · #6 Příspěvek od **jan.stuchly** » 16 úno 2011 21:17

Takže tady je log z programu TDSS Killer:

2011/02/16 20:31:21.0656 1724 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/16 20:31:21.0718 1724 ================================================================================
2011/02/16 20:31:21.0718 1724 SystemInfo:
2011/02/16 20:31:21.0718 1724
2011/02/16 20:31:21.0718 1724 OS Version: 5.1.2600 ServicePack: 2.0
2011/02/16 20:31:21.0718 1724 Product type: Workstation
2011/02/16 20:31:21.0718 1724 ComputerName: RODINA-STUCHLA
2011/02/16 20:31:21.0718 1724 UserName: Rodina Stuchlá
2011/02/16 20:31:21.0718 1724 Windows directory: C:\WINDOWS
2011/02/16 20:31:21.0718 1724 System windows directory: C:\WINDOWS
2011/02/16 20:31:21.0718 1724 Processor architecture: Intel x86
2011/02/16 20:31:21.0718 1724 Number of processors: 2
2011/02/16 20:31:21.0718 1724 Page size: 0x1000
2011/02/16 20:31:21.0718 1724 Boot type: Normal boot
2011/02/16 20:31:21.0718 1724 ================================================================================
2011/02/16 20:31:22.0109 1724 Initialize success
2011/02/16 20:31:43.0046 1868 ================================================================================
2011/02/16 20:31:43.0046 1868 Scan started
2011/02/16 20:31:43.0046 1868 Mode: Manual;
2011/02/16 20:31:43.0046 1868 ================================================================================
2011/02/16 20:31:43.0437 1868 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/02/16 20:31:43.0453 1868 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/02/16 20:31:43.0562 1868 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/16 20:31:43.0593 1868 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/02/16 20:31:43.0671 1868 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/02/16 20:31:43.0718 1868 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/02/16 20:31:43.0875 1868 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/16 20:31:43.0968 1868 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/02/16 20:31:44.0000 1868 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/02/16 20:31:44.0031 1868 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/02/16 20:31:44.0062 1868 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/02/16 20:31:44.0078 1868 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/02/16 20:31:44.0109 1868 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/16 20:31:44.0156 1868 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/16 20:31:44.0203 1868 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/16 20:31:44.0250 1868 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/16 20:31:44.0281 1868 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/02/16 20:31:44.0359 1868 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/02/16 20:31:44.0421 1868 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/16 20:31:44.0515 1868 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/16 20:31:44.0531 1868 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/16 20:31:44.0593 1868 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/16 20:31:44.0625 1868 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/16 20:31:44.0656 1868 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/16 20:31:44.0734 1868 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/02/16 20:31:44.0765 1868 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/16 20:31:44.0906 1868 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/16 20:31:44.0953 1868 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/16 20:31:45.0015 1868 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/16 20:31:45.0046 1868 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/16 20:31:45.0078 1868 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/16 20:31:45.0125 1868 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/16 20:31:45.0156 1868 e1express (f239ec59b4a30266a4a7b081a5dee0fc) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/02/16 20:31:45.0171 1868 eabfiltr (a6476585b4fefee46a9f42e4d2bfdfa4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
2011/02/16 20:31:45.0234 1868 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/16 20:31:45.0281 1868 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/02/16 20:31:45.0312 1868 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/16 20:31:45.0359 1868 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/02/16 20:31:45.0390 1868 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/02/16 20:31:45.0437 1868 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/16 20:31:45.0468 1868 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/16 20:31:45.0500 1868 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/16 20:31:45.0531 1868 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2011/02/16 20:31:45.0593 1868 HdAudAddService (4905d28aa09f63e6a2f4e93ed6dd7d19) C:\WINDOWS\system32\drivers\CHDAud.sys
2011/02/16 20:31:45.0625 1868 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/16 20:31:45.0671 1868 HSFHWAZL (8e60293c44e3f6f7f09defb60023a37d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/02/16 20:31:45.0750 1868 HSF_DPV (4c2aab15ad6229134f70e5c950e6185c) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/02/16 20:31:45.0828 1868 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/16 20:31:45.0906 1868 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/16 20:31:45.0937 1868 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/16 20:31:46.0015 1868 IntelIde (ef4fda4841001a4b98c411797db8894a) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/16 20:31:46.0046 1868 intelppm (10a3ac0f0df720ad3c3fd13861d50eb9) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/16 20:31:46.0078 1868 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/02/16 20:31:46.0109 1868 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/16 20:31:46.0140 1868 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/16 20:31:46.0171 1868 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/16 20:31:46.0203 1868 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/16 20:31:46.0234 1868 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/16 20:31:46.0281 1868 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/16 20:31:46.0328 1868 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/16 20:31:46.0375 1868 kbdhid (065b5a83aa78c0c7047bf22e0ab5c821) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/16 20:31:46.0406 1868 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/16 20:31:46.0453 1868 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/16 20:31:46.0546 1868 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/02/16 20:31:46.0593 1868 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/16 20:31:46.0625 1868 Modem (60210deb037846afe521ebf349964f6b) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/16 20:31:46.0656 1868 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/16 20:31:46.0671 1868 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/16 20:31:46.0718 1868 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/16 20:31:46.0765 1868 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/16 20:31:46.0843 1868 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/02/16 20:31:46.0859 1868 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/16 20:31:46.0906 1868 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/16 20:31:46.0921 1868 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/16 20:31:46.0953 1868 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/16 