Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Generic Host Process for Win32 Services - zamrzne PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Generic Host Process for Win32 Services - zamrzne PC
Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Generic Host Process for Win32 Services - zamrzne PC
POsílám log z AVPTool - netuším, jestli je to kompletní, večer jsem to spustil a teď ráno asi bylo hotovo ... Ovšem nad tím bylo několik hlášek ve smyslu - požadovanou operaci nebylo možné provést z důvodu neexistence instrukce na adrese (nějaká čísla) a to jsem musel odklikat než jsem se dostal vůbec k tomu AVP ...
Automatická kontrola: zastaveno před 11 min. (události: 6, objekty: 10, čas: 07:38:23)
26.5.2011 22:43:50 Úloha byla spuštěna
26.5.2011 22:44:04 Zjištěno: Trojan.Win32.Menti.jeu k:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ACLEANER.EXE
26.5.2011 22:44:31 Odstraněno: Trojan.Win32.Menti.jeu k:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ACLEANER.EXE
26.5.2011 22:44:31 Odstraněno: Trojan.Win32.Menti.jeu k:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ACLEANER.EXE
26.5.2011 22:44:54 Zjištěno: Trojan.Win32.Menti.jeu C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
27.5.2011 6:22:13 Úloha byla zastavena
Dezinfikovat aktivní hrozby: dokončeno před 7 min. (události: 9, objekty: 3670, čas: 00:04:46)
27.5.2011 6:22:13 Úloha byla spuštěna
27.5.2011 6:22:13 Zjištěno: Trojan.Win32.Menti.jeu C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
27.5.2011 6:22:31 Bude odstraněno při restartování systému: Trojan.Win32.Menti.jeu C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
27.5.2011 6:23:29 Zjištěno: Trojan.Win32.Menti.jeu k:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ACLEANER.EXE
27.5.2011 6:23:50 Odstraněno: Trojan.Win32.Menti.jeu k:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ACLEANER.EXE
27.5.2011 6:23:50 Odstraněno: Trojan.Win32.Menti.jeu k:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ACLEANER.EXE
27.5.2011 6:23:58 Zjištěno: Trojan.Win32.Menti.jeu C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
27.5.2011 6:24:14 Bude odstraněno při restartování systému: Trojan.Win32.Menti.jeu C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
27.5.2011 6:26:59 Úloha byla dokončena
Automatická kontrola: zastaveno před 11 min. (události: 6, objekty: 10, čas: 07:38:23)
26.5.2011 22:43:50 Úloha byla spuštěna
26.5.2011 22:44:04 Zjištěno: Trojan.Win32.Menti.jeu k:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ACLEANER.EXE
26.5.2011 22:44:31 Odstraněno: Trojan.Win32.Menti.jeu k:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ACLEANER.EXE
26.5.2011 22:44:31 Odstraněno: Trojan.Win32.Menti.jeu k:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ACLEANER.EXE
26.5.2011 22:44:54 Zjištěno: Trojan.Win32.Menti.jeu C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
27.5.2011 6:22:13 Úloha byla zastavena
Dezinfikovat aktivní hrozby: dokončeno před 7 min. (události: 9, objekty: 3670, čas: 00:04:46)
27.5.2011 6:22:13 Úloha byla spuštěna
27.5.2011 6:22:13 Zjištěno: Trojan.Win32.Menti.jeu C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
27.5.2011 6:22:31 Bude odstraněno při restartování systému: Trojan.Win32.Menti.jeu C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
27.5.2011 6:23:29 Zjištěno: Trojan.Win32.Menti.jeu k:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ACLEANER.EXE
27.5.2011 6:23:50 Odstraněno: Trojan.Win32.Menti.jeu k:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ACLEANER.EXE
27.5.2011 6:23:50 Odstraněno: Trojan.Win32.Menti.jeu k:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ACLEANER.EXE
27.5.2011 6:23:58 Zjištěno: Trojan.Win32.Menti.jeu C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
27.5.2011 6:24:14 Bude odstraněno při restartování systému: Trojan.Win32.Menti.jeu C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
27.5.2011 6:26:59 Úloha byla dokončena
Ještě, že Vás tu máme ... 
Re: Generic Host Process for Win32 Services - zamrzne PC
Zapojte do pc všechny usb klíče, flashky...co používátePoužijte USB fix
http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Generic Host Process for Win32 Services - zamrzne PC
Tak tedy další log - USBfix :
############################## | UsbFix 7.014 | [Deletion]
User: Admin (Administrator) # 635C9F169C274B8 [ ]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 09:32:09 | 01/06/2011
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Pentium(R) 4 CPU 3.20GHz
CPU 2: Intel(R) Pentium(R) 4 CPU 3.20GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall: Disabled /!\
Antivirus: avast! Antivirus 5.0.100664421 [(!) Disabled | Updated]
RAM -> 511 Mb
C:\ (%systemdrive%) -> Fixed drive # 38 Gb (5 Mb free - 14%) [] # NTFS
D:\ -> Fixed drive # 195 Gb (55 Mb free - 28%) [] # NTFS
E:\ -> CD-ROM
J:\ -> Removable drive # 2 Gb (898 Mb free - 46%) [] # FAT
K:\ -> Removable drive # 4 Gb (8 Mb free - 0%) [A-DATA UFD] # FAT32
################## | Files # Infected Folders |
