na mem kompu sem zjistil ze mi vynechavaj tlacitka mys a prerostlo to hned i v prhozeni tlacitek. Dokonce se stane ze klikam ve firefoxu a nic se nedeje ani 1 tlacitkem = 5s mam tlacitka zamrzle ale ukazatel jezdi plynule.
Samozrejme tento problem se objevuje i u her a ve winu a jelikoz mam ntb tak i trackpad ma stejny problem, z cehoz plyne, ze to musi byt virus.. navic me obcas zpomali procesor a mam tam i moc procesu tak si to asi spousti sam, ale prave nevim co to je, ptz CCcleaner mi vse opravil i registra a stale nic tak tu je ten hijaklist:
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Users\User\Desktop\HiJackThis.exe
C:\Windows\system32\DllHost.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [IcqUpdater] "C:\Users\User\AppData\Local\Temp\IcqUpdater.exe" update 2260 Global\MMutexLib_Global_AppInstance_YzpccHJvZ3JhfjFcaWNxNy4xXGljcS5leGU "C:\Program Files\ICQ7.1\updates\downloaded" "C:\PROGRA~1\ICQ7.1\ICQ.exe silent loginmode=4 noupdate=1" autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hitman Pro 3.5 Crusader (Boot) (HitmanPro35CrusaderBoot) - Unknown owner - C:\Users\User\Desktop\HitmanPro35.exe (file missing)
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 8467 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
CHEK muj log - na 100% vir, DIK MOC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: CHEK muj log - na 100% vir, DIK MOC
Jeste jsem si vzpomel ze tyto preblemy zacali nejak, kdymi detecoval nejaky vir/malware Windows Defender tak sem kliknul na vymazani. ale ten problem pokracuje porad takze vymazal jen neco jineho ei teda vubec ptz zadny potvrzeni pak nenabehlo. Esi cete nejake este blizi info tak mi napiste ptz me to uz stve. ta mys si skoro dela co chce... kliknu 20x levym a udela mi to akorat prd. dokud nekliknu pravym parkrat aby to rozmrlo a vyskoci nabidka ale hned zajede, takze je to takove hadani s mysi at klika..... musi to byt nejaky vir !!
jo a ten virus mi neumoznuje tahat ikkony po plose, nebo treba odkazy ve firefoxu.... proste to nekopiruje do schranky, nebo treba dyz si chci prelozit slovo tak ho oznacim a kliknu levym a tahnu ho do google seearch panelu.... ale tazeni nejde, proste mi to nezaklikne abych moh tahnout
PLS heeeeeeelp, dik
jo a ten virus mi neumoznuje tahat ikkony po plose, nebo treba odkazy ve firefoxu.... proste to nekopiruje do schranky, nebo treba dyz si chci prelozit slovo tak ho oznacim a kliknu levym a tahnu ho do google seearch panelu.... ale tazeni nejde, proste mi to nezaklikne abych moh tahnout
PLS heeeeeeelp, dik
Naposledy upravil(a) Peloo dne 24 úno 2011 20:18, celkem upraveno 1 x.
Re: CHEK muj log - na 100% vir, DIK MOC
Dobrý večer
Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
Spusťte combofix podle tohoto návoduhttp://www.bleepingcomputer.com/combofi ... t-combofix
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: CHEK muj log - na 100% vir, DIK MOC
jo combofic jsem rozjel ale problem zatim pretrvava.. tu je vypis z logu:
ComboFix 11-02-24.05 - User 25.02.2011 10:06:45.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3071.2088 [GMT 1:00]
Spuštěný z: c:\users\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\IDropPTB.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-25 do 2011-02-25 )))))))))))))))))))))))))))))))
.
2011-02-25 09:15 . 2011-02-25 09:15 -------- d-----w- c:\users\User\AppData\Local\temp
2011-02-25 09:15 . 2011-02-25 09:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-24 21:59 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-24 18:27 . 2011-02-24 18:27 -------- d-----w- c:\program files\CCleaner
2011-02-23 18:32 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 18:32 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 17:15 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FA77A79-9A9A-4C14-A250-3E137FCD7DB8}\mpengine.dll
2011-02-09 19:07 . 2010-11-02 04:35 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-05 11:37 . 2011-02-05 11:38 -------- d-----w- c:\program files\ICQ7.4
2011-02-05 11:37 . 2011-02-05 11:37 -------- d-----w- c:\program files\Common Files\Java
2011-02-05 11:10 . 2011-02-05 11:10 -------- d-----w- c:\users\User\AppData\Roaming\GrabPro
2011-02-05 11:08 . 2011-02-05 12:15 -------- d-----w- c:\program files\Zrychleni Pocitace
2011-02-05 11:08 . 2011-02-05 11:33 -------- d-----w- C:\Downloads
2011-02-05 11:08 . 2011-02-05 11:08 -------- d-----w- c:\users\User\AppData\Roaming\ProgSense
2011-02-05 11:08 . 2011-02-05 11:09 -------- d-----w- c:\users\User\AppData\Local\OpenCandy
2011-02-05 11:08 . 2011-02-05 11:57 -------- d-----w- c:\users\User\AppData\Roaming\Orbit
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-26 16:40 . 2011-01-26 16:40 -------- d-----w- c:\programdata\EA Core
2011-01-26 16:38 . 2011-01-26 16:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-01-26 16:37 . 2011-01-26 16:48 -------- d-----w- c:\program files\Electronic Arts
2011-01-26 16:15 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-01-26 16:15 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-01-26 16:15 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-01-26 16:15 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-01-26 16:12 . 2011-01-27 14:12 -------- d-----w- c:\programdata\Solidshield
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-12-12 17:20 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2009-10-24 17:59 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-10-24 17:59 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-10-24 17:59 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2009-10-24 17:59 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-10-24 17:59 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2009-10-24 17:59 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2006-05-03 09:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2007-12-17 12:43 27648 --sha-w- c:\windows\System32\Smab0.dll
.
------- Sigcheck -------
[7] 2009-07-14 . 338C86357871C167A96AB976519BF59E . 21584 . . [6.1.7600.16385] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[7] 2009-07-14 . 338C86357871C167A96AB976519BF59E . 21584 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
c:\windows\System32\drivers\atapi.sys ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-02-05 119608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-09-11 2080768]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-3-19 2532680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Akcelerátor spuštění AutoCADu.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Akcelerátor spuštění AutoCADu.lnk
backup=c:\windows\pss\Akcelerátor spuštění AutoCADu.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-14 691696]
R1 SABKUTIL;SABKUTIL;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 135664]
R2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);c:\users\User\Desktop\HitmanPro35.exe [x]
R3 GarenaPEngine;GarenaPEngine;c:\users\User\AppData\Local\Temp\NYR72E2.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1343400]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-28 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-08-07 97536]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-11 64544]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
Obsah adresáře 'Naplánované úlohy'
2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 15:09]
2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 15:09]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wkcn0sno.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - %profile%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
MSConfigStartUp-IcqUpdater - c:\users\User\AppData\Local\Temp\IcqUpdater.exe
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HitmanPro35CrusaderBoot]
"ImagePath"="\"c:\users\User\Desktop\HitmanPro35.exe\" /crusader:boot"
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\User\AppData\Local\Temp\NYR72E2.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-3650195053-2355063675-1675847751-1000\Software\SecuROM\License information*]
"datasecu"=hex:93,60,d5,81,55,f6,0b,c4,51,a9,7a,8b,0a,47,91,2c,05,f6,dd,4b,7b,
65,65,83,19,98,02,18,19,ff,8d,ee,e5,60,20,e7,72,a3,87,58,7f,a4,45,ed,38,81,\
"rkeysecu"=hex:4f,b9,7b,22,99,63,28,5d,61,db,8f,fb,4e,fb,b3,42
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-02-25 10:18:42
ComboFix-quarantined-files.txt 2011-02-25 09:18
Před spuštěním: Volných bajtů: 18 199 871 488
Po spuštění: Volných bajtů: 18 087 407 616
- - End Of File - - E0FDB39C54B2F53E3A292434B8092844
ComboFix 11-02-24.05 - User 25.02.2011 10:06:45.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3071.2088 [GMT 1:00]
Spuštěný z: c:\users\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\IDropPTB.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-25 do 2011-02-25 )))))))))))))))))))))))))))))))
.
2011-02-25 09:15 . 2011-02-25 09:15 -------- d-----w- c:\users\User\AppData\Local\temp
2011-02-25 09:15 . 2011-02-25 09:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-24 21:59 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-24 18:27 . 2011-02-24 18:27 -------- d-----w- c:\program files\CCleaner
2011-02-23 18:32 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 18:32 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 17:15 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FA77A79-9A9A-4C14-A250-3E137FCD7DB8}\mpengine.dll
2011-02-09 19:07 . 2010-11-02 04:35 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-05 11:37 . 2011-02-05 11:38 -------- d-----w- c:\program files\ICQ7.4
2011-02-05 11:37 . 2011-02-05 11:37 -------- d-----w- c:\program files\Common Files\Java
2011-02-05 11:10 . 2011-02-05 11:10 -------- d-----w- c:\users\User\AppData\Roaming\GrabPro
2011-02-05 11:08 . 2011-02-05 12:15 -------- d-----w- c:\program files\Zrychleni Pocitace
2011-02-05 11:08 . 2011-02-05 11:33 -------- d-----w- C:\Downloads
2011-02-05 11:08 . 2011-02-05 11:08 -------- d-----w- c:\users\User\AppData\Roaming\ProgSense
2011-02-05 11:08 . 2011-02-05 11:09 -------- d-----w- c:\users\User\AppData\Local\OpenCandy
2011-02-05 11:08 . 2011-02-05 11:57 -------- d-----w- c:\users\User\AppData\Roaming\Orbit
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-26 16:40 . 2011-01-26 16:40 -------- d-----w- c:\programdata\EA Core
2011-01-26 16:38 . 2011-01-26 16:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-01-26 16:37 . 2011-01-26 16:48 -------- d-----w- c:\program files\Electronic Arts
2011-01-26 16:15 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-01-26 16:15 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-01-26 16:15 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-01-26 16:15 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-01-26 16:12 . 2011-01-27 14:12 -------- d-----w- c:\programdata\Solidshield
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-12-12 17:20 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2009-10-24 17:59 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-10-24 17:59 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-10-24 17:59 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2009-10-24 17:59 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-10-24 17:59 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2009-10-24 17:59 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2006-05-03 09:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2007-12-17 12:43 27648 --sha-w- c:\windows\System32\Smab0.dll
.