20:31:47.0000 1868 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/16 20:31:47.0015 1868 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/16 20:31:47.0046 1868 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/16 20:31:47.0062 1868 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/16 20:31:47.0093 1868 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/16 20:31:47.0125 1868 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/16 20:31:47.0171 1868 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/16 20:31:47.0234 1868 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/16 20:31:47.0265 1868 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/16 20:31:47.0281 1868 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/16 20:31:47.0296 1868 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/16 20:31:47.0359 1868 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/16 20:31:47.0406 1868 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/16 20:31:47.0468 1868 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/02/16 20:31:47.0500 1868 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/02/16 20:31:47.0515 1868 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/16 20:31:47.0578 1868 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/16 20:31:47.0640 1868 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/16 20:31:47.0812 1868 nv (59e5d945934ec2e7eaa22af81813dabf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/16 20:31:48.0000 1868 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/16 20:31:48.0015 1868 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/16 20:31:48.0046 1868 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/16 20:31:48.0093 1868 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOWS\system32\drivers\Parport.sys
2011/02/16 20:31:48.0109 1868 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/16 20:31:48.0125 1868 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/16 20:31:48.0171 1868 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/02/16 20:31:48.0218 1868 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/16 20:31:48.0265 1868 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/16 20:31:48.0312 1868 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/16 20:31:48.0500 1868 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/16 20:31:48.0531 1868 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/16 20:31:48.0562 1868 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/16 20:31:48.0578 1868 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/16 20:31:48.0687 1868 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/16 20:31:48.0703 1868 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/16 20:31:48.0718 1868 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/16 20:31:48.0750 1868 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/16 20:31:48.0765 1868 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/16 20:31:48.0796 1868 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/16 20:31:48.0859 1868 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/16 20:31:48.0906 1868 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/16 20:31:48.0937 1868 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/16 20:31:48.0984 1868 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/02/16 20:31:49.0000 1868 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/02/16 20:31:49.0031 1868 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/02/16 20:31:49.0093 1868 SbFw (419883201ca9ad697ccfb8fc46dd6f78) C:\WINDOWS\system32\drivers\SbFw.sys
2011/02/16 20:31:49.0125 1868 SBFWIMCL (f01b8409a11c319e3c5b9dd418676d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys
2011/02/16 20:31:49.0156 1868 sbhips (31ca701f26ea66468ad3c3c6498755ce) C:\WINDOWS\system32\drivers\sbhips.sys
2011/02/16 20:31:49.0218 1868 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/02/16 20:31:49.0234 1868 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/16 20:31:49.0296 1868 Serial (c1ddbc85251551a840212999da3d95f3) C:\WINDOWS\system32\drivers\Serial.sys
2011/02/16 20:31:49.0328 1868 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/02/16 20:31:49.0343 1868 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/02/16 20:31:49.0375 1868 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/16 20:31:49.0421 1868 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/16 20:31:49.0468 1868 SNP2UVC (fac7b89330e20713950925050c91cd04) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2011/02/16 20:31:49.0515 1868 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/16 20:31:49.0578 1868 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/16 20:31:49.0609 1868 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/16 20:31:49.0656 1868 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/16 20:31:49.0687 1868 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/16 20:31:49.0734 1868 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/16 20:31:49.0859 1868 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/16 20:31:49.0921 1868 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/16 20:31:49.0953 1868 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/16 20:31:49.0984 1868 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/16 20:31:50.0031 1868 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/16 20:31:50.0109 1868 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/16 20:31:50.0187 1868 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\WINDOWS\system32\Drivers\ULCDRHlp.sys
2011/02/16 20:31:50.0265 1868 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/16 20:31:50.0328 1868 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/02/16 20:31:50.0359 1868 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/16 20:31:50.0406 1868 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/16 20:31:50.0453 1868 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/16 20:31:50.0500 1868 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\drivers\usbser.sys
2011/02/16 20:31:50.0531 1868 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/02/16 20:31:50.0593 1868 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/16 20:31:50.0656 1868 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/16 20:31:50.0703 1868 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/02/16 20:31:50.0750 1868 USIUDF (d46ceaf88f2973e4368c9febea89526b) C:\WINDOWS\system32\Drivers\USIUDF.sys
2011/02/16 20:31:50.0796 1868 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/02/16 20:31:50.0843 1868 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/16 20:31:50.0906 1868 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/16 20:31:50.0953 1868 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/02/16 20:31:51.0031 1868 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/16 20:31:51.0109 1868 winachsf (e17d31cd52dcb7745ac5330eea062d0b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/02/16 20:31:51.0203 1868 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/02/16 20:31:51.0281 1868 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/16 20:31:51.0375 1868 {B154377D-700F-42cc-9474-23858FBDF4BD} (556b5cfe8d21b256add7f87d7f4b4123) C:\Program Files\CyberLink\PowerDVD9\000.fcl
2011/02/16 20:31:51.0812 1868 ================================================================================
2011/02/16 20:31:51.0812 1868 Scan finished
2011/02/16 20:31:51.0812 1868 ================================================================================