Deleted ! J:\RECYCLER\S-1-5-21-2214276341-3544434524-6043330-4321\update.exe
Not deleted ! E:\Autorun.inf
Deleted ! J:\Autorun.inf
Deleted ! K:\Autorun.inf
################## | Registry |
Deleted ! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
################## | Mountpoints2 |
################## | Listing |
[24/05/2011 - 23:39:33 | RD ] C:\32788R22FWJFW
[23/05/2011 - 22:42:18 | D ] C:\Aplikace
[03/02/2008 - 18:07:12 | D ] C:\ATI
[01/02/2009 - 16:08:58 | A | 95] C:\AUTOEXEC.BAT
[05/02/2008 - 20:06:32 | A | 211] C:\Boot.bak
[19/05/2011 - 10:37:38 | RASH | 327] C:\boot.ini
[20/09/2001 - 15:00:00 | RASH | 4952] C:\Bootfont.bin
[19/05/2011 - 10:37:38 | RASHD ] C:\cmdcons
[03/08/2004 - 23:00:04 | RASH | 261312] C:\cmldr
[02/02/2008 - 13:36:02 | A | 0] C:\CONFIG.SYS
[08/07/2008 - 21:08:27 | A | 127] C:\CountCyclesWMVDecLog.txt
[09/03/2008 - 11:09:41 | A | 10] C:\csb.log
[18/09/2010 - 15:22:57 | D ] C:\Documents and Settings
[15/07/2010 - 00:55:44 | D ] C:\DVDVideoSoft
[01/06/2011 - 09:13:07 | ASH | 536399872] C:\hiberfil.sys
[02/11/2008 - 13:04:29 | A | 5056642] C:\HuskyInstallerLog.txt
[03/02/2008 - 17:25:35 | D ] C:\Intel
[02/02/2008 - 13:36:02 | RASH | 0] C:\IO.SYS
[18/05/2011 - 22:18:31 | AD ] C:\Kaspersky Rescue Disk 10.0
[02/02/2008 - 13:36:02 | RASH | 0] C:\MSDOS.SYS
[03/08/2004 - 22:38:34 | RASH | 47564] C:\NTDETECT.COM
[03/08/2004 - 22:59:38 | RASH | 250048] C:\ntldr
[01/06/2011 - 09:13:07 | ASH | 805306368] C:\pagefile.sys
[13/02/2008 - 14:09:19 | D ] C:\Palm photos
[26/05/2011 - 22:36:07 | RD ] C:\Program Files
[01/06/2011 - 09:38:11 | SHD ] C:\RECYCLER
[25/05/2011 - 21:50:23 | D ] C:\rsit
[16/05/2009 - 15:25:05 | A | 106] C:\Searches.txt
[27/03/2009 - 20:25:38 | D ] C:\SmartDraw 2009
[20/11/2008 - 11:28:49 | A | 57624] C:\snp2uvc-001.raw
[24/05/2011 - 23:39:33 | A | 361] C:\Start_.cmd
[26/05/2011 - 22:39:22 | SHD ] C:\System Volume Information
[25/11/2008 - 11:38:51 | A | 65763] C:\tv3d_debug.txt
[01/06/2011 - 09:38:12 | D ] C:\UsbFix
[01/06/2011 - 09:38:19 | A | 2026] C:\UsbFix.txt
[30/05/2011 - 20:21:17 | D ] C:\WINDOWS
[27/03/2008 - 21:05:47 | D ] D:\802 filmy
[13/05/2011 - 14:08:00 | D ] D:\Filmy z netu
[11/02/2009 - 14:01:40 | D ] D:\Filmy z videokamery
[09/04/2011 - 12:40:35 | D ] D:\Fotky C-D
[16/04/2011 - 14:15:16 | D ] D:\Fotky D
[03/02/2008 - 18:36:05 | D ] D:\install
[30/01/2011 - 23:48:50 | D ] D:\Kopie DVD pro Shrink
[11/02/2008 - 18:31:21 | D ] D:\MOJE_TLUSTA_RECKA_SVATBA
[26/04/2011 - 09:20:28 | D ] D:\Noty
[12/02/2008 - 14:11:29 | A | 142359] D:\ples.zip
[01/01/2011 - 23:45:01 | D ] D:\Prezentace
[15/09/2009 - 10:18:13 | D ] D:\Programy
[01/06/2011 - 09:38:11 | SHD ] D:\RECYCLER
[03/02/2008 - 17:28:03 | SHD ] D:\System Volume Information
[12/03/2010 - 00:56:26 | D ] D:\Zvěrokruh
[17/04/2008 - 11:32:00 | RD ] E:\AdobeReader
[06/09/2007 - 10:45:50 | RD ] E:\Bin
[13/11/2001 - 21:48:54 | R | 126976] E:\Launch.exe
[01/10/2007 - 11:04:00 | R | 381] E:\Launch.ini
[06/09/2007 - 10:45:50 | RD ] E:\Manual
[06/09/2007 - 10:46:20 | RD ] E:\PhotoImpression 5
[06/09/2007 - 10:46:46 | RD ] E:\Setup
[06/09/2007 - 10:45:50 | RD ] E:\VideoImpression 2
[29/06/2006 - 03:27:36 | R | 45] E:\autorun.inf
[05/03/2011 - 09:01:38 | SHD ] J:\FOUND.000
[17/12/2010 - 21:16:46 | A | 1026989924] J:\Nejak se to komplikuje 2009 cz dabing.avi
[01/02/2011 - 22:28:12 | A | 16793584] J:\OperaPortable10.62.zip
[01/02/2011 - 22:28:54 | D ] J:\OperaPortable10.62
[05/03/2011 - 09:01:40 | A | 2934] J:\BOOTEX.LOG
[01/06/2011 - 09:30:00 | RSHD ] J:\RECYCLER
[01/06/2011 - 09:38:20 | RASH | 281] J:\autorun.inf
[29/04/2010 - 13:16:46 | D ] K:\Nokia
[29/04/2010 - 13:21:36 | D ] K:\MyPhoneExplorer
[29/04/2010 - 13:22:26 | D ] K:\Opera
[23/08/2008 - 16:18:02 | A | 8930408] K:\Opera_952_10108_in.exe
[29/04/2010 - 13:26:14 | D ] K:\OpenOffice.org 2.3
[08/10/2009 - 14:08:20 | A | 8616483] K:\pisen-pro-soudruhy.wmv
[25/05/2010 - 15:39:40 | A | 157675] K:\Dochazka52010.jpg
[25/03/2011 - 02:47:48 | A | 799986076] K:\prci,prci,prcicky 7 - komedie 2009 cz dabing(ldandasova).avi
[20/04/2011 - 19:10:18 | A | 879883070] K:\megamysl.avi
[26/05/2011 - 21:52:20 | RSHD ] K:\RECYCLER
[27/05/2011 - 06:31:26 | A | 1390] K:\BOOTEX.LOG
[10/03/2011 - 21:16:30 | D ] K:\226979_478107_Driver_E1750
[09/03/2011 - 19:20:36 | A | 727633920] K:\zlata brana super komedie(2009) cz dabing.avi
[15/10/2010 - 21:07:38 | A | 21606520] K:\VLCPortable_1.1.2_Rev_2.paf.exe
[19/11/2010 - 05:46:24 | A | 29696] K:\Analýza konkurence.doc
[20/11/2010 - 14:15:36 | A | 93436] K:\bgfnno2-20101120.docx
[20/11/2010 - 17:09:10 | A | 2880916] K:\19.listopadu 2010.ZVR
[12/08/2008 - 19:38:50 | D ] K:\VoiceTracer
[03/12/2010 - 13:14:30 | D ] K:\Montessori
[09/10/2010 - 23:36:32 | A | 563712] K:\Poselství od protinožců.doc
[26/02/2011 - 19:08:32 | D ] K:\tučňáci
################## | Vaccin |
C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
J:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
K:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_635C9F169C274B8.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.