------- Sigcheck -------
[7] 2009-07-14 . 338C86357871C167A96AB976519BF59E . 21584 . . [6.1.7600.16385] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[7] 2009-07-14 . 338C86357871C167A96AB976519BF59E . 21584 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
c:\windows\System32\drivers\atapi.sys ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-02-05 119608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-09-11 2080768]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-3-19 2532680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Akcelerátor spuštění AutoCADu.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Akcelerátor spuštění AutoCADu.lnk
backup=c:\windows\pss\Akcelerátor spuštění AutoCADu.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-14 691696]
R1 SABKUTIL;SABKUTIL;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 135664]
R2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);c:\users\User\Desktop\HitmanPro35.exe [x]
R3 GarenaPEngine;GarenaPEngine;c:\users\User\AppData\Local\Temp\NYR72E2.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1343400]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-28 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-08-07 97536]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-11 64544]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
Obsah adresáře 'Naplánované úlohy'
2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 15:09]
2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 15:09]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wkcn0sno.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - %profile%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
MSConfigStartUp-IcqUpdater - c:\users\User\AppData\Local\Temp\IcqUpdater.exe
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HitmanPro35CrusaderBoot]
"ImagePath"="\"c:\users\User\Desktop\HitmanPro35.exe\" /crusader:boot"
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\User\AppData\Local\Temp\NYR72E2.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-3650195053-2355063675-1675847751-1000\Software\SecuROM\License information*]
"datasecu"=hex:93,60,d5,81,55,f6,0b,c4,51,a9,7a,8b,0a,47,91,2c,05,f6,dd,4b,7b,
65,65,83,19,98,02,18,19,ff,8d,ee,e5,60,20,e7,72,a3,87,58,7f,a4,45,ed,38,81,\
"rkeysecu"=hex:4f,b9,7b,22,99,63,28,5d,61,db,8f,fb,4e,fb,b3,42
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-02-25 10:18:42
ComboFix-quarantined-files.txt 2011-02-25 09:18
Před spuštěním: Volných bajtů: 18 199 871 488
Po spuštění: Volných bajtů: 18 087 407 616
- - End Of File - - E0FDB39C54B2F53E3A292434B8092844
Re: CHEK muj log - na 100% vir, DIK MOC
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
Restore::
c:\windows\System32\drivers\atapi.sys
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: CHEK muj log - na 100% vir, DIK MOC
Po cinnosti combofixu jelo spravne leve tlac. na mysi a i prave jede. a sice troska ma porad nejake zpozdeni
ale vyzkousim to a jeste do 24h naúisu odezvu ... LOG DOWN:
ComboFix 11-02-25.02 - User 26.02.2011 20:06:57.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3071.2095 [GMT 1:00]
Spuštěný z: c:\users\User\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\User\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
Nakažená kopie c:\windows\System32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-26 do 2011-02-26 )))))))))))))))))))))))))))))))
.
2011-02-26 19:16 . 2011-02-26 19:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-26 19:06 . 2009-07-14 01:26 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2011-02-25 18:04 . 2011-02-25 18:04 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-25 18:04 . 2011-02-25 18:04 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-25 18:04 . 2011-02-25 18:04 -------- d-----w- c:\program files\OpenAL
2011-02-25 18:02 . 2004-12-05 18:38 102400 ----a-w- c:\windows\system\OpenAL32.dll
2011-02-25 17:07 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CACB8F0-2004-4432-B291-03EFF485088F}\mpengine.dll
2011-02-25 09:18 . 2011-02-26 19:19 -------- d-----w- c:\users\User\AppData\Local\temp
2011-02-24 21:59 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-24 18:27 . 2011-02-24 18:27 -------- d-----w- c:\program files\CCleaner
2011-02-23 18:32 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 18:32 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-09 19:07 . 2010-11-02 04:35 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-05 11:37 . 2011-02-05 11:38 -------- d-----w- c:\program files\ICQ7.4
2011-02-05 11:37 . 2011-02-05 11:37 -------- d-----w- c:\program files\Common Files\Java
2011-02-05 11:10 . 2011-02-05 11:10 -------- d-----w- c:\users\User\AppData\Roaming\GrabPro
2011-02-05 11:08 . 2011-02-05 12:15 -------- d-----w- c:\program files\Zrychleni Pocitace
2011-02-05 11:08 . 2011-02-05 11:33 -------- d-----w- C:\Downloads
2011-02-05 11:08 . 2011-02-05 11:08 -------- d-----w- c:\users\User\AppData\Roaming\ProgSense
2011-02-05 11:08 . 2011-02-05 11:09 -------- d-----w- c:\users\User\AppData\Local\OpenCandy
2011-02-05 11:08 . 2011-02-05 11:57 -------- d-----w- c:\users\User\AppData\Roaming\Orbit
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2009-10-16 13:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-13 08:47 . 2010-12-12 17:20 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2009-10-24 17:59 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-10-24 17:59 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-10-24 17:59 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2009-10-24 17:59 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-10-24 17:59 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2009-10-24 17:59 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2006-05-03 09:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2007-12-17 12:43 27648 --sha-w- c:\windows\System32\Smab0.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-02-05 119608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-09-11 2080768]
"ITSecMng"="%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [BU]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-3-19 2532680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Akcelerátor spuštění AutoCADu.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Akcelerátor spuštění AutoCADu.lnk
backup=c:\windows\pss\Akcelerátor spuštění AutoCADu.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-14 691696]
R1 SABKUTIL;SABKUTIL;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 135664]
R2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);c:\users\User\Desktop\HitmanPro35.exe [x]
R3 GarenaPEngine;GarenaPEngine;c:\users\User\AppData\Local\Temp\NYR72E2.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1343400]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-28 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-08-07 97536]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-11 64544]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
Obsah adresáře 'Naplánované úlohy'
2011-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 15:09]
2011-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 15:09]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wkcn0sno.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - %profile%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-'DIRT 2'_is1 - d:\games\Dirt 2\unins000.exe
AddRemove-Call of Duty Modern Warfare 2_is1 - d:\gamels\Modern Warfare 2\unins000.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HitmanPro35CrusaderBoot]
"ImagePath"="\"c:\users\User\Desktop\HitmanPro35.exe\" /crusader:boot"
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\User\AppData\Local\Temp\NYR72E2.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-3650195053-2355063675-1675847751-1000\Software\SecuROM\License information*]
"datasecu"=hex:93,60,d5,81,55,f6,0b,c4,51,a9,7a,8b,0a,47,91,2c,05,f6,dd,4b,7b,
65,65,83,19,98,02,18,19,ff,8d,ee,e5,60,20,e7,72,a3,87,58,7f,a4,45,ed,38,81,\
"rkeysecu"=hex:4f,b9,7b,22,99,63,28,5d,61,db,8f,fb,4e,fb,b3,42
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(4940)
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\nvshext.dll
c:\windows\system32\nvapi.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Nero\Nero 7\Nero BackItUp\NBShell.dll
c:\program files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll
c:\program files\WinRAR\rarext.dll
c:\program files\WinRAR\rarlng.dll
c:\program files\Autodesk\Inventor 2009\Bin\utx.dll
c:\program files\VirtualCloneDrive\ElbyVCDShell.dll
c:\program files\Common Files\Ahead\Lib\MediaLibraryNSE.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2011-02-26 20:24:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-26 19:24
ComboFix2.txt 2011-02-25 09:18
Před spuštěním: Volných bajtů: 19 191 414 784
Po spuštění: Volných bajtů: 18 944 016 384
- - End Of File - - 0A4EB28392F8CF718F052B5A584B3FA5
ale vyzkousim to a jeste do 24h naúisu odezvu ... LOG DOWN:
ComboFix 11-02-25.02 - User 26.02.2011 20:06:57.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3071.2095 [GMT 1:00]
Spuštěný z: c:\users\User\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\User\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
Nakažená kopie c:\windows\System32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-26 do 2011-02-26 )))))))))))))))))))))))))))))))
.
2011-02-26 19:16 . 2011-02-26 19:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-26 19:06 . 2009-07-14 01:26 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2011-02-25 18:04 . 2011-02-25 18:04 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-25 18:04 . 2011-02-25 18:04 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-25 18:04 . 2011-02-25 18:04 -------- d-----w- c:\program files\OpenAL
2011-02-25 18:02 . 2004-12-05 18:38 102400 ----a-w- c:\windows\system\OpenAL32.dll
2011-02-25 17:07 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CACB8F0-2004-4432-B291-03EFF485088F}\mpengine.dll
2011-02-25 09:18 . 2011-02-26 19:19 -------- d-----w- c:\users\User\AppData\Local\temp
2011-02-24 21:59 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-24 18:27 . 2011-02-24 18:27 -------- d-----w- c:\program files\CCleaner
2011-02-23 18:32 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 18:32 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-09 19:07 . 2010-11-02 04:35 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-05 11:37 . 2011-02-05 11:38 -------- d-----w- c:\program files\ICQ7.4
2011-02-05 11:37 . 2011-02-05 11:37 -------- d-----w- c:\program files\Common Files\Java
2011-02-05 11:10 . 2011-02-05 11:10 -------- d-----w- c:\users\User\AppData\Roaming\GrabPro
2011-02-05 11:08 . 2011-02-05 12:15 -------- d-----w- c:\program files\Zrychleni Pocitace
2011-02-05 11:08 . 2011-02-05 11:33 -------- d-----w- C:\Downloads
2011-02-05 11:08 . 2011-02-05 11:08 -------- d-----w- c:\users\User\AppData\Roaming\ProgSense
2011-02-05 11:08 . 2011-02-05 11:09 -------- d-----w- c:\users\User\AppData\Local\OpenCandy
2011-02-05 11:08 . 2011-02-05 11:57 -------- d-----w- c:\users\User\AppData\Roaming\Orbit
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2009-10-16 13:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-13 08:47 . 2010-12-12 17:20 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2009-10-24 17:59 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-10-24 17:59 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-10-24 17:59 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2009-10-24 17:59 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-10-24 17:59 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2009-10-24 17:59 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2006-05-03 09:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2007-12-17 12:43 27648 --sha-w- c:\windows\System32\Smab0.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-02-05 119608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-09-11 2080768]
"ITSecMng"="%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [BU]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-3-19 2532680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Akcelerátor spuštění AutoCADu.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Akcelerátor spuštění AutoCADu.lnk
backup=c:\windows\pss\Akcelerátor spuštění AutoCADu.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-14 691696]
R1 SABKUTIL;SABKUTIL;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 135664]
R2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);c:\users\User\Desktop\HitmanPro35.exe [x]
R3 GarenaPEngine;GarenaPEngine;c:\users\User\AppData\Local\Temp\NYR72E2.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1343400]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-28 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-08-07 97536]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-11 64544]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
Obsah adresáře 'Naplánované úlohy'
2011-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 15:09]
2011-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 15:09]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wkcn0sno.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - %profile%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-'DIRT 2'_is1 - d:\games\Dirt 2\unins000.exe
AddRemove-Call of Duty Modern Warfare 2_is1 - d:\gamels\Modern Warfare 2\unins000.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HitmanPro35CrusaderBoot]
"ImagePath"="\"c:\users\User\Desktop\HitmanPro35.exe\" /crusader:boot"
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\User\AppData\Local\Temp\NYR72E2.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-3650195053-2355063675-1675847751-1000\Software\SecuROM\License information*]
"datasecu"=hex:93,60,d5,81,55,f6,0b,c4,51,a9,7a,8b,0a,47,91,2c,05,f6,dd,4b,7b,
65,65,83,19,98,02,18,19,ff,8d,ee,e5,60,20,e7,72,a3,87,58,7f,a4,45,ed,38,81,\
"rkeysecu"=hex:4f,b9,7b,22,99,63,28,5d,61,db,8f,fb,4e,fb,b3,42
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(4940)
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\nvshext.dll
c:\windows\system32\nvapi.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Nero\Nero 7\Nero BackItUp\NBShell.dll
c:\program files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll
c:\program files\WinRAR\rarext.dll
c:\program files\WinRAR\rarlng.dll
c:\program files\Autodesk\Inventor 2009\Bin\utx.dll
c:\program files\VirtualCloneDrive\ElbyVCDShell.dll
c:\program files\Common Files\Ahead\Lib\MediaLibraryNSE.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2011-02-26 20:24:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-26 19:24
ComboFix2.txt 2011-02-25 09:18
Před spuštěním: Volných bajtů: 19 191 414 784
Po spuštění: Volných bajtů: 18 944 016 384
- - End Of File - - 0A4EB28392F8CF718F052B5A584B3FA5
Re: CHEK muj log - na 100% vir, DIK MOC
Ještě něco doladíme, ale raději bych ještě počítač zkontrolovala na rootkity.