A tady je log z programu Combofix:

ComboFix 11-02-16.01 - Rodina Stuchlá 16.02.2011 20:59:47.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.567 [GMT 1:00]
Spuštěný z: c:\documents and settings\Rodina Stuchlá\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2011-01-16 do 2011-02-16 )))))))))))))))))))))))))))))))
.

2011-02-15 18:16 . 2011-02-15 18:16 -------- d-----w- c:\documents and settings\Rodina Stuchlá\Data aplikací\Malwarebytes
2011-02-15 18:16 . 2011-02-15 18:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-02-15 18:16 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-15 18:16 . 2011-02-15 18:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-15 18:16 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-15 18:10 . 2011-02-15 18:10 -------- d-----w- C:\_OTM
2011-02-15 10:01 . 2011-02-15 10:01 -------- d-----w- c:\program files\trend micro
2011-02-15 10:01 . 2011-02-15 10:01 -------- d-----w- C:\rsit
2011-02-15 09:25 . 2011-02-15 09:25 -------- d-----w- c:\program files\CCleaner
2011-01-23 14:57 . 2011-01-23 14:57 -------- d-----w- c:\documents and settings\Rodina Stuchlá\Local Settings\Data aplikací\WMTools Downloaded Files
2011-01-22 11:03 . 2011-02-15 18:16 -------- d-----w- c:\documents and settings\All Users\Plocha
2011-01-18 13:21 . 2011-01-18 13:21 -------- d-----w- c:\documents and settings\Rodina Stuchlá\Data aplikací\Photodex

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-09-27 10:20 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2009-08-04 15:15 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-08-04 15:15 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-08-04 15:15 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2009-08-04 15:15 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2009-08-04 15:15 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2009-08-04 15:15 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-08-04 15:15 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2009-08-04 15:15 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-27 20:15 . 2009-08-06 06:14 737280 ----a-w- c:\windows\iun6002.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"nwiz"="nwiz.exe" [2006-07-20 1519616]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 61952]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-12-23 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-08-04 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-4 113664]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2009-8-3 102400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4.8.2009 16:15 294608]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [4.8.2009 15:53 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 3:54 66600]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/08/06 10:06];c:\program files\CyberLink\PowerDVD9\000.fcl [7.5.2009 20:05 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.8.2009 16:15 17744]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 6:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 6:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [4.8.2009 15:53 65576]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14.2.2010 18:26 135664]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Obsah adresáře 'Naplánované úlohy'

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 17:26]