################## | E.O.F |
############################## | UsbFix 7.014 | [Deletion]
User: Admin (Administrator) # 635C9F169C274B8 [ ]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 09:32:09 | 01/06/2011
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Pentium(R) 4 CPU 3.20GHz
CPU 2: Intel(R) Pentium(R) 4 CPU 3.20GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall: Disabled /!\
Antivirus: avast! Antivirus 5.0.100664421 [(!) Disabled | Updated]
RAM -> 511 Mb
C:\ (%systemdrive%) -> Fixed drive # 38 Gb (5 Mb free - 14%) [] # NTFS
D:\ -> Fixed drive # 195 Gb (55 Mb free - 28%) [] # NTFS
E:\ -> CD-ROM
J:\ -> Removable drive # 2 Gb (898 Mb free - 46%) [] # FAT
K:\ -> Removable drive # 4 Gb (8 Mb free - 0%) [A-DATA UFD] # FAT32
################## | Files # Infected Folders |
Deleted ! J:\RECYCLER\S-1-5-21-2214276341-3544434524-6043330-4321\update.exe
Not deleted ! E:\Autorun.inf
Deleted ! J:\Autorun.inf
Deleted ! K:\Autorun.inf
################## | Registry |
Deleted ! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
################## | Mountpoints2 |
################## | Listing |
[24/05/2011 - 23:39:33 | RD ] C:\32788R22FWJFW
[23/05/2011 - 22:42:18 | D ] C:\Aplikace
[03/02/2008 - 18:07:12 | D ] C:\ATI
[01/02/2009 - 16:08:58 | A | 95] C:\AUTOEXEC.BAT
[05/02/2008 - 20:06:32 | A | 211] C:\Boot.bak
[19/05/2011 - 10:37:38 | RASH | 327] C:\boot.ini
[20/09/2001 - 15:00:00 | RASH | 4952] C:\Bootfont.bin
[19/05/2011 - 10:37:38 | RASHD ] C:\cmdcons
[03/08/2004 - 23:00:04 | RASH | 261312] C:\cmldr
[02/02/2008 - 13:36:02 | A | 0] C:\CONFIG.SYS
[08/07/2008 - 21:08:27 | A | 127] C:\CountCyclesWMVDecLog.txt
[09/03/2008 - 11:09:41 | A | 10] C:\csb.log
[18/09/2010 - 15:22:57 | D ] C:\Documents and Settings
[15/07/2010 - 00:55:44 | D ] C:\DVDVideoSoft
[01/06/2011 - 09:13:07 | ASH | 536399872] C:\hiberfil.sys
[02/11/2008 - 13:04:29 | A | 5056642] C:\HuskyInstallerLog.txt
[03/02/2008 - 17:25:35 | D ] C:\Intel
[02/02/2008 - 13:36:02 | RASH | 0] C:\IO.SYS
[18/05/2011 - 22:18:31 | AD ] C:\Kaspersky Rescue Disk 10.0
[02/02/2008 - 13:36:02 | RASH | 0] C:\MSDOS.SYS
[03/08/2004 - 22:38:34 | RASH | 47564] C:\NTDETECT.COM
[03/08/2004 - 22:59:38 | RASH | 250048] C:\ntldr
[01/06/2011 - 09:13:07 | ASH | 805306368] C:\pagefile.sys
[13/02/2008 - 14:09:19 | D ] C:\Palm photos
[26/05/2011 - 22:36:07 | RD ] C:\Program Files
[01/06/2011 - 09:38:11 | SHD ] C:\RECYCLER
[25/05/2011 - 21:50:23 | D ] C:\rsit
[16/05/2009 - 15:25:05 | A | 106] C:\Searches.txt
[27/03/2009 - 20:25:38 | D ] C:\SmartDraw 2009
[20/11/2008 - 11:28:49 | A | 57624] C:\snp2uvc-001.raw
[24/05/2011 - 23:39:33 | A | 361] C:\Start_.cmd
[26/05/2011 - 22:39:22 | SHD ] C:\System Volume Information
[25/11/2008 - 11:38:51 | A | 65763] C:\tv3d_debug.txt
[01/06/2011 - 09:38:12 | D ] C:\UsbFix
[01/06/2011 - 09:38:19 | A | 2026] C:\UsbFix.txt
[30/05/2011 - 20:21:17 | D ] C:\WINDOWS
[27/03/2008 - 21:05:47 | D ] D:\802 filmy
[13/05/2011 - 14:08:00 | D ] D:\Filmy z netu
[11/02/2009 - 14:01:40 | D ] D:\Filmy z videokamery
[09/04/2011 - 12:40:35 | D ] D:\Fotky C-D
[16/04/2011 - 14:15:16 | D ] D:\Fotky D
[03/02/2008 - 18:36:05 | D ] D:\install
[30/01/2011 - 23:48:50 | D ] D:\Kopie DVD pro Shrink
[11/02/2008 - 18:31:21 | D ] D:\MOJE_TLUSTA_RECKA_SVATBA
[26/04/2011 - 09:20:28 | D ] D:\Noty
[12/02/2008 - 14:11:29 | A | 142359] D:\ples.zip
[01/01/2011 - 23:45:01 | D ] D:\Prezentace
[15/09/2009 - 10:18:13 | D ] D:\Programy
[01/06/2011 - 09:38:11 | SHD ] D:\RECYCLER
[03/02/2008 - 17:28:03 | SHD ] D:\System Volume Information
[12/03/2010 - 00:56:26 | D ] D:\Zvěrokruh
[17/04/2008 - 11:32:00 | RD ] E:\AdobeReader
[06/09/2007 - 10:45:50 | RD ] E:\Bin
[13/11/2001 - 21:48:54 | R | 126976] E:\Launch.exe
[01/10/2007 - 11:04:00 | R | 381] E:\Launch.ini
[06/09/2007 - 10:45:50 | RD ] E:\Manual
[06/09/2007 - 10:46:20 | RD ] E:\PhotoImpression 5
[06/09/2007 - 10:46:46 | RD ] E:\Setup
[06/09/2007 - 10:45:50 | RD ] E:\VideoImpression 2
[29/06/2006 - 03:27:36 | R | 45] E:\autorun.inf
[05/03/2011 - 09:01:38 | SHD ] J:\FOUND.000
[17/12/2010 - 21:16:46 | A | 1026989924] J:\Nejak se to komplikuje 2009 cz dabing.avi
[01/02/2011 - 22:28:12 | A | 16793584] J:\OperaPortable10.62.zip
[01/02/2011 - 22:28:54 | D ] J:\OperaPortable10.62
[05/03/2011 - 09:01:40 | A | 2934] J:\BOOTEX.LOG
[01/06/2011 - 09:30:00 | RSHD ] J:\RECYCLER
[01/06/2011 - 09:38:20 | RASH | 281] J:\autorun.inf
[29/04/2010 - 13:16:46 | D ] K:\Nokia
[29/04/2010 - 13:21:36 | D ] K:\MyPhoneExplorer
[29/04/2010 - 13:22:26 | D ] K:\Opera
[23/08/2008 - 16:18:02 | A | 8930408] K:\Opera_952_10108_in.exe
[29/04/2010 - 13:26:14 | D ] K:\OpenOffice.org 2.3
[08/10/2009 - 14:08:20 | A | 8616483] K:\pisen-pro-soudruhy.wmv
[25/05/2010 - 15:39:40 | A | 157675] K:\Dochazka52010.jpg
[25/03/2011 - 02:47:48 | A | 799986076] K:\prci,prci,prcicky 7 - komedie 2009 cz dabing(ldandasova).avi
[20/04/2011 - 19:10:18 | A | 879883070] K:\megamysl.avi
[26/05/2011 - 21:52:20 | RSHD ] K:\RECYCLER
[27/05/2011 - 06:31:26 | A | 1390] K:\BOOTEX.LOG
[10/03/2011 - 21:16:30 | D ] K:\226979_478107_Driver_E1750
[09/03/2011 - 19:20:36 | A | 727633920] K:\zlata brana super komedie(2009) cz dabing.avi
[15/10/2010 - 21:07:38 | A | 21606520] K:\VLCPortable_1.1.2_Rev_2.paf.exe
[19/11/2010 - 05:46:24 | A | 29696] K:\Analýza konkurence.doc
[20/11/2010 - 14:15:36 | A | 93436] K:\bgfnno2-20101120.docx
[20/11/2010 - 17:09:10 | A | 2880916] K:\19.listopadu 2010.ZVR
[12/08/2008 - 19:38:50 | D ] K:\VoiceTracer
[03/12/2010 - 13:14:30 | D ] K:\Montessori
[09/10/2010 - 23:36:32 | A | 563712] K:\Poselství od protinožců.doc
[26/02/2011 - 19:08:32 | D ] K:\tučňáci
################## | Vaccin |
C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
J:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
K:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_635C9F169C274B8.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.