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: CHEK muj log - na 100% vir, DIK MOC
uz du na to, jen ten problem asi pretrvava, jelikoz leve mysitko sice funugjeje ale obcas mi taky proste vyhodi nabidku, i kdyz to ma udelat jen prave. U praveho mysitka, ktere teda zrejme problem zpusobuje, jelikoz nabikda z leveho vyskouci jen, kdyz se nestihne nacist a zobrazit nabidka z praveho mysitka.
A po zakliknuti praveho a tahnuti na plose, se pri pusteni tlacitka ma zakonitě zobrazit nabika, avsak bud se nezobrazi vubec, nebo az po par sekundach naskoci.
Zaver je tedy ten, ze zaklikam-li rychle na prave mysitko, jeho reakce je zpomalena... napr u hrani pocitacovyh her se z reakce praveho tlacitka stane delay az 5s... ci dokonce diky prodlouzeni efektu napr. klikam a nahle prestanu, avsak mys jest 3-5s klika jako ozivot a vpodstate sama od sebe
btw thx a lot ztm za pomoc, jelikoz uz se nam tom da alespon smysluplne pracovat a surfovat.
A po zakliknuti praveho a tahnuti na plose, se pri pusteni tlacitka ma zakonitě zobrazit nabika, avsak bud se nezobrazi vubec, nebo az po par sekundach naskoci.
Zaver je tedy ten, ze zaklikam-li rychle na prave mysitko, jeho reakce je zpomalena... napr u hrani pocitacovyh her se z reakce praveho tlacitka stane delay az 5s... ci dokonce diky prodlouzeni efektu napr. klikam a nahle prestanu, avsak mys jest 3-5s klika jako ozivot a vpodstate sama od sebe
btw thx a lot ztm za pomoc, jelikoz uz se nam tom da alespon smysluplne pracovat a surfovat.
Re: CHEK muj log - na 100% vir, DIK MOC
A není tohle myší? Máte možnost ji vyměnit?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: CHEK muj log - na 100% vir, DIK MOC
moznost ji vymenit nemam zatim, ale skusim ji dat na stary PC a udim esi ta chyba bude stejna, kazdopadne trackpad na noteboku uz jede a aji vcelku bez problemu. jen to prave tlacitko masi blbne, tal jesi se to potvrdi tak si hned kupuji novou
Re: CHEK muj log - na 100% vir, DIK MOC
Udělejte ten gmer, ale odzkoušejte i myš, at se nehoním za virem, který není 
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: CHEK muj log - na 100% vir, DIK MOC
ok tak uz jsem to asi rozlustil... problem bude v mysi, jelikoz po pripojeni na jiny notebook vykazoval kurzor stejne zamtene chovani po pouziti praveho mysitka. Pri pouziti trackpadu na obou ntb mys jela spravne a tedy to musi byt problem vymackaneho praveho tlacitka, nikoliv tedy viru ci jineho malware, ikdyz podezreni na infekci bylo docela pravdepodobne.
Prikladam jeste 2x vypis z GMER. nejprve mi prestatl pracovat pri provadeni 2.scanu a pote(po znovu spusteni gmeru) mi 2x spadl windowns do modre obrazovky - vypis fyzicke pameti na disc, ale napotreti vse probhlo OK:P:P:P
Tedy vypis 1:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-26 21:24:17
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK5055GSX rev.FG001A
Running: gmer.exe; Driver: C:\Users\User\AppData\Local\Temp\uxldapog.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8F8BD8DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
2 část - SECOND PART HERE:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-26 21:56:46
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK5055GSX rev.FG001A
Running: gmer.exe; Driver: C:\Users\User\AppData\Local\Temp\uxldapog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8BB3D9CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8F8A8A68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8BB3FEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8BB3FF04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8BB4001A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8BB3FE02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8BB3FF54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8BB3FE56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8BB3FFC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8BB3D9EE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8F8A8B18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8BB3D7B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8BB3DA12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8BB40412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8BB3E4AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8BB3FEDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8BB3FF2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8BB40044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8BB3FE2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8BB3FF94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8BB3FE84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8BB3FFF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8F8A8BB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8BB3E370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8BB3DA36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8BB3DA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8BB3D812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8BB3D94E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8BB3D92A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8BB3D972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8BB3DA7E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8F8BD8DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E8D589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB2092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 214 82EB9824 4 Bytes [CA, D9, B3, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82EB984C 4 Bytes [68, 8A, 8A, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82EB9900 8 Bytes [AC, FE, B3, 8B, 04, FF, B3, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82EB990C 4 Bytes [1A, 00, B4, 8B] {SBB AL, [EAX]; MOV AH, 0x8b}
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82EB9928 4 Bytes [02, FE, B3, 8B] {ADD BH, DH; MOV BL, 0x8b}
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 830532CB 5 Bytes JMP 8F8B929E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 8306D003 5 Bytes JMP 8F8BAD50 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 830B75CA 4 Bytes CALL 8BB3EE3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 830BF6A5 4 Bytes CALL 8BB3EE51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 831252F4 7 Bytes JMP 8F8BD8E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA1756300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA1799300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[480] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[480] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[480] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00200120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[480] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0020006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[480] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 002000E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[480] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00200030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[480] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 002000A8
.text C:\Windows\system32\wininit.exe[532] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0003006C
.text C:\Windows\system32\wininit.exe[532] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00030030
.text C:\Windows\system32\wininit.exe[532] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00100120
.text C:\Windows\system32\wininit.exe[532] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0010006C
.text C:\Windows\system32\wininit.exe[532] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001000E4
.text C:\Windows\system32\wininit.exe[532] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00100030
.text C:\Windows\system32\wininit.exe[532] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001000A8
.text C:\Windows\system32\services.exe[584] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\services.exe[584] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\lsass.exe[616] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\lsass.exe[616] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\lsass.exe[616] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00210120
.text C:\Windows\system32\lsass.exe[616] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0021006C
.text C:\Windows\system32\lsass.exe[616] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 002100E4
.text C:\Windows\system32\lsass.exe[616] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00210030
.text C:\Windows\system32\lsass.exe[616] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 002100A8
.text C:\Windows\system32\lsm.exe[624] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\lsm.exe[624] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\nvvsvc.exe[792] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Windows\system32\nvvsvc.exe[792] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Windows\system32\nvvsvc.exe[792] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00180120
.text C:\Windows\system32\nvvsvc.exe[792] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0018006C
.text C:\Windows\system32\nvvsvc.exe[792] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001800E4
.text C:\Windows\system32\nvvsvc.exe[792] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00180030
.text C:\Windows\system32\nvvsvc.exe[792] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001800A8
.text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0003006C
.text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00030030
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00050120
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0005006C
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 000500E4
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00050030
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 000500A8
.text C:\Windows\system32\svchost.exe[856] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[856] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[948] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[948] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[948] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00170120
.text C:\Windows\System32\svchost.exe[948] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0017006C
.text C:\Windows\System32\svchost.exe[948] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001700E4
.text C:\Windows\System32\svchost.exe[948] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00170030
.text C:\Windows\System32\svchost.exe[948] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001700A8
.text C:\Windows\System32\svchost.exe[1016] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[1016] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!UnhookWindowsHookEx 778FCC7B 3 Bytes JMP 00900120
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!UnhookWindowsHookEx + 4 778FCC7F 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!UnhookWinEvent 778FD924 3 Bytes JMP 0090006C
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!UnhookWinEvent + 4 778FD928 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 009000E4
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00900030
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 009000A8
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 011A0120
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 011A006C
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 011A00E4
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 011A0030
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 011A00A8
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00A20120
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 00A2006C
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 00A200E4
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00A20030
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 00A200A8
.text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 000A006C
.text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 000A0030
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00AC0120
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 00AC006C
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 00AC00E4
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00AC0030
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 00AC00A8
.text C:\Windows\system32\taskeng.exe[1304] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\taskeng.exe[1304] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\taskeng.exe[1304] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 000F0120
.text C:\Windows\system32\taskeng.exe[1304] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 000F006C
.text C:\Windows\system32\taskeng.exe[1304] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 000F00E4
.text C:\Windows\system32\taskeng.exe[1304] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 000F0030
.text C:\Windows\system32\taskeng.exe[1304] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 000F00A8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1396] kernel32.dll!SetUnhandledExceptionFilter 76B33162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\system32\nvvsvc.exe[1416] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Windows\system32\nvvsvc.exe[1416] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Windows\system32\nvvsvc.exe[1416] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001F0120
.text C:\Windows\system32\nvvsvc.exe[1416] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001F006C
.text C:\Windows\system32\nvvsvc.exe[1416] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001F00E4
.text C:\Windows\system32\nvvsvc.exe[1416] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001F0030
.text C:\Windows\system32\nvvsvc.exe[1416] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001F00A8
.text C:\Windows\system32\wbem\unsecapp.exe[1468] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\wbem\unsecapp.exe[1468] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\wbem\unsecapp.exe[1468] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001F0120
.text C:\Windows\system32\wbem\unsecapp.exe[1468] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001F006C
.text C:\Windows\system32\wbem\unsecapp.exe[1468] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001F00E4
.text C:\Windows\system32\wbem\unsecapp.exe[1468] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001F0030
.text C:\Windows\system32\wbem\unsecapp.exe[1468] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001F00A8
.text C:\Windows\system32\Dwm.exe[1584] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 000A006C
.text C:\Windows\system32\Dwm.exe[1584] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 000A0030
.text C:\Windows\system32\Dwm.exe[1584] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00130120
.text C:\Windows\system32\Dwm.exe[1584] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0013006C
.text C:\Windows\system32\Dwm.exe[1584] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001300E4
.text C:\Windows\system32\Dwm.exe[1584] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00130030
.text C:\Windows\system32\Dwm.exe[1584] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001300A8
.text C:\Windows\Explorer.EXE[1616] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\Explorer.EXE[1616] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\Explorer.EXE[1616] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001A0120
.text C:\Windows\Explorer.EXE[1616] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001A006C
.text C:\Windows\Explorer.EXE[1616] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001A00E4
.text C:\Windows\Explorer.EXE[1616] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001A0030
.text C:\Windows\Explorer.EXE[1616] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001A00A8
.text C:\Windows\System32\spoolsv.exe[1896] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 000B006C
.text C:\Windows\System32\spoolsv.exe[1896] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 000B0030
.text C:\Windows\System32\spoolsv.exe[1896] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00250120
.text C:\Windows\System32\spoolsv.exe[1896] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0025006C
.text C:\Windows\System32\spoolsv.exe[1896] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 002500E4
.text C:\Windows\System32\spoolsv.exe[1896] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00250030
.text C:\Windows\System32\spoolsv.exe[1896] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 002500A8
.text C:\Windows\system32\taskhost.exe[1904] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskhost.exe[1904] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00050030
.text C:\Windows\system32\taskhost.exe[1904] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 000E0120
.text C:\Windows\system32\taskhost.exe[1904] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 000E006C
.text C:\Windows\system32\taskhost.exe[1904] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 000E00E4
.text C:\Windows\system32\taskhost.exe[1904] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 000E0030
Prikladam jeste 2x vypis z GMER. nejprve mi prestatl pracovat pri provadeni 2.scanu a pote(po znovu spusteni gmeru) mi 2x spadl windowns do modre obrazovky - vypis fyzicke pameti na disc, ale napotreti vse probhlo OK
:P:P:P Tedy vypis 1:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-26 21:24:17
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK5055GSX rev.FG001A
Running: gmer.exe; Driver: C:\Users\User\AppData\Local\Temp\uxldapog.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8F8BD8DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
2 část - SECOND PART HERE:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-26 21:56:46
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK5055GSX rev.FG001A