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 17:26]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {F2439A9E-B00C-4C38-B56A-CAA475EEC9F3} = 193.85.1.230,10.3.0.18
FF - ProfilePath - c:\documents and settings\Rodina Stuchlá\Data aplikací\Mozilla\Firefox\Profiles\lbwdwk4d.default\
FF - prefs.js: browser.startup.homepage - hxxp://web.volny.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 21:06
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
Celkový čas: 2011-02-16 21:11:32
ComboFix-quarantined-files.txt 2011-02-16 20:11

Před spuštěním: Volných bajtů: 39 695 392 768
Po spuštění: Volných bajtů: 39 656 460 288

- - End Of File - - D7324AEC2C778BC6AE62DF38BB265A4C

Jinak díky za ochotu, dělám dvanáctky, tak odpovídám až po tak dlouhé době. Díky, Honza.

#7 Příspěvek od **stell** » 17 úno 2011 07:54

ok, ako vidim podla logu combofixu, uz internet funguje.
Infekciu nevidim.Takze napis ako to je.

jan.stuchly · #8 Příspěvek od **jan.stuchly** » 17 úno 2011 13:00

Ahoj, tak mám špatnou zprávu, PC se chová stále stejně. Po připojení k internetu se prostě sekne a nejde ani vypnout

Honza.

#9 Příspěvek od **stell** » 17 úno 2011 13:25

Skus vypnut firewall.Sunbelt Personal Firewall,
odskusat napisat.

jan.stuchly · #10 Příspěvek od **jan.stuchly** » 17 úno 2011 14:46

Takže, na ikonku Keria jsem klikl pravým tlačítkem, zvolil jsem "zakázat firewall", ikonka se přeškrtla červeným pruhem, připojil jsem se k internetu a stejný výsledek - zase se sekl.

#11 Příspěvek od **stell** » 17 úno 2011 14:54

http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
logy vloz sem.

jan.stuchly · #12 Příspěvek od **jan.stuchly** » 17 úno 2011 21:07

Ahoj, tak tady je první log z gmeru:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-17 20:18:28
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200BEVS-60RST0 rev.04.01G04
Running: gmer.exe; Driver: C:\DOCUME~1\RODINA~1\LOCALS~1\Temp\kfldyaod.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xF4048652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

---- EOF - GMER 1.0.15 ----

Ten druhý log musím rozdělit do více zpráv, píše mi to, že vkládám víc znaků, než je povoleno.

jan.stuchly · #13 Příspěvek od **jan.stuchly** » 17 úno 2011 21:10

A tady je ten druhý log, jak už jsem psal, bude rozdělený do více zpráv:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-17 20:58:11
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200BEVS-60RST0 rev.04.01G04
Running: gmer.exe; Driver: C:\DOCUME~1\RODINA~1\LOCALS~1\Temp\kfldyaod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF4034728]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xF403B7EA]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xF4389868]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xF403B6A2]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xF4388E90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xF4388D9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xF43893FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xF438A210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xF403BCA8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xF403BBBE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xF403B276]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF40347D8]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xF783601C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xF7836168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xF4389B54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xF403B77E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xF403B1B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xF403B218]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF4034870]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xF403B8C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF403BD76]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xF403B880]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xF43894EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xF4389E8C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xF403BA04]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xF4389DE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xF4048652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2B98 80503798 4 Bytes JMP 48F403B7
PAGE ntkrnlpa.exe!NtCreateSection 805A9DEE 7 Bytes JMP F4048656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAEDA 5 Bytes JMP F40441EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C1810 5 Bytes JMP F4045C88 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6A2C360, 0x2255BD, 0xE8000020]
.text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0xB9A0C000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0xB9A2F050]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[192] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[192] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00080EC8
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] wininet.dll!InternetConnectA 771B44DB 5 Bytes JMP 00130F54
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] wininet.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00130D24
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] wininet.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00130E3C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] wininet.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00130FE0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] wininet.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00130DB0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] wininet.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\nvsvc32.exe[852] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\nvsvc32.exe[852] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\nvsvc32.exe[852] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\nvsvc32.exe[852] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\Explorer.EXE[912] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[912] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[912] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[912] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[912] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[912] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[912] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[912] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[912] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[912] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ADVAPI32.dll!DeleteService