################## | E.O.F |
Ještě, že Vás tu máme ...
Re: Generic Host Process for Win32 Services - zamrzne PC
Ted to s počítačem vypadá jak?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Generic Host Process for Win32 Services - zamrzne PC
Bohužel problém trvá a - jako u ostatních tady, kteří mají s touhle hláškou problém - vypíná se mi i zvuk - respektive systém nenajde zvukovou kartu ...
Ještě, že Vás tu máme ...
Re: Generic Host Process for Win32 Services - zamrzne PC
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Generic Host Process for Win32 Services - zamrzne PC
KOnečně se to povedlo ...
GMER log 1 :
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-14 16:30:07
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250410AS rev.3.AAC
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\awgdyfog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEEB3ABF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEEB3AA5D]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEEBBA902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
GMER log 2 první část :
ER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-14 17:00:38
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250410AS rev.3.AAC
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\awgdyfog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xEEB16202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xEEBA4CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xEEB3A6C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xEEB1881C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xEEB18874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xEEB1898A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xEEB3A075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xEEB18772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xEEB188C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xEEB187C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xEEB18938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xEEB16226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xEEB3AD87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xEEB3B03D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xEEB18C0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEEB3ABF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEEB3AA5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xEEBA4D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xEEB15FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xEEB1624A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xEEB18D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xEEB16CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xEEB1884C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xEEB1889C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xEEB189B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xEEB3A3D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xEEB1879E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xEEB18A46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xEEB18904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xEEB187F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xEEB18B2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xEEB18962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xEEBA4DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xEEB3A8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xEEB16BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xEEB3A72A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEEBADE48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xEEB396E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xEEB1626E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xEEB16292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xEEB1604A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xEEB16186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xEEB3AE8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xEEB16162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xEEB161AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xEEB162B6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEEBBA902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 3AF 804E5270 4 Bytes [E8, 96, B3, EE]
PAGE ntoskrnl.exe!ObInsertObject 8056EBBF 5 Bytes JMP EEBB7D5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80576F09 4 Bytes CALL EEB17335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B5EC 7 Bytes JMP EEBBA906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A9184 5 Bytes JMP EEBB62BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF792E000, 0x17C39E, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF80BA4F 5 Bytes JMP EEB19CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF810175 5 Bytes JMP EEB19BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 92C BF827A40 5 Bytes JMP EEB18F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + D80 BF83331E 5 Bytes JMP EEB19E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 7717 BF839CB5 5 Bytes JMP EEB1A040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 112EA BF843888 5 Bytes JMP EEB18E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 5509 BF849B03 5 Bytes JMP EEB1906A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 1437 BF854BF4 5 Bytes JMP EEB19B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1036 BF857AD0 5 Bytes JMP EEB19D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 62A3 BF87FFC9 5 Bytes JMP EEB191AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 632C BF880052 5 Bytes JMP EEB19352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 70B0 BF880DD6 5 Bytes JMP EEB18E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 245E BF884C65 5 Bytes JMP EEB19F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_hGetColorTransform + AFDD BF89F83F 5 Bytes JMP EEB1932A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4E4C BF8CEEE3 5 Bytes JMP EEB18DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + A434 BF8DAA77 5 Bytes JMP EEB19C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 77D BF8FAF04 5 Bytes JMP EEB18FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 58C BF908B12 5 Bytes JMP EEB190DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 80C BF908D92 5 Bytes JMP EEB19114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1993 BF911AD9 5 Bytes JMP EEB18F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2567 BF9126AD 5 Bytes JMP EEB19034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EC1 BF915007 5 Bytes JMP EEB1946C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 191E BF94290C 5 Bytes JMP EEB19EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\spoolsv.exe[236] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[236] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[236] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[236] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[236] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\spoolsv.exe[236] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\spoolsv.exe[236] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\spoolsv.exe[236] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\spoolsv.exe[236] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\spoolsv.exe[236] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\spoolsv.exe[236] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\spoolsv.exe[236] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\spoolsv.exe[236] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[236] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[236] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[236] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[236] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\smss.exe[696] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\csrss.exe[768] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[768] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[800] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[800] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[800] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[856] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[856] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[856] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003C1014
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003C0804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003C0A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003C0C0C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003C0E10
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003C01F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003C03FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003C0600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!SetWindowsHookExA
GMER log 1 :
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-14 16:30:07
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250410AS rev.3.AAC
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\awgdyfog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEEB3ABF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEEB3AA5D]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEEBBA902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
GMER log 2 první část :
ER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-14 17:00:38
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250410AS rev.3.AAC
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\awgdyfog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xEEB16202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xEEBA4CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xEEB3A6C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xEEB1881C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xEEB18874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xEEB1898A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xEEB3A075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xEEB18772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xEEB188C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xEEB187C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xEEB18938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xEEB16226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xEEB3AD87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xEEB3B03D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xEEB18C0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEEB3ABF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEEB3AA5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xEEBA4D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xEEB15FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xEEB1624A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xEEB18D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xEEB16CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xEEB1884C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xEEB1889C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xEEB189B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xEEB3A3D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xEEB1879E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xEEB18A46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xEEB18904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xEEB187F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xEEB18B2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xEEB18962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xEEBA4DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xEEB3A8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xEEB16BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xEEB3A72A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEEBADE48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xEEB396E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xEEB1626E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xEEB16292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xEEB1604A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xEEB16186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xEEB3AE8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xEEB16162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xEEB161AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xEEB162B6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEEBBA902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 3AF 804E5270 4 Bytes [E8, 96, B3, EE]