Running: gmer.exe; Driver: C:\Users\User\AppData\Local\Temp\uxldapog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8BB3D9CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8F8A8A68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8BB3FEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8BB3FF04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8BB4001A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8BB3FE02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8BB3FF54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8BB3FE56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8BB3FFC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8BB3D9EE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8F8A8B18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8BB3D7B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8BB3DA12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8BB40412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8BB3E4AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8BB3FEDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8BB3FF2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8BB40044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8BB3FE2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8BB3FF94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8BB3FE84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8BB3FFF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8F8A8BB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8BB3E370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8BB3DA36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8BB3DA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8BB3D812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8BB3D94E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8BB3D92A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8BB3D972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8BB3DA7E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8F8BD8DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E8D589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB2092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 214 82EB9824 4 Bytes [CA, D9, B3, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82EB984C 4 Bytes [68, 8A, 8A, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82EB9900 8 Bytes [AC, FE, B3, 8B, 04, FF, B3, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82EB990C 4 Bytes [1A, 00, B4, 8B] {SBB AL, [EAX]; MOV AH, 0x8b}
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82EB9928 4 Bytes [02, FE, B3, 8B] {ADD BH, DH; MOV BL, 0x8b}
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 830532CB 5 Bytes JMP 8F8B929E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 8306D003 5 Bytes JMP 8F8BAD50 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 830B75CA 4 Bytes CALL 8BB3EE3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 830BF6A5 4 Bytes CALL 8BB3EE51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 831252F4 7 Bytes JMP 8F8BD8E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA1756300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA1799300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[480] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[480] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[480] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00200120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[480] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0020006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[480] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 002000E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[480] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00200030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[480] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 002000A8
.text C:\Windows\system32\wininit.exe[532] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0003006C
.text C:\Windows\system32\wininit.exe[532] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00030030
.text C:\Windows\system32\wininit.exe[532] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00100120
.text C:\Windows\system32\wininit.exe[532] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0010006C
.text C:\Windows\system32\wininit.exe[532] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001000E4
.text C:\Windows\system32\wininit.exe[532] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00100030
.text C:\Windows\system32\wininit.exe[532] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001000A8
.text C:\Windows\system32\services.exe[584] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\services.exe[584] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\lsass.exe[616] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\lsass.exe[616] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\lsass.exe[616] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00210120
.text C:\Windows\system32\lsass.exe[616] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0021006C
.text C:\Windows\system32\lsass.exe[616] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 002100E4
.text C:\Windows\system32\lsass.exe[616] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00210030
.text C:\Windows\system32\lsass.exe[616] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 002100A8
.text C:\Windows\system32\lsm.exe[624] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\lsm.exe[624] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\nvvsvc.exe[792] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Windows\system32\nvvsvc.exe[792] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Windows\system32\nvvsvc.exe[792] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00180120
.text C:\Windows\system32\nvvsvc.exe[792] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0018006C
.text C:\Windows\system32\nvvsvc.exe[792] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001800E4
.text C:\Windows\system32\nvvsvc.exe[792] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00180030
.text C:\Windows\system32\nvvsvc.exe[792] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001800A8
.text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0003006C
.text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00030030
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00050120
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0005006C
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 000500E4
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00050030
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 000500A8
.text C:\Windows\system32\svchost.exe[856] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[856] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[948] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[948] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[948] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00170120
.text C:\Windows\System32\svchost.exe[948] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0017006C
.text C:\Windows\System32\svchost.exe[948] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001700E4
.text C:\Windows\System32\svchost.exe[948] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00170030
.text C:\Windows\System32\svchost.exe[948] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001700A8
.text C:\Windows\System32\svchost.exe[1016] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[1016] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!UnhookWindowsHookEx 778FCC7B 3 Bytes JMP 00900120
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!UnhookWindowsHookEx + 4 778FCC7F 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!UnhookWinEvent 778FD924 3 Bytes JMP 0090006C
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!UnhookWinEvent + 4 778FD928 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 009000E4
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00900030
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 009000A8
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 011A0120
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 011A006C
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 011A00E4
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 011A0030
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 011A00A8
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00A20120
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 00A2006C
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 00A200E4
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00A20030
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 00A200A8
.text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 000A006C
.text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 000A0030
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00AC0120
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 00AC006C
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 00AC00E4
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00AC0030
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 00AC00A8
.text C:\Windows\system32\taskeng.exe[1304] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\taskeng.exe[1304] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\taskeng.exe[1304] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 000F0120
.text C:\Windows\system32\taskeng.exe[1304] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 000F006C
.text C:\Windows\system32\taskeng.exe[1304] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 000F00E4
.text C:\Windows\system32\taskeng.exe[1304] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 000F0030
.text C:\Windows\system32\taskeng.exe[1304] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 000F00A8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1396] kernel32.dll!SetUnhandledExceptionFilter 76B33162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\system32\nvvsvc.exe[1416] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Windows\system32\nvvsvc.exe[1416] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Windows\system32\nvvsvc.exe[1416] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001F0120
.text C:\Windows\system32\nvvsvc.exe[1416] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001F006C
.text C:\Windows\system32\nvvsvc.exe[1416] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001F00E4
.text C:\Windows\system32\nvvsvc.exe[1416] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001F0030
.text C:\Windows\system32\nvvsvc.exe[1416] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001F00A8
.text C:\Windows\system32\wbem\unsecapp.exe[1468] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\wbem\unsecapp.exe[1468] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\wbem\unsecapp.exe[1468] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001F0120
.text C:\Windows\system32\wbem\unsecapp.exe[1468] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001F006C
.text C:\Windows\system32\wbem\unsecapp.exe[1468] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001F00E4
.text C:\Windows\system32\wbem\unsecapp.exe[1468] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001F0030
.text C:\Windows\system32\wbem\unsecapp.exe[1468] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001F00A8
.text C:\Windows\system32\Dwm.exe[1584] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 000A006C
.text C:\Windows\system32\Dwm.exe[1584] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 000A0030
.text C:\Windows\system32\Dwm.exe[1584] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00130120
.text C:\Windows\system32\Dwm.exe[1584] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0013006C
.text C:\Windows\system32\Dwm.exe[1584] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001300E4
.text C:\Windows\system32\Dwm.exe[1584] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00130030
.text C:\Windows\system32\Dwm.exe[1584] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001300A8
.text C:\Windows\Explorer.EXE[1616] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\Explorer.EXE[1616] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\Explorer.EXE[1616] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001A0120
.text C:\Windows\Explorer.EXE[1616] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001A006C
.text C:\Windows\Explorer.EXE[1616] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001A00E4
.text C:\Windows\Explorer.EXE[1616] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001A0030
.text C:\Windows\Explorer.EXE[1616] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001A00A8
.text C:\Windows\System32\spoolsv.exe[1896] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 000B006C
.text C:\Windows\System32\spoolsv.exe[1896] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 000B0030
.text C:\Windows\System32\spoolsv.exe[1896] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00250120
.text C:\Windows\System32\spoolsv.exe[1896] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0025006C
.text C:\Windows\System32\spoolsv.exe[1896] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 002500E4
.text C:\Windows\System32\spoolsv.exe[1896] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00250030
.text C:\Windows\System32\spoolsv.exe[1896] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 002500A8
.text C:\Windows\system32\taskhost.exe[1904] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskhost.exe[1904] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00050030
.text C:\Windows\system32\taskhost.exe[1904] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 000E0120
.text C:\Windows\system32\taskhost.exe[1904] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 000E006C
.text C:\Windows\system32\taskhost.exe[1904] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 000E00E4
.text C:\Windows\system32\taskhost.exe[1904] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 000E0030
Re: CHEK muj log - na 100% vir, DIK MOC
.text C:\Windows\system32\taskhost.exe[1904] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 000E00A8
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[1956] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001E0120
.text C:\Windows\system32\svchost.exe[1956] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001E006C
.text C:\Windows\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001E00E4
.text C:\Windows\system32\svchost.exe[1956] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001E0030
.text C:\Windows\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExA 77926DFA 3 Bytes JMP 001E00A8
.text C:\Windows\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExA + 4 77926DFE 1 Byte [88]
.text C:\Windows\system32\svchost.exe[1984] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1984] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[1984] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 009E0120
.text C:\Windows\system32\svchost.exe[1984] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 009E006C
.text C:\Windows\system32\svchost.exe[1984] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 009E00E4
.text C:\Windows\system32\svchost.exe[1984] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 009E0030
.text C:\Windows\system32\svchost.exe[1984] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 009E00A8
.text C:\Program Files\System Control Manager\MSIService.exe[2052] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\System Control Manager\MSIService.exe[2052] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\System Control Manager\MSIService.exe[2052] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00200120
.text C:\Program Files\System Control Manager\MSIService.exe[2052] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0020006C
.text C:\Program Files\System Control Manager\MSIService.exe[2052] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 002000E4
.text C:\Program Files\System Control Manager\MSIService.exe[2052] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00200030
.text C:\Program Files\System Control Manager\MSIService.exe[2052] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 002000A8
.text C:\Windows\system32\wbem\wmiprvse.exe[2240] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\wbem\wmiprvse.exe[2240] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\wbem\wmiprvse.exe[2240] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00140120
.text C:\Windows\system32\wbem\wmiprvse.exe[2240] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0014006C
.text C:\Windows\system32\wbem\wmiprvse.exe[2240] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001400E4
.text C:\Windows\system32\wbem\wmiprvse.exe[2240] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00140030
.text C:\Windows\system32\wbem\wmiprvse.exe[2240] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001400A8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2272] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2272] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2272] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00310120
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2272] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0031006C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2272] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 003100E4
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2272] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00310030
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2272] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 003100A8
.text C:\Program Files\VirtualCloneDrive\VCDDaemon.exe[2292] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\VirtualCloneDrive\VCDDaemon.exe[2292] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\VirtualCloneDrive\VCDDaemon.exe[2292] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00210120
.text C:\Program Files\VirtualCloneDrive\VCDDaemon.exe[2292] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0021006C
.text C:\Program Files\VirtualCloneDrive\VCDDaemon.exe[2292] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 002100E4
.text C:\Program Files\VirtualCloneDrive\VCDDaemon.exe[2292] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00210030