jan.stuchly · #14 Příspěvek od **jan.stuchly** » 17 úno 2011 21:11

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-17 20:58:11
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200BEVS-60RST0 rev.04.01G04
Running: gmer.exe; Driver: C:\DOCUME~1\RODINA~1\LOCALS~1\Temp\kfldyaod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF4034728]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xF403B7EA]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xF4389868]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xF403B6A2]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xF4388E90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xF4388D9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xF43893FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xF438A210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xF403BCA8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xF403BBBE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xF403B276]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF40347D8]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xF783601C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xF7836168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xF4389B54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xF403B77E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xF403B1B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xF403B218]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF4034870]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xF403B8C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF403BD76]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xF403B880]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xF43894EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xF4389E8C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xF403BA04]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xF4389DE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xF4048652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2B98 80503798 4 Bytes JMP 48F403B7
PAGE ntkrnlpa.exe!NtCreateSection 805A9DEE 7 Bytes JMP F4048656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAEDA 5 Bytes JMP F40441EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C1810 5 Bytes JMP F4045C88 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6A2C360, 0x2255BD, 0xE8000020]
.text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0xB9A0C000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0xB9A2F050]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe[148] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[192] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[192] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[192] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00080EC8
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[448] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] wininet.dll!InternetConnectA 771B44DB 5 Bytes JMP 00130F54
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] wininet.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00130D24
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] wininet.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00130E3C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] wininet.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00130FE0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] wininet.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00130DB0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[576] wininet.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\nvsvc32.exe[852] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\nvsvc32.exe[852] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\nvsvc32.exe[852] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[852] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\nvsvc32.exe[852] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\nvsvc32.exe[852] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\Explorer.EXE[912] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[912] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[912] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[912] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[912] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[912] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[912] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[912] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[912] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[912] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[912] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[980] ADVAPI32.dll!DeleteService

jan.stuchly · #15 Příspěvek od **jan.stuchly** » 17 úno 2011 21:17

.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[1088] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1100] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\qttask.exe[1104] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\qttask.exe[1104] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\qttask.exe[1104] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\QuickTime\qttask.exe[1104] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\QuickTime\qttask.exe[1104] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\QuickTime\qttask.exe[1104] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\QuickTime\qttask.exe[1104] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\QuickTime\qttask.exe[1104] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\QuickTime\qttask.exe[1104] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\QuickTime\qttask.exe[1104] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\QuickTime\qttask.exe[1104] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\QuickTime\qttask.exe[1104] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\QuickTime\qttask.exe[1104] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\QuickTime\qttask.exe[1104] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\QuickTime\qttask.exe[1104] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\QuickTime\qttask.exe[1104] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\qttask.exe[1104] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\qttask.exe[1104] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\qttask.exe[1104] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\qttask.exe[1104] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\qttask.exe[1104] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\qttask.exe[1104] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\qttask.exe[1104] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\qttask.exe[1104] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\qttask.exe[1104] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\qttask.exe[1104] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\qttask.exe[1104] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\qttask.exe[1104] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1156] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[1188] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Cyberlink\Shared Files\brs.exe[1212] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00130F54
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00130D24
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00130E3C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00130FE0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00130DB0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00130EC8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1224] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00130F54
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00130D24
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00130E3C
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00130FE0
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00130DB0
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1232] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00130EC8
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[1240] ADVAPI32.dll!CreateServiceA

VIRY.CZ

Po připojení k internetu se PC během pár vteřin zcela sekne

Po připojení k internetu se PC během pár vteřin zcela sekne

Re: Po připojení k internetu se PC během pár vteřin zcela se

Re: Po připojení k internetu se PC během pár vteřin zcela se

Re: Po připojení k internetu se PC během pár vteřin zcela se

Re: Po připojení k internetu se PC během pár vteřin zcela se

Re: Po připojení k internetu se PC během pár vteřin zcela se

Re: Po připojení k internetu se PC během pár vteřin zcela se

Re: Po připojení k internetu se PC během pár vteřin zcela se

Re: Po připojení k internetu se PC během pár vteřin zcela se

Re: Po připojení k internetu se PC během pár vteřin zcela se

Re: Po připojení k internetu se PC během pár vteřin zcela se

Re: Po připojení k internetu se PC během pár vteřin zcela se

Re: Po připojení k internetu se PC během pár vteřin zcela se

Re: Po připojení k internetu se PC během pár vteřin zcela se

Re: Po připojení k internetu se PC během pár vteřin zcela se