PAGE ntoskrnl.exe!ObInsertObject 8056EBBF 5 Bytes JMP EEBB7D5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80576F09 4 Bytes CALL EEB17335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B5EC 7 Bytes JMP EEBBA906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A9184 5 Bytes JMP EEBB62BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF792E000, 0x17C39E, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF80BA4F 5 Bytes JMP EEB19CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF810175 5 Bytes JMP EEB19BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 92C BF827A40 5 Bytes JMP EEB18F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + D80 BF83331E 5 Bytes JMP EEB19E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 7717 BF839CB5 5 Bytes JMP EEB1A040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 112EA BF843888 5 Bytes JMP EEB18E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 5509 BF849B03 5 Bytes JMP EEB1906A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 1437 BF854BF4 5 Bytes JMP EEB19B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1036 BF857AD0 5 Bytes JMP EEB19D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 62A3 BF87FFC9 5 Bytes JMP EEB191AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 632C BF880052 5 Bytes JMP EEB19352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 70B0 BF880DD6 5 Bytes JMP EEB18E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 245E BF884C65 5 Bytes JMP EEB19F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_hGetColorTransform + AFDD BF89F83F 5 Bytes JMP EEB1932A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4E4C BF8CEEE3 5 Bytes JMP EEB18DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + A434 BF8DAA77 5 Bytes JMP EEB19C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 77D BF8FAF04 5 Bytes JMP EEB18FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 58C BF908B12 5 Bytes JMP EEB190DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 80C BF908D92 5 Bytes JMP EEB19114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1993 BF911AD9 5 Bytes JMP EEB18F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2567 BF9126AD 5 Bytes JMP EEB19034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EC1 BF915007 5 Bytes JMP EEB1946C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 191E BF94290C 5 Bytes JMP EEB19EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\spoolsv.exe[236] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[236] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[236] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[236] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[236] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\spoolsv.exe[236] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\spoolsv.exe[236] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\spoolsv.exe[236] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\spoolsv.exe[236] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\spoolsv.exe[236] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\spoolsv.exe[236] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\spoolsv.exe[236] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\spoolsv.exe[236] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[236] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[236] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[236] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[236] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\smss.exe[696] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[716] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[756] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\csrss.exe[768] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[768] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[800] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[800] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[800] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[856] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[856] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[856] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003C1014
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003C0804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003C0A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003C0C0C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003C0E10
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003C01F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003C03FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003C0600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!SetWindowsHookExA
Ještě, že Vás tu máme ...
Re: Generic Host Process for Win32 Services - zamrzne PC
Dokončení GMER log 2 :
77D602B2 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\alg.exe[1504] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[1504] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1504] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[1504] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1504] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\alg.exe[1504] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\alg.exe[1504] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\alg.exe[1504] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\alg.exe[1504] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\alg.exe[1504] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\alg.exe[1504] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\alg.exe[1504] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\alg.exe[1504] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\alg.exe[1504] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\alg.exe[1504] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\alg.exe[1504] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\alg.exe[1504] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1568] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1568] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1568] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1568] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1568] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1760] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1760] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1760] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\Explorer.EXE[2880] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[2880] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2880] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[2880] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2880] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014
.text C:\WINDOWS\Explorer.EXE[2880] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804
.text C:\WINDOWS\Explorer.EXE[2880] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08
.text C:\WINDOWS\Explorer.EXE[2880] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C
.text C:\WINDOWS\Explorer.EXE[2880] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10
.text C:\WINDOWS\Explorer.EXE[2880] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8
.text C:\WINDOWS\Explorer.EXE[2880] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC
.text C:\WINDOWS\Explorer.EXE[2880] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600
.text C:\WINDOWS\Explorer.EXE[2880] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003101F8
.text C:\WINDOWS\Explorer.EXE[2880] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003103FC
.text C:\WINDOWS\Explorer.EXE[2880] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00310804
.text C:\WINDOWS\Explorer.EXE[2880] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00310A08
.text C:\WINDOWS\Explorer.EXE[2880] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00310600
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\rundll32.exe[3084] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\rundll32.exe[3084] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[3084] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\rundll32.exe[3084] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[3084] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\rundll32.exe[3084] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\rundll32.exe[3084] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\rundll32.exe[3084] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\rundll32.exe[3084] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\rundll32.exe[3084] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\rundll32.exe[3084] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\rundll32.exe[3084] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\rundll32.exe[3084] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\rundll32.exe[3084] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\rundll32.exe[3084] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\rundll32.exe[3084] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\rundll32.exe[3084] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003E1014
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003E0804
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003E0A08
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003E0C0C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003E0E10
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003E01F8
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003E03FC
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003E0600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3116] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3116] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\WinRAR\WinRAR.exe[3812] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ADVAPI32.DLL!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ADVAPI32.DLL!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ADVAPI32.DLL!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ADVAPI32.DLL!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ADVAPI32.DLL!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ADVAPI32.DLL!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ADVAPI32.DLL!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ADVAPI32.DLL!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\WinRAR\WinRAR.exe[3812] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8
.text C:\Program Files\WinRAR\WinRAR.exe[3812] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC
.text C:\Program Files\WinRAR\WinRAR.exe[3812] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804
.text C:\Program Files\WinRAR\WinRAR.exe[3812] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08
.text C:\Program Files\WinRAR\WinRAR.exe[3812] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 3 Bytes JMP 009B1014
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E26BE5 1 Byte [88]
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 009B0804
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 009B0A08
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 009B0C0C
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 009B0E10
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 009B01F8
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 009B03FC
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 009B0600
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00AC01F8
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 00AC03FC
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00AC0804
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00AC0A08
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00AC0600
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00620002
IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00620000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd10a5ed
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd10a5ed@001fdf43cab6 0x7E 0x7E 0xD9 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd10a5ed@0019631f471d 0xF3 0x48 0x1C 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd10a5ed (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd10a5ed@001fdf43cab6 0x7E 0x7E 0xD9 0x15 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd10a5ed@0019631f471d 0xF3 0x48 0x1C 0x51 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...