.text C:\Program Files\VirtualCloneDrive\VCDDaemon.exe[2292] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 002100A8
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[2360] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[2360] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[2360] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00200120
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[2360] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0020006C
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[2360] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 002000E4
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[2360] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00200030
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[2360] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 002000A8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2392] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2392] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2392] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001E0120
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2392] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001E006C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2392] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001E00E4
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2392] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001E0030
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2392] USER32.dll!SetWindowsHookExA 77926DFA 3 Bytes JMP 001E00A8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2392] USER32.dll!SetWindowsHookExA + 4 77926DFE 1 Byte [88]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2464] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2464] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2464] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00180120
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2464] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0018006C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2464] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001800E4
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2464] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00180030
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2464] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001800A8
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2580] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 000E006C
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2580] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 000E0030
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2580] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001A0120
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2580] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001A006C
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2580] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001A00E4
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2580] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001A0030
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2580] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001A00A8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2624] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2624] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2624] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 007A0120
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2624] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 007A006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2624] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 007A00E4
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2624] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 007A0030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2624] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 007A00A8
.text C:\Windows\system32\wbem\wmiprvse.exe[2632] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\wbem\wmiprvse.exe[2632] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\wbem\wmiprvse.exe[2632] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00140120
.text C:\Windows\system32\wbem\wmiprvse.exe[2632] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0014006C
.text C:\Windows\system32\wbem\wmiprvse.exe[2632] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001400E4
.text C:\Windows\system32\wbem\wmiprvse.exe[2632] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00140030
.text C:\Windows\system32\wbem\wmiprvse.exe[2632] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001400A8
.text C:\Windows\system32\PnkBstrA.exe[2892] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0015006C
.text C:\Windows\system32\PnkBstrA.exe[2892] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00150030
.text C:\Windows\system32\PnkBstrA.exe[2892] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00170120
.text C:\Windows\system32\PnkBstrA.exe[2892] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0017006C
.text C:\Windows\system32\PnkBstrA.exe[2892] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001700E4
.text C:\Windows\system32\PnkBstrA.exe[2892] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00170030
.text C:\Windows\system32\PnkBstrA.exe[2892] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001700A8
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2924] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 000A006C
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2924] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 000A0030
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3128] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 000E006C
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3128] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 000E0030
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3128] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00180120
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3128] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0018006C
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3128] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001800E4
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3128] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00180030
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3128] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001800A8
.text C:\Windows\system32\svchost.exe[3160] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 000A006C
.text C:\Windows\system32\svchost.exe[3160] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 000A0030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3208] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3208] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3208] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001F0120
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3208] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001F006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3208] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001F00E4
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3208] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001F0030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3208] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001F00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3296] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0005006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3296] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00050030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3296] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00270120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3296] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0027006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3296] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 002700E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3296] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00270030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3296] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 002700A8
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3480] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3480] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3480] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001E0120
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3480] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001E006C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3480] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001E00E4
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3480] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001E0030
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3480] USER32.dll!SetWindowsHookExA 77926DFA 3 Bytes JMP 001E00A8
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3480] USER32.dll!SetWindowsHookExA + 4 77926DFE 1 Byte [88]
.text C:\Windows\system32\SearchIndexer.exe[3516] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\SearchIndexer.exe[3516] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\SearchIndexer.exe[3516] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00110120
.text C:\Windows\system32\SearchIndexer.exe[3516] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0011006C
.text C:\Windows\system32\SearchIndexer.exe[3516] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001100E4
.text C:\Windows\system32\SearchIndexer.exe[3516] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00110030
.text C:\Windows\system32\SearchIndexer.exe[3516] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001100A8
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3548] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3548] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3548] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001E0120
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3548] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001E006C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3548] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001E00E4
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3548] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001E0030
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3548] USER32.dll!SetWindowsHookExA 77926DFA 3 Bytes JMP 001E00A8
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3548] USER32.dll!SetWindowsHookExA + 4 77926DFE 1 Byte [88]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3600] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3600] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3600] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001F0120
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3600] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001F006C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3600] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001F00E4
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3600] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001F0030
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3600] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001F00A8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3744] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3744] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3744] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 002C0120
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3744] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 002C006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3744] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 002C00E4
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3744] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 002C0030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3744] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 002C00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3812] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0005006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3812] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00050030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3812] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00130120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3812] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0013006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3812] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001300E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3812] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00130030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3812] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001300A8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3980] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3980] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3980] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00200120
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3980] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0020006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3980] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 002000E4
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3980] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00200030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3980] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 002000A8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3996] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3996] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3996] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00350120
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3996] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0035006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3996] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 003500E4
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3996] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00350030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3996] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 003500A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4328] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4328] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4328] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00090120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4328] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0009006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4328] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 000900E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4328] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00090030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4328] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 000900A8
.text C:\Windows\System32\svchost.exe[4788] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[4788] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[4788] user32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 003A0120
.text C:\Windows\System32\svchost.exe[4788] user32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 003A006C
.text C:\Windows\System32\svchost.exe[4788] user32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 003A00E4
.text C:\Windows\System32\svchost.exe[4788] user32.dll!SetWinEventHook 7790507E 5 Bytes JMP 003A0030
.text C:\Windows\System32\svchost.exe[4788] user32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 003A00A8
.text C:\Windows\system32\DllHost.exe[5184] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0005006C
.text C:\Windows\system32\DllHost.exe[5184] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00050030
.text C:\Windows\system32\DllHost.exe[5184] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 000E0120
.text C:\Windows\system32\DllHost.exe[5184] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 000E006C
.text C:\Windows\system32\DllHost.exe[5184] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 000E00E4
.text C:\Windows\system32\DllHost.exe[5184] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 000E0030
.text C:\Windows\system32\DllHost.exe[5184] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 000E00A8
.text C:\Windows\System32\svchost.exe[6012] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 000A006C
.text C:\Windows\System32\svchost.exe[6012] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 000A0030
.text C:\Windows\System32\svchost.exe[6012] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00350120
.text C:\Windows\System32\svchost.exe[6012] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0035006C
.text C:\Windows\System32\svchost.exe[6012] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 003500E4
.text C:\Windows\System32\svchost.exe[6012] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00350030
.text C:\Windows\System32\svchost.exe[6012] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 003500A8
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe[612] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe[612] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe[612] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe[612] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe[612] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe[612] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Earth\Spustit aplikaci Google Earth v\xa0režimu DirectX.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Spustit aplikaci Google Earth v\xa0režimu DirectX.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Earth\Spustit aplikaci Google Earth v\xa0režimu OpenGL.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Spustit aplikaci Google Earth v\xa0režimu OpenGL.lnk 1
---- EOF - GMER 1.0.15 ----
Jestli jste dosla az sem, tak bych se vam chtel nejprve omluvit za zbytecne hledani reseni meho problemu, ale hlavne podekovat za odobornou pomoc, jelikoz se mi uz prave stalo par pripadu na provereni LOGu a bez vasi pomoci je vetsina lidi co se nevyzna v te haveti a zmeti sama nevyresi.