---- EOF - GMER 1.0.15 ----
77D602B2 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1452] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\alg.exe[1504] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[1504] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1504] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[1504] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1504] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\alg.exe[1504] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\alg.exe[1504] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\alg.exe[1504] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\alg.exe[1504] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\alg.exe[1504] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\alg.exe[1504] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\alg.exe[1504] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\alg.exe[1504] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\alg.exe[1504] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\alg.exe[1504] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\alg.exe[1504] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\alg.exe[1504] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1512] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1568] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1568] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1568] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1568] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1568] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1760] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1760] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1760] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\Explorer.EXE[2880] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[2880] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2880] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[2880] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2880] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014
.text C:\WINDOWS\Explorer.EXE[2880] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804
.text C:\WINDOWS\Explorer.EXE[2880] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08
.text C:\WINDOWS\Explorer.EXE[2880] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C
.text C:\WINDOWS\Explorer.EXE[2880] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10
.text C:\WINDOWS\Explorer.EXE[2880] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8
.text C:\WINDOWS\Explorer.EXE[2880] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC
.text C:\WINDOWS\Explorer.EXE[2880] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600
.text C:\WINDOWS\Explorer.EXE[2880] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003101F8
.text C:\WINDOWS\Explorer.EXE[2880] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003103FC
.text C:\WINDOWS\Explorer.EXE[2880] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00310804
.text C:\WINDOWS\Explorer.EXE[2880] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00310A08
.text C:\WINDOWS\Explorer.EXE[2880] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00310600
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3052] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\rundll32.exe[3084] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\rundll32.exe[3084] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[3084] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\rundll32.exe[3084] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[3084] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\rundll32.exe[3084] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\rundll32.exe[3084] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\rundll32.exe[3084] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\rundll32.exe[3084] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\rundll32.exe[3084] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\rundll32.exe[3084] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\rundll32.exe[3084] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\rundll32.exe[3084] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\rundll32.exe[3084] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\rundll32.exe[3084] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\rundll32.exe[3084] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\rundll32.exe[3084] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003E1014
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003E0804
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003E0A08
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003E0C0C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003E0E10
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003E01F8
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003E03FC
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3100] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003E0600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3108] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3116] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3116] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\WinRAR\WinRAR.exe[3812] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ADVAPI32.DLL!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ADVAPI32.DLL!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ADVAPI32.DLL!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ADVAPI32.DLL!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ADVAPI32.DLL!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ADVAPI32.DLL!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ADVAPI32.DLL!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\WinRAR\WinRAR.exe[3812] ADVAPI32.DLL!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\WinRAR\WinRAR.exe[3812] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8
.text C:\Program Files\WinRAR\WinRAR.exe[3812] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC
.text C:\Program Files\WinRAR\WinRAR.exe[3812] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804
.text C:\Program Files\WinRAR\WinRAR.exe[3812] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08
.text C:\Program Files\WinRAR\WinRAR.exe[3812] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 3 Bytes JMP 009B1014
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E26BE5 1 Byte [88]
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 009B0804
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 009B0A08
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 009B0C0C
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 009B0E10
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 009B01F8
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 009B03FC
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 009B0600
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00AC01F8
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 00AC03FC
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00AC0804
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00AC0A08
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.844\gmer.exe[4048] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00AC0600
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00620002
IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00620000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd10a5ed
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd10a5ed@001fdf43cab6 0x7E 0x7E 0xD9 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd10a5ed@0019631f471d 0xF3 0x48 0x1C 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd10a5ed (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd10a5ed@001fdf43cab6 0x7E 0x7E 0xD9 0x15 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd10a5ed@0019631f471d 0xF3 0x48 0x1C 0x51 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...
---- EOF - GMER 1.0.15 ----
Ještě, že Vás tu máme ...
Re: Generic Host Process for Win32 Services - zamrzne PC
Tohle je ok. Poprosím o nový log ze rsitu. Ted to s počítačem vypadá jak?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Generic Host Process for Win32 Services - zamrzne PC
Je to zvláštní, ale je to různé ... Někdy ta hláška vyskočí hned po naběhnutí windows, někdy až za půl hodiny normálního fungování ... Někdy se po odkliknutí oné hlášky vypne zvuk, někdy ne ... Jsem z toho jelen, srnec a daněk dohromady - žádná nějaká pravidelnost, která by se dala vysledovat ... Zkusím ten RSIT ...
Ještě, že Vás tu máme ...
Re: Generic Host Process for Win32 Services - zamrzne PC
Log RSIT :
Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2011-06-14 20:36:09
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 6 GB (15%) free of 38 GB
Total RAM: 511 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:36:16, on 14.6.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://78.157.164.45/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6766312D-0E25-4E49-AA40-5F4E16B2F70C}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 7280 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-22 61888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2004-08-06 135168]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-05-10 3459712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
C:\Program Files\CounterPath\X-Lite\x-lite.exe [2010-01-04 23941120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^PowerReg Scheduler.exe]
C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DataViz Messenger.lnk]
C:\WINDOWS\DVZCOM~1\DvzMsgr.exe [2003-07-01 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HotSync Manager.lnk]
C:\PROGRA~1\Palm\Hotsync.exe [2004-06-09 471040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-21 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Palm\HOTSYNC.EXE"="C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\CounterPath\X-Lite\x-lite.exe"="C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\Aplikace\VLC\vlc.exe"="C:\Aplikace\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\WINDOWS\system32\crssc.exe"="C:\WINDOWS\system32\crssc.exe:*:Enabled:Microsoft Enabled"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2011-06-14 20:35:52 ----A---- C:\RSIT.exe
2011-06-01 09:38:20 ----RASHD---- C:\Autorun.inf
2011-06-01 09:32:09 ----A---- C:\UsbFix.txt
2011-06-01 09:31:51 ----D---- C:\UsbFix
2011-06-01 09:31:08 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys.bck
2011-05-26 22:11:56 ----A---- C:\Program Files\setup_9.0.0.722_26.05.2011_22-14.exe
2011-05-25 21:50:10 ----D---- C:\Program Files\trend micro
2011-05-25 21:50:09 ----D---- C:\rsit
2011-05-24 23:39:33 ----A---- C:\Start_.cmd
2011-05-24 23:35:39 ----RD---- C:\32788R22FWJFW
2011-05-23 23:29:35 ----SHD---- C:\RECYCLER
2011-05-23 22:43:27 ----D---- C:\Documents and Settings\Admin\Data aplikací\Malwarebytes
2011-05-23 22:43:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-05-23 22:43:19 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-05-23 22:43:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-05-23 22:43:16 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-05-23 16:50:59 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2011-05-23 16:50:46 ----D---- C:\Documents and Settings\Admin\Data aplikací\Telefónica Móviles
2011-05-23 16:49:22 ----A---- C:\WINDOWS\system32\drivers\ewusbnet.sys
2011-05-23 16:49:22 ----A---- C:\WINDOWS\system32\drivers\ewusbmdm.sys
2011-05-23 16:49:22 ----A---- C:\WINDOWS\system32\drivers\ewusbdev.sys
2011-05-23 16:49:22 ----A---- C:\WINDOWS\system32\drivers\ewdcsc.sys
2011-05-23 16:49:09 ----D---- C:\Program Files\O2
2011-05-19 10:37:38 ----A---- C:\Boot.bak
2011-05-19 10:37:33 ----RASHD---- C:\cmdcons
2011-05-19 10:32:16 ----D---- C:\WINDOWS\ERDNT
2011-05-18 21:37:17 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2011-05-18 21:37:17 ----HD---- C:\WINDOWS\$hf_mig$
2011-05-18 15:20:06 ----D---- C:\WINDOWS\system32\en-US
2011-05-18 15:19:45 ----D---- C:\Program Files\Microsoft.NET
2011-05-18 15:17:18 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2011-05-18 15:07:27 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2011-05-18 14:41:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Canneverbe Limited
2011-05-18 14:41:42 ----D---- C:\Documents and Settings\Admin\Data aplikací\Canneverbe Limited
2011-05-18 14:41:31 ----A---- C:\WINDOWS\system32\drivers\StarOpen.sys
2011-05-18 14:41:24 ----D---- C:\Program Files\CDBurnerXP
2011-05-18 14:37:55 ----RA---- C:\Program Files\cdbxp_setup_4.3.8.2474.exe
2011-05-15 23:58:15 ----ASH---- C:\hiberfil.sys
======List of files/folders modified in the last 1 months======
2011-06-14 20:32:49 ----D---- C:\WINDOWS\Temp
2011-06-14 18:53:22 ----D---- C:\WINDOWS
2011-06-14 17:23:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-06-14 16:27:26 ----D---- C:\WINDOWS\Prefetch
2011-06-14 15:04:23 ----D---- C:\WINDOWS\system32
2011-06-14 14:50:58 ----RD---- C:\Program Files
2011-06-11 23:23:02 ----A---- C:\WINDOWS\NeroDigital.ini
2011-06-11 11:43:06 ----D---- C:\Program Files\CCleaner
2011-06-08 11:01:36 ----D---- C:\WINDOWS\system32\CatRoot2
2011-06-06 23:05:35 ----D---- C:\Documents and Settings\Admin\Data aplikací\Skype
2011-06-06 22:57:12 ----D---- C:\Documents and Settings\Admin\Data aplikací\skypePM
2011-06-06 15:41:11 ----D---- C:\WINDOWS\SoftwareDistribution
2011-06-01 09:31:08 ----D---- C:\WINDOWS\system32\drivers
2011-05-31 21:37:20 ----SHD---- C:\WINDOWS\Installer
2011-05-30 20:08:38 ----HD---- C:\WINDOWS\inf
2011-05-30 19:49:08 ----D---- C:\Documents and Settings\Admin\Data aplikací\OpenOffice.org2
2011-05-26 22:39:22 ----SHD---- C:\System Volume Information
2011-05-26 21:42:16 ----D---- C:\Program Files\PicPick
2011-05-24 22:27:03 ----D---- C:\WINDOWS\Resources
2011-05-24 18:12:33 ----D---- C:\WINDOWS\AppPatch
2011-05-23 22:42:18 ----D---- C:\Aplikace
2011-05-23 16:51:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-05-19 10:54:50 ----A---- C:\WINDOWS\system.ini
2011-05-19 10:54:24 ----D---- C:\WINDOWS\system32\drivers\etc
2011-05-19 10:51:54 ----D---- C:\WINDOWS\system32\config
2011-05-19 10:47:38 ----D---- C:\Program Files\Common Files
2011-05-19 10:37:38 ----RASH---- C:\boot.ini
2011-05-19 10:33:53 ----D---- C:\WINDOWS\system32\Restore
2011-05-18 22:34:38 ----RSD---- C:\WINDOWS\assembly
2011-05-18 22:27:53 ----D---- C:\WINDOWS\Microsoft.NET
2011-05-18 21:37:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-05-18 20:27:13 ----D---- C:\Documents and Settings\Admin\Data aplikací\Spyware Terminator
2011-05-18 20:25:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-05-18 15:29:29 ----D---- C:\WINDOWS\system32\CatRoot
2011-05-18 15:24:58 ----D---- C:\WINDOWS\WinSxS
2011-05-18 15:19:38 ----D---- C:\WINDOWS\system32\mui
2011-05-16 01:34:37 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iteraid;ITERAID_Service_Install; C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-02-25 24827]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-08-01 43872]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-05-10 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-05-10 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-05-10 49240]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 tidnet;TID NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\tidnet.sys [2009-09-22 19200]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-05-10 102616]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-21 2843136]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2007-11-07 169856]
R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-21 1275584]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-13 12160]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-22 250496]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-04 48128]
S3 androidusb;ADB Interface Driver; C:\WINDOWS\System32\Drivers\smhwadb.sys [2009-12-24 25728]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-04 38912]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-04 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2004-08-17 25600]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys [2007-08-09 24448]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-09-10 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-10-12 100736]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-04 15360]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2008-11-02 16694]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal); C:\WINDOWS\system32\DRIVERS\smhwdev.sys [2010-01-14 100864]
S3 smhwser;USB Device for Legacy Serial Communication (Normal); C:\WINDOWS\system32\DRIVERS\smhwser.sys [2010-02-04 108032]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys []
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SunkFilt6;Alcor Micro Corp - 6360; \??\C:\WINDOWS\System32\Drivers\sunkfilt6.sys []
S3 SunkFilt62;Alcor Micro Corp - 6362; \??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys []
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-21 512000]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-05-10 42184]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-04-17 487424]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-12-20 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-06 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-06 136176]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2011-06-14 20:36:09
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 6 GB (15%) free of 38 GB