Tedy jeste jednou Dekuji !!! moc a snad jsem vam nevzal tolik casu s resinim uz skoro vyreseneho problemu se starou vyklikanou mysi... koupit nouvou
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[1956] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001E0120
.text C:\Windows\system32\svchost.exe[1956] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001E006C
.text C:\Windows\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001E00E4
.text C:\Windows\system32\svchost.exe[1956] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001E0030
.text C:\Windows\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExA 77926DFA 3 Bytes JMP 001E00A8
.text C:\Windows\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExA + 4 77926DFE 1 Byte [88]
.text C:\Windows\system32\svchost.exe[1984] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1984] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[1984] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 009E0120
.text C:\Windows\system32\svchost.exe[1984] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 009E006C
.text C:\Windows\system32\svchost.exe[1984] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 009E00E4
.text C:\Windows\system32\svchost.exe[1984] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 009E0030
.text C:\Windows\system32\svchost.exe[1984] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 009E00A8
.text C:\Program Files\System Control Manager\MSIService.exe[2052] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\System Control Manager\MSIService.exe[2052] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\System Control Manager\MSIService.exe[2052] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00200120
.text C:\Program Files\System Control Manager\MSIService.exe[2052] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0020006C
.text C:\Program Files\System Control Manager\MSIService.exe[2052] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 002000E4
.text C:\Program Files\System Control Manager\MSIService.exe[2052] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00200030
.text C:\Program Files\System Control Manager\MSIService.exe[2052] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 002000A8
.text C:\Windows\system32\wbem\wmiprvse.exe[2240] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\wbem\wmiprvse.exe[2240] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\wbem\wmiprvse.exe[2240] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00140120
.text C:\Windows\system32\wbem\wmiprvse.exe[2240] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0014006C
.text C:\Windows\system32\wbem\wmiprvse.exe[2240] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001400E4
.text C:\Windows\system32\wbem\wmiprvse.exe[2240] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00140030
.text C:\Windows\system32\wbem\wmiprvse.exe[2240] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001400A8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2272] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2272] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2272] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00310120
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2272] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0031006C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2272] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 003100E4
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2272] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00310030
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2272] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 003100A8
.text C:\Program Files\VirtualCloneDrive\VCDDaemon.exe[2292] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\VirtualCloneDrive\VCDDaemon.exe[2292] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\VirtualCloneDrive\VCDDaemon.exe[2292] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00210120
.text C:\Program Files\VirtualCloneDrive\VCDDaemon.exe[2292] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0021006C
.text C:\Program Files\VirtualCloneDrive\VCDDaemon.exe[2292] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 002100E4
.text C:\Program Files\VirtualCloneDrive\VCDDaemon.exe[2292] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00210030
.text C:\Program Files\VirtualCloneDrive\VCDDaemon.exe[2292] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 002100A8
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[2360] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[2360] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[2360] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00200120
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[2360] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0020006C
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[2360] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 002000E4
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[2360] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00200030
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[2360] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 002000A8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2392] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2392] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2392] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001E0120
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2392] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001E006C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2392] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001E00E4
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2392] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001E0030
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2392] USER32.dll!SetWindowsHookExA 77926DFA 3 Bytes JMP 001E00A8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2392] USER32.dll!SetWindowsHookExA + 4 77926DFE 1 Byte [88]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2464] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2464] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2464] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00180120
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2464] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0018006C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2464] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001800E4
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2464] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00180030
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2464] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001800A8
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2580] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 000E006C
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2580] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 000E0030
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2580] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001A0120
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2580] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001A006C
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2580] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001A00E4
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2580] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001A0030
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2580] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001A00A8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2624] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2624] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2624] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 007A0120
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2624] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 007A006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2624] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 007A00E4
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2624] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 007A0030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2624] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 007A00A8
.text C:\Windows\system32\wbem\wmiprvse.exe[2632] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\wbem\wmiprvse.exe[2632] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\wbem\wmiprvse.exe[2632] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00140120
.text C:\Windows\system32\wbem\wmiprvse.exe[2632] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0014006C
.text C:\Windows\system32\wbem\wmiprvse.exe[2632] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001400E4
.text C:\Windows\system32\wbem\wmiprvse.exe[2632] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00140030
.text C:\Windows\system32\wbem\wmiprvse.exe[2632] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001400A8
.text C:\Windows\system32\PnkBstrA.exe[2892] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0015006C
.text C:\Windows\system32\PnkBstrA.exe[2892] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00150030
.text C:\Windows\system32\PnkBstrA.exe[2892] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00170120
.text C:\Windows\system32\PnkBstrA.exe[2892] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0017006C
.text C:\Windows\system32\PnkBstrA.exe[2892] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001700E4
.text C:\Windows\system32\PnkBstrA.exe[2892] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00170030
.text C:\Windows\system32\PnkBstrA.exe[2892] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001700A8
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2924] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 000A006C
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2924] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 000A0030
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3128] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 000E006C
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3128] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 000E0030
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3128] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00180120
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3128] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0018006C
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3128] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001800E4
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3128] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00180030
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3128] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001800A8
.text C:\Windows\system32\svchost.exe[3160] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 000A006C
.text C:\Windows\system32\svchost.exe[3160] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 000A0030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3208] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3208] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3208] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001F0120
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3208] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001F006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3208] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001F00E4
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3208] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001F0030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3208] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001F00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3296] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0005006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3296] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00050030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3296] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00270120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3296] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0027006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3296] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 002700E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3296] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00270030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3296] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 002700A8
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3480] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3480] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3480] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001E0120
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3480] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001E006C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3480] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001E00E4
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3480] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001E0030
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3480] USER32.dll!SetWindowsHookExA 77926DFA 3 Bytes JMP 001E00A8
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3480] USER32.dll!SetWindowsHookExA + 4 77926DFE 1 Byte [88]
.text C:\Windows\system32\SearchIndexer.exe[3516] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\SearchIndexer.exe[3516] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\SearchIndexer.exe[3516] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00110120
.text C:\Windows\system32\SearchIndexer.exe[3516] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0011006C
.text C:\Windows\system32\SearchIndexer.exe[3516] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001100E4
.text C:\Windows\system32\SearchIndexer.exe[3516] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00110030
.text C:\Windows\system32\SearchIndexer.exe[3516] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001100A8
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3548] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3548] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3548] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001E0120
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3548] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001E006C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3548] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001E00E4
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3548] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001E0030
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3548] USER32.dll!SetWindowsHookExA 77926DFA 3 Bytes JMP 001E00A8
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3548] USER32.dll!SetWindowsHookExA + 4 77926DFE 1 Byte [88]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3600] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3600] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3600] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 001F0120
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3600] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 001F006C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3600] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001F00E4
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3600] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 001F0030
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3600] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001F00A8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3744] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3744] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3744] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 002C0120
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3744] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 002C006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3744] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 002C00E4
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3744] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 002C0030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3744] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 002C00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3812] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0005006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3812] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00050030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3812] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00130120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3812] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0013006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3812] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 001300E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3812] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00130030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3812] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 001300A8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3980] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3980] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3980] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00200120
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3980] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0020006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3980] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 002000E4
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3980] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00200030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3980] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 002000A8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3996] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3996] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3996] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00350120
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3996] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0035006C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3996] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 003500E4
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3996] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00350030
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3996] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 003500A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4328] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4328] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4328] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00090120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4328] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0009006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4328] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 000900E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4328] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00090030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4328] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 000900A8
.text C:\Windows\System32\svchost.exe[4788] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[4788] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[4788] user32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 003A0120
.text C:\Windows\System32\svchost.exe[4788] user32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 003A006C
.text C:\Windows\System32\svchost.exe[4788] user32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 003A00E4
.text C:\Windows\System32\svchost.exe[4788] user32.dll!SetWinEventHook 7790507E 5 Bytes JMP 003A0030
.text C:\Windows\System32\svchost.exe[4788] user32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 003A00A8
.text C:\Windows\system32\DllHost.exe[5184] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 0005006C
.text C:\Windows\system32\DllHost.exe[5184] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 00050030
.text C:\Windows\system32\DllHost.exe[5184] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 000E0120
.text C:\Windows\system32\DllHost.exe[5184] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 000E006C
.text C:\Windows\system32\DllHost.exe[5184] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 000E00E4
.text C:\Windows\system32\DllHost.exe[5184] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 000E0030
.text C:\Windows\system32\DllHost.exe[5184] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 000E00A8
.text C:\Windows\System32\svchost.exe[6012] ntdll.dll!LdrUnloadDll 77A1BEAF 5 Bytes JMP 000A006C
.text C:\Windows\System32\svchost.exe[6012] ntdll.dll!LdrLoadDll 77A1F5B5 5 Bytes JMP 000A0030
.text C:\Windows\System32\svchost.exe[6012] USER32.dll!UnhookWindowsHookEx 778FCC7B 5 Bytes JMP 00350120
.text C:\Windows\System32\svchost.exe[6012] USER32.dll!UnhookWinEvent 778FD924 5 Bytes JMP 0035006C
.text C:\Windows\System32\svchost.exe[6012] USER32.dll!SetWindowsHookExW 7790210A 5 Bytes JMP 003500E4
.text C:\Windows\System32\svchost.exe[6012] USER32.dll!SetWinEventHook 7790507E 5 Bytes JMP 00350030
.text C:\Windows\System32\svchost.exe[6012] USER32.dll!SetWindowsHookExA 77926DFA 5 Bytes JMP 003500A8
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe[612] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe[612] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe[612] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe[612] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe[612] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe[612] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Earth\Spustit aplikaci Google Earth v\xa0režimu DirectX.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Spustit aplikaci Google Earth v\xa0režimu DirectX.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Earth\Spustit aplikaci Google Earth v\xa0režimu OpenGL.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Spustit aplikaci Google Earth v\xa0režimu OpenGL.lnk 1
---- EOF - GMER 1.0.15 ----
Jestli jste dosla az sem, tak bych se vam chtel nejprve omluvit za zbytecne hledani reseni meho problemu, ale hlavne podekovat za odobornou pomoc, jelikoz se mi uz prave stalo par pripadu na provereni LOGu a bez vasi pomoci je vetsina lidi co se nevyzna v te haveti a zmeti sama nevyresi.
Tedy jeste jednou Dekuji !!! moc a snad jsem vam nevzal tolik casu s resinim uz skoro vyreseneho problemu se starou vyklikanou mysi...
koupit nouvou Re: CHEK muj log - na 100% vir, DIK MOC
Ale stejně jste tam měl chybějící systémový soubor, takže zbytečné to rozhodně nebylo.Poprosím o nový log ze rsitu, pak něco domažu
.Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: CHEK muj log - na 100% vir, DIK MOC
Logfile of random's system information tool 1.08 (written by random/random)
Run by User at 2011-03-01 08:37:04
Microsoft Windows 7 Home Premium
System drive C: has 46 GB (23%) free of 200 GB
Total RAM: 3071 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:37:25, on 1.3.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Users\User\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User\Desktop\User.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hitman Pro 3.5 Crusader (Boot) (HitmanPro35CrusaderBoot) - Unknown owner - C:\Users\User\Desktop\HitmanPro35.exe (file missing)
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 7399 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-05 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"VirtualCloneDrive"=C:\Program Files\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-02-23 3451496]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2009-09-11 2080768]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2008-12-19 83336]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2009-07-14 144384]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"ICQ"=C:\Program Files\ICQ7.4\ICQ.exe [2011-02-05 119608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Akcelerátor spuštění AutoCADu.lnk]
C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [2006-03-05 11000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~4\Office12\ONENOTEM.EXE [2009-02-26 97680]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticetext"=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - "C:\Windows\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2011-03-01 08:30:51 ----D---- C:\rsit
2011-02-26 20:33:33 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-02-26 20:24:41 ----A---- C:\ComboFix.txt
2011-02-26 20:18:42 ----D---- C:\$RECYCLE.BIN
2011-02-26 20:06:56 ----A---- C:\Windows\system32\drivers\atapi.sys
2011-02-26 20:03:12 ----A---- C:\Windows\SWXCACLS.exe
2011-02-25 19:04:01 ----D---- C:\Program Files\OpenAL
2011-02-25 19:04:01 ----A---- C:\Windows\system32\wrap_oal.dll
2011-02-25 19:04:01 ----A---- C:\Windows\system32\OpenAL32.dll
2011-02-25 10:04:26 ----A---- C:\Windows\zip.exe
2011-02-25 10:04:26 ----A---- C:\Windows\SWSC.exe
2011-02-25 10:04:26 ----A---- C:\Windows\SWREG.exe
2011-02-25 10:04:26 ----A---- C:\Windows\sed.exe
2011-02-25 10:04:26 ----A---- C:\Windows\PEV.exe
2011-02-25 10:04:26 ----A---- C:\Windows\NIRCMD.exe
2011-02-25 10:04:26 ----A---- C:\Windows\MBR.exe
2011-02-25 10:04:26 ----A---- C:\Windows\grep.exe
2011-02-25 10:04:18 ----D---- C:\Windows\ERDNT
2011-02-25 09:59:04 ----D---- C:\Qoobox
2011-02-24 22:59:33 ----A---- C:\Windows\system32\wcncsvc.dll
2011-02-24 22:54:07 ----D---- C:\Windows\pss
2011-02-24 19:27:37 ----D---- C:\Program Files\CCleaner
2011-02-23 19:32:55 ----A---- C:\Windows\system32\XpsPrint.dll
2011-02-23 19:32:54 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-02-09 20:08:30 ----A---- C:\Windows\system32\win32k.sys
2011-02-09 20:08:28 ----A---- C:\Windows\system32\kerberos.dll
2011-02-09 20:08:27 ----A---- C:\Windows\system32\vbscript.dll
2011-02-09 20:08:27 ----A---- C:\Windows\system32\jscript.dll
2011-02-09 20:08:23 ----A---- C:\Windows\system32\mshtml.dll
2011-02-09 20:08:19 ----A---- C:\Windows\system32\mstime.dll
2011-02-09 20:08:19 ----A---- C:\Windows\system32\iertutil.dll
2011-02-09 20:08:18 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-09 20:08:18 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-09 20:08:18 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-09 20:08:18 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-09 20:08:18 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-09 20:08:18 ----A---- C:\Windows\system32\iepeers.dll
2011-02-09 20:08:18 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-09 20:08:02 ----A---- C:\Windows\system32\atmlib.dll
2011-02-09 20:08:02 ----A---- C:\Windows\system32\atmfd.dll
2011-02-09 20:08:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-09 20:08:01 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-02-09 20:08:01 ----A---- C:\Windows\system32\ntdll.dll
2011-02-09 20:07:59 ----A---- C:\Windows\system32\mf.dll
2011-02-09 20:07:59 ----A---- C:\Windows\system32\DWrite.dll
2011-02-09 20:07:59 ----A---- C:\Windows\system32\d3d10warp.dll
2011-02-09 20:07:59 ----A---- C:\Windows\system32\d2d1.dll
2011-02-09 20:07:58 ----A---- C:\Windows\system32\WMVDECOD.DLL
2011-02-09 20:07:58 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-02-09 20:07:58 ----A---- C:\Windows\system32\FntCache.dll
2011-02-09 20:07:58 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-02-09 20:07:58 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-02-09 20:07:57 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-02-09 20:07:57 ----A---- C:\Windows\system32\d3d10_1.dll
2011-02-09 20:07:50 ----A---- C:\Windows\system32\urlmon.dll
2011-02-09 20:07:50 ----A---- C:\Windows\system32\upnp.dll
2011-02-09 20:07:49 ----A---- C:\Windows\system32\wininet.dll
2011-02-09 20:07:49 ----A---- C:\Windows\system32\msxml6.dll
2011-02-09 20:07:49 ----A---- C:\Windows\system32\ieframe.dll
2011-02-09 20:07:48 ----A---- C:\Windows\system32\wscsvc.dll
2011-02-09 20:07:48 ----A---- C:\Windows\system32\wscapi.dll
2011-02-09 20:07:48 ----A---- C:\Windows\system32\winhttp.dll
2011-02-09 20:07:48 ----A---- C:\Windows\system32\WebClnt.dll
2011-02-09 20:07:48 ----A---- C:\Windows\system32\slwga.dll
2011-02-09 20:07:48 ----A---- C:\Windows\system32\msxml3.dll
2011-02-09 20:07:48 ----A---- C:\Windows\system32\jsproxy.dll
2011-02-09 20:07:48 ----A---- C:\Windows\system32\ieui.dll
2011-02-09 20:07:48 ----A---- C:\Windows\system32\davclnt.dll
2011-02-09 20:07:47 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-02-09 20:07:46 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-02-09 20:07:46 ----A---- C:\Windows\system32\cdd.dll
2011-02-05 12:37:30 ----D---- C:\Program Files\ICQ7.4
2011-02-05 12:37:21 ----D---- C:\Program Files\Common Files\Java
2011-02-05 12:36:44 ----A---- C:\Windows\system32\javaws.exe
2011-02-05 12:36:44 ----A---- C:\Windows\system32\javaw.exe
2011-02-05 12:36:44 ----A---- C:\Windows\system32\java.exe
2011-02-05 12:10:35 ----D---- C:\Users\User\AppData\Roaming\GrabPro
2011-02-05 12:08:48 ----D---- C:\Program Files\Zrychleni Pocitace
2011-02-05 12:08:38 ----D---- C:\Users\User\AppData\Roaming\ProgSense
2011-02-05 12:08:38 ----D---- C:\Downloads
2011-02-05 12:08:23 ----D---- C:\Users\User\AppData\Roaming\Orbit
======List of files/folders modified in the last 1 months======
2011-03-01 08:37:18 ----D---- C:\Windows\Prefetch
2011-03-01 08:37:14 ----D---- C:\Windows\Temp
2011-02-28 21:02:18 ----D---- C:\Windows\system32\config
2011-02-28 20:50:25 ----SHD---- C:\System Volume Information
2011-02-26 21:10:29 ----D---- C:\Windows\Minidump
2011-02-26 21:10:25 ----D---- C:\Windows
2011-02-26 20:33:33 ----D---- C:\Windows\system32\drivers
2011-02-26 20:33:30 ----D---- C:\Windows\System32
2011-02-26 20:32:59 ----D---- C:\Program Files\Garena
2011-02-26 20:18:49 ----A---- C:\Windows\system.ini
2011-02-26 20:18:36 ----D---- C:\Windows\system32\drivers\etc
2011-02-26 20:11:46 ----D---- C:\Windows\AppPatch
2011-02-26 20:11:44 ----D---- C:\Program Files\Common Files
2011-02-25 19:04:01 ----RD---- C:\Program Files
2011-02-25 19:03:29 ----D---- C:\Windows\system32\Tasks
2011-02-25 19:02:51 ----D---- C:\Windows\system
2011-02-25 10:14:55 ----D---- C:\Windows\Downloaded Program Files
2011-02-24 23:04:02 ----D---- C:\Windows\winsxs
2011-02-24 22:59:35 ----D---- C:\Windows\system32\catroot
2011-02-24 22:58:18 ----D---- C:\Windows\system32\catroot2
2011-02-24 19:34:35 ----D---- C:\Program Files\Common Files\InstallShield
2011-02-24 19:34:33 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-24 19:33:12 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-02-24 19:32:44 ----D---- C:\Windows\debug
2011-02-23 16:04:17 ----A---- C:\Windows\system32\aswBoot.exe
2011-02-18 16:21:24 ----D---- C:\Users\User\AppData\Roaming\ICQ
2011-02-15 10:01:36 ----D---- C:\Program Files\Internet Explorer
2011-02-15 10:01:35 ----D---- C:\Windows\system32\migration
2011-02-15 09:53:28 ----A---- C:\Windows\system32\MRT.exe
2011-02-15 09:52:40 ----SHD---- C:\Windows\Installer
2011-02-15 09:52:30 ----D---- C:\ProgramData\Microsoft Help
2011-02-12 22:13:28 ----D---- C:\Downloaded Programs
2011-02-10 22:30:23 ----A---- C:\Windows\PhotoSnapViewer.INI
2011-02-05 13:14:54 ----A---- C:\Windows\NeroDigital.ini
2011-02-05 12:36:39 ----D---- C:\Program Files\Java
2011-02-02 17:11:20 ----N---- C:\Windows\system32\MpSigStub.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-02-23 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-02-23 371544]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-02-23 301528]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-02-23 49240]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2009-02-19 63872]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-02-23 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-01-14 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-01-14 25888]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-04-29 54784]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-08-07 97536]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2009-05-11 64544]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-23 29696]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-01-14 691696]
S1 SABKUTIL;SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 catchme;catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\User\AppData\Local\Temp\NYR72E2.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
S3 npkcrypt;npkcrypt; \??\D:\Lineage 2\SYSTEM\npkcrypt.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys []
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2008-10-06 137984]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2009-03-03 36864]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2009-03-05 74368]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2009-03-12 16128]
S3 tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2009-03-19 43264]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 uxldapog;uxldapog; \??\C:\Users\User\AppData\Local\Temp\uxldapog.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Autodesk Data Management Job Dispatch;Autodesk Data Management Job Dispatch; C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe [2008-02-18 32768]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-02-23 42184]
R2 Micro Star SCM;Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [2009-07-09 160768]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-12-11 122984]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-11-12 75064]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2009-03-17 144752]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-25 135664]
S2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot); C:\Users\User\Desktop\HitmanPro35.exe /crusader:boot []
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-04-26 79360]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-05-16 395048]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1343400]