Total RAM: 511 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:36:16, on 14.6.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://78.157.164.45/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6766312D-0E25-4E49-AA40-5F4E16B2F70C}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 7280 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-22 61888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2004-08-06 135168]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-05-10 3459712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
C:\Program Files\CounterPath\X-Lite\x-lite.exe [2010-01-04 23941120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^PowerReg Scheduler.exe]
C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DataViz Messenger.lnk]
C:\WINDOWS\DVZCOM~1\DvzMsgr.exe [2003-07-01 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HotSync Manager.lnk]
C:\PROGRA~1\Palm\Hotsync.exe [2004-06-09 471040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-21 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Palm\HOTSYNC.EXE"="C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\CounterPath\X-Lite\x-lite.exe"="C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\Aplikace\VLC\vlc.exe"="C:\Aplikace\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\WINDOWS\system32\crssc.exe"="C:\WINDOWS\system32\crssc.exe:*:Enabled:Microsoft Enabled"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2011-06-14 20:35:52 ----A---- C:\RSIT.exe
2011-06-01 09:38:20 ----RASHD---- C:\Autorun.inf
2011-06-01 09:32:09 ----A---- C:\UsbFix.txt
2011-06-01 09:31:51 ----D---- C:\UsbFix
2011-06-01 09:31:08 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys.bck
2011-05-26 22:11:56 ----A---- C:\Program Files\setup_9.0.0.722_26.05.2011_22-14.exe
2011-05-25 21:50:10 ----D---- C:\Program Files\trend micro
2011-05-25 21:50:09 ----D---- C:\rsit
2011-05-24 23:39:33 ----A---- C:\Start_.cmd
2011-05-24 23:35:39 ----RD---- C:\32788R22FWJFW
2011-05-23 23:29:35 ----SHD---- C:\RECYCLER
2011-05-23 22:43:27 ----D---- C:\Documents and Settings\Admin\Data aplikací\Malwarebytes
2011-05-23 22:43:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-05-23 22:43:19 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-05-23 22:43:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-05-23 22:43:16 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-05-23 16:50:59 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2011-05-23 16:50:46 ----D---- C:\Documents and Settings\Admin\Data aplikací\Telefónica Móviles
2011-05-23 16:49:22 ----A---- C:\WINDOWS\system32\drivers\ewusbnet.sys
2011-05-23 16:49:22 ----A---- C:\WINDOWS\system32\drivers\ewusbmdm.sys
2011-05-23 16:49:22 ----A---- C:\WINDOWS\system32\drivers\ewusbdev.sys
2011-05-23 16:49:22 ----A---- C:\WINDOWS\system32\drivers\ewdcsc.sys
2011-05-23 16:49:09 ----D---- C:\Program Files\O2
2011-05-19 10:37:38 ----A---- C:\Boot.bak
2011-05-19 10:37:33 ----RASHD---- C:\cmdcons
2011-05-19 10:32:16 ----D---- C:\WINDOWS\ERDNT
2011-05-18 21:37:17 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2011-05-18 21:37:17 ----HD---- C:\WINDOWS\$hf_mig$
2011-05-18 15:20:06 ----D---- C:\WINDOWS\system32\en-US
2011-05-18 15:19:45 ----D---- C:\Program Files\Microsoft.NET
2011-05-18 15:17:18 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2011-05-18 15:07:27 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2011-05-18 14:41:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Canneverbe Limited
2011-05-18 14:41:42 ----D---- C:\Documents and Settings\Admin\Data aplikací\Canneverbe Limited
2011-05-18 14:41:31 ----A---- C:\WINDOWS\system32\drivers\StarOpen.sys
2011-05-18 14:41:24 ----D---- C:\Program Files\CDBurnerXP
2011-05-18 14:37:55 ----RA---- C:\Program Files\cdbxp_setup_4.3.8.2474.exe
2011-05-15 23:58:15 ----ASH---- C:\hiberfil.sys
======List of files/folders modified in the last 1 months======
2011-06-14 20:32:49 ----D---- C:\WINDOWS\Temp
2011-06-14 18:53:22 ----D---- C:\WINDOWS
2011-06-14 17:23:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-06-14 16:27:26 ----D---- C:\WINDOWS\Prefetch
2011-06-14 15:04:23 ----D---- C:\WINDOWS\system32
2011-06-14 14:50:58 ----RD---- C:\Program Files
2011-06-11 23:23:02 ----A---- C:\WINDOWS\NeroDigital.ini
2011-06-11 11:43:06 ----D---- C:\Program Files\CCleaner
2011-06-08 11:01:36 ----D---- C:\WINDOWS\system32\CatRoot2
2011-06-06 23:05:35 ----D---- C:\Documents and Settings\Admin\Data aplikací\Skype
2011-06-06 22:57:12 ----D---- C:\Documents and Settings\Admin\Data aplikací\skypePM
2011-06-06 15:41:11 ----D---- C:\WINDOWS\SoftwareDistribution
2011-06-01 09:31:08 ----D---- C:\WINDOWS\system32\drivers
2011-05-31 21:37:20 ----SHD---- C:\WINDOWS\Installer
2011-05-30 20:08:38 ----HD---- C:\WINDOWS\inf
2011-05-30 19:49:08 ----D---- C:\Documents and Settings\Admin\Data aplikací\OpenOffice.org2
2011-05-26 22:39:22 ----SHD---- C:\System Volume Information
2011-05-26 21:42:16 ----D---- C:\Program Files\PicPick
2011-05-24 22:27:03 ----D---- C:\WINDOWS\Resources
2011-05-24 18:12:33 ----D---- C:\WINDOWS\AppPatch
2011-05-23 22:42:18 ----D---- C:\Aplikace
2011-05-23 16:51:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-05-19 10:54:50 ----A---- C:\WINDOWS\system.ini
2011-05-19 10:54:24 ----D---- C:\WINDOWS\system32\drivers\etc
2011-05-19 10:51:54 ----D---- C:\WINDOWS\system32\config
2011-05-19 10:47:38 ----D---- C:\Program Files\Common Files
2011-05-19 10:37:38 ----RASH---- C:\boot.ini
2011-05-19 10:33:53 ----D---- C:\WINDOWS\system32\Restore
2011-05-18 22:34:38 ----RSD---- C:\WINDOWS\assembly
2011-05-18 22:27:53 ----D---- C:\WINDOWS\Microsoft.NET
2011-05-18 21:37:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-05-18 20:27:13 ----D---- C:\Documents and Settings\Admin\Data aplikací\Spyware Terminator
2011-05-18 20:25:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-05-18 15:29:29 ----D---- C:\WINDOWS\system32\CatRoot
2011-05-18 15:24:58 ----D---- C:\WINDOWS\WinSxS
2011-05-18 15:19:38 ----D---- C:\WINDOWS\system32\mui
2011-05-16 01:34:37 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iteraid;ITERAID_Service_Install; C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-02-25 24827]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-08-01 43872]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-05-10 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-05-10 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-05-10 49240]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 tidnet;TID NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\tidnet.sys [2009-09-22 19200]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-05-10 102616]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-21 2843136]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2007-11-07 169856]
R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-21 1275584]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-13 12160]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-22 250496]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-04 48128]
S3 androidusb;ADB Interface Driver; C:\WINDOWS\System32\Drivers\smhwadb.sys [2009-12-24 25728]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-04 38912]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-04 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2004-08-17 25600]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys [2007-08-09 24448]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-09-10 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-10-12 100736]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-04 15360]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2008-11-02 16694]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal); C:\WINDOWS\system32\DRIVERS\smhwdev.sys [2010-01-14 100864]
S3 smhwser;USB Device for Legacy Serial Communication (Normal); C:\WINDOWS\system32\DRIVERS\smhwser.sys [2010-02-04 108032]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys []
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SunkFilt6;Alcor Micro Corp - 6360; \??\C:\WINDOWS\System32\Drivers\sunkfilt6.sys []
S3 SunkFilt62;Alcor Micro Corp - 6362; \??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys []
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-21 512000]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-05-10 42184]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-04-17 487424]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-12-20 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-06 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-06 136176]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Ještě, že Vás tu máme ...
Re: Generic Host Process for Win32 Services - zamrzne PC
Doinstalujte sp3 a potom nějaký firewall, třeba Zone alarm.
Pak udělejte nový combofix
Pak udělejte nový combofix
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?