S4 Autodesk EDM Server;Autodesk EDM Server; C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe [2008-02-18 57344]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
-----------------EOF-----------------
Run by User at 2011-03-01 08:37:04
Microsoft Windows 7 Home Premium
System drive C: has 46 GB (23%) free of 200 GB
Total RAM: 3071 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:37:25, on 1.3.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Users\User\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User\Desktop\User.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hitman Pro 3.5 Crusader (Boot) (HitmanPro35CrusaderBoot) - Unknown owner - C:\Users\User\Desktop\HitmanPro35.exe (file missing)
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 7399 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-05 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"VirtualCloneDrive"=C:\Program Files\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-02-23 3451496]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2009-09-11 2080768]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2008-12-19 83336]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2009-07-14 144384]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"ICQ"=C:\Program Files\ICQ7.4\ICQ.exe [2011-02-05 119608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Akcelerátor spuštění AutoCADu.lnk]
C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [2006-03-05 11000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~4\Office12\ONENOTEM.EXE [2009-02-26 97680]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticetext"=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - "C:\Windows\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2011-03-01 08:30:51 ----D---- C:\rsit
2011-02-26 20:33:33 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-02-26 20:24:41 ----A---- C:\ComboFix.txt
2011-02-26 20:18:42 ----D---- C:\$RECYCLE.BIN
2011-02-26 20:06:56 ----A---- C:\Windows\system32\drivers\atapi.sys
2011-02-26 20:03:12 ----A---- C:\Windows\SWXCACLS.exe
2011-02-25 19:04:01 ----D---- C:\Program Files\OpenAL
2011-02-25 19:04:01 ----A---- C:\Windows\system32\wrap_oal.dll
2011-02-25 19:04:01 ----A---- C:\Windows\system32\OpenAL32.dll
2011-02-25 10:04:26 ----A---- C:\Windows\zip.exe
2011-02-25 10:04:26 ----A---- C:\Windows\SWSC.exe
2011-02-25 10:04:26 ----A---- C:\Windows\SWREG.exe
2011-02-25 10:04:26 ----A---- C:\Windows\sed.exe
2011-02-25 10:04:26 ----A---- C:\Windows\PEV.exe
2011-02-25 10:04:26 ----A---- C:\Windows\NIRCMD.exe
2011-02-25 10:04:26 ----A---- C:\Windows\MBR.exe
2011-02-25 10:04:26 ----A---- C:\Windows\grep.exe
2011-02-25 10:04:18 ----D---- C:\Windows\ERDNT
2011-02-25 09:59:04 ----D---- C:\Qoobox
2011-02-24 22:59:33 ----A---- C:\Windows\system32\wcncsvc.dll
2011-02-24 22:54:07 ----D---- C:\Windows\pss
2011-02-24 19:27:37 ----D---- C:\Program Files\CCleaner
2011-02-23 19:32:55 ----A---- C:\Windows\system32\XpsPrint.dll
2011-02-23 19:32:54 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-02-09 20:08:30 ----A---- C:\Windows\system32\win32k.sys
2011-02-09 20:08:28 ----A---- C:\Windows\system32\kerberos.dll
2011-02-09 20:08:27 ----A---- C:\Windows\system32\vbscript.dll
2011-02-09 20:08:27 ----A---- C:\Windows\system32\jscript.dll
2011-02-09 20:08:23 ----A---- C:\Windows\system32\mshtml.dll
2011-02-09 20:08:19 ----A---- C:\Windows\system32\mstime.dll
2011-02-09 20:08:19 ----A---- C:\Windows\system32\iertutil.dll
2011-02-09 20:08:18 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-09 20:08:18 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-09 20:08:18 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-09 20:08:18 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-09 20:08:18 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-09 20:08:18 ----A---- C:\Windows\system32\iepeers.dll
2011-02-09 20:08:18 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-09 20:08:02 ----A---- C:\Windows\system32\atmlib.dll
2011-02-09 20:08:02 ----A---- C:\Windows\system32\atmfd.dll
2011-02-09 20:08:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-09 20:08:01 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-02-09 20:08:01 ----A---- C:\Windows\system32\ntdll.dll
2011-02-09 20:07:59 ----A---- C:\Windows\system32\mf.dll
2011-02-09 20:07:59 ----A---- C:\Windows\system32\DWrite.dll
2011-02-09 20:07:59 ----A---- C:\Windows\system32\d3d10warp.dll
2011-02-09 20:07:59 ----A---- C:\Windows\system32\d2d1.dll
2011-02-09 20:07:58 ----A---- C:\Windows\system32\WMVDECOD.DLL
2011-02-09 20:07:58 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-02-09 20:07:58 ----A---- C:\Windows\system32\FntCache.dll
2011-02-09 20:07:58 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-02-09 20:07:58 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-02-09 20:07:57 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-02-09 20:07:57 ----A---- C:\Windows\system32\d3d10_1.dll
2011-02-09 20:07:50 ----A---- C:\Windows\system32\urlmon.dll
2011-02-09 20:07:50 ----A---- C:\Windows\system32\upnp.dll
2011-02-09 20:07:49 ----A---- C:\Windows\system32\wininet.dll
2011-02-09 20:07:49 ----A---- C:\Windows\system32\msxml6.dll
2011-02-09 20:07:49 ----A---- C:\Windows\system32\ieframe.dll
2011-02-09 20:07:48 ----A---- C:\Windows\system32\wscsvc.dll
2011-02-09 20:07:48 ----A---- C:\Windows\system32\wscapi.dll
2011-02-09 20:07:48 ----A---- C:\Windows\system32\winhttp.dll
2011-02-09 20:07:48 ----A---- C:\Windows\system32\WebClnt.dll
2011-02-09 20:07:48 ----A---- C:\Windows\system32\slwga.dll
2011-02-09 20:07:48 ----A---- C:\Windows\system32\msxml3.dll
2011-02-09 20:07:48 ----A---- C:\Windows\system32\jsproxy.dll
2011-02-09 20:07:48 ----A---- C:\Windows\system32\ieui.dll
2011-02-09 20:07:48 ----A---- C:\Windows\system32\davclnt.dll
2011-02-09 20:07:47 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-02-09 20:07:46 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-02-09 20:07:46 ----A---- C:\Windows\system32\cdd.dll
2011-02-05 12:37:30 ----D---- C:\Program Files\ICQ7.4
2011-02-05 12:37:21 ----D---- C:\Program Files\Common Files\Java
2011-02-05 12:36:44 ----A---- C:\Windows\system32\javaws.exe
2011-02-05 12:36:44 ----A---- C:\Windows\system32\javaw.exe
2011-02-05 12:36:44 ----A---- C:\Windows\system32\java.exe
2011-02-05 12:10:35 ----D---- C:\Users\User\AppData\Roaming\GrabPro
2011-02-05 12:08:48 ----D---- C:\Program Files\Zrychleni Pocitace
2011-02-05 12:08:38 ----D---- C:\Users\User\AppData\Roaming\ProgSense
2011-02-05 12:08:38 ----D---- C:\Downloads
2011-02-05 12:08:23 ----D---- C:\Users\User\AppData\Roaming\Orbit
======List of files/folders modified in the last 1 months======
2011-03-01 08:37:18 ----D---- C:\Windows\Prefetch
2011-03-01 08:37:14 ----D---- C:\Windows\Temp
2011-02-28 21:02:18 ----D---- C:\Windows\system32\config
2011-02-28 20:50:25 ----SHD---- C:\System Volume Information
2011-02-26 21:10:29 ----D---- C:\Windows\Minidump
2011-02-26 21:10:25 ----D---- C:\Windows
2011-02-26 20:33:33 ----D---- C:\Windows\system32\drivers
2011-02-26 20:33:30 ----D---- C:\Windows\System32
2011-02-26 20:32:59 ----D---- C:\Program Files\Garena
2011-02-26 20:18:49 ----A---- C:\Windows\system.ini
2011-02-26 20:18:36 ----D---- C:\Windows\system32\drivers\etc
2011-02-26 20:11:46 ----D---- C:\Windows\AppPatch
2011-02-26 20:11:44 ----D---- C:\Program Files\Common Files
2011-02-25 19:04:01 ----RD---- C:\Program Files
2011-02-25 19:03:29 ----D---- C:\Windows\system32\Tasks
2011-02-25 19:02:51 ----D---- C:\Windows\system
2011-02-25 10:14:55 ----D---- C:\Windows\Downloaded Program Files
2011-02-24 23:04:02 ----D---- C:\Windows\winsxs
2011-02-24 22:59:35 ----D---- C:\Windows\system32\catroot
2011-02-24 22:58:18 ----D---- C:\Windows\system32\catroot2
2011-02-24 19:34:35 ----D---- C:\Program Files\Common Files\InstallShield
2011-02-24 19:34:33 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-24 19:33:12 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-02-24 19:32:44 ----D---- C:\Windows\debug
2011-02-23 16:04:17 ----A---- C:\Windows\system32\aswBoot.exe
2011-02-18 16:21:24 ----D---- C:\Users\User\AppData\Roaming\ICQ
2011-02-15 10:01:36 ----D---- C:\Program Files\Internet Explorer
2011-02-15 10:01:35 ----D---- C:\Windows\system32\migration
2011-02-15 09:53:28 ----A---- C:\Windows\system32\MRT.exe
2011-02-15 09:52:40 ----SHD---- C:\Windows\Installer
2011-02-15 09:52:30 ----D---- C:\ProgramData\Microsoft Help
2011-02-12 22:13:28 ----D---- C:\Downloaded Programs
2011-02-10 22:30:23 ----A---- C:\Windows\PhotoSnapViewer.INI
2011-02-05 13:14:54 ----A---- C:\Windows\NeroDigital.ini
2011-02-05 12:36:39 ----D---- C:\Program Files\Java
2011-02-02 17:11:20 ----N---- C:\Windows\system32\MpSigStub.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-02-23 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-02-23 371544]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-02-23 301528]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-02-23 49240]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2009-02-19 63872]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-02-23 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-01-14 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-01-14 25888]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-04-29 54784]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-08-07 97536]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2009-05-11 64544]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-23 29696]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-01-14 691696]
S1 SABKUTIL;SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 catchme;catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\User\AppData\Local\Temp\NYR72E2.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
S3 npkcrypt;npkcrypt; \??\D:\Lineage 2\SYSTEM\npkcrypt.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys []
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2008-10-06 137984]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2009-03-03 36864]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2009-03-05 74368]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2009-03-12 16128]
S3 tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2009-03-19 43264]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 uxldapog;uxldapog; \??\C:\Users\User\AppData\Local\Temp\uxldapog.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Autodesk Data Management Job Dispatch;Autodesk Data Management Job Dispatch; C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe [2008-02-18 32768]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-02-23 42184]
R2 Micro Star SCM;Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [2009-07-09 160768]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-12-11 122984]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-11-12 75064]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2009-03-17 144752]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-25 135664]
S2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot); C:\Users\User\Desktop\HitmanPro35.exe /crusader:boot []
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-04-26 79360]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-05-16 395048]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1343400]
S4 Autodesk EDM Server;Autodesk EDM Server; C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe [2008-02-18 57344]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
-----------------EOF-----------------
Přispějete na provoz fóra?