VIRY.CZ

Takže čím nejlíp udělat screenshot správce disků? Není tam nic podezřelého. Print screen nic nedělá.
Body obnovy jsou samozřejmě smazané, protože v jedné doporučené proceduře bylo vyžadováno vypnutí funkce system restore a tím se staré body smazaly.
Nevíš co by mohlo způsobovat safe mode loop? Nedostanu se do safe modu za nic na světě. Zkoušel jsem taky všechno možný, co bylo doporučováno na forech. Bezvýsledně.

Jo a ještě něco, CF hlásí, že není nainstalována konzola pro zotavení i když ji při prvním spuštění instaloval, tak nevím co s tím.
Mohu se do ni dostat, protože ji při bootu vidím jako jednu z možností.

Sorry za smazané log z prvních pokusů ComboFixu, ale při unistallu se smazaly.
Tady je ten log z nového spuštění:

ComboFix 11-12-04.02 - Jarda 04.12.2011 12:20:32.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2464 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jarda\Plocha\turbina.com
AV: GFI Software VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Jarda\LOCALS~1\Temp\sfamcc00001.dll
c:\docume~1\Jarda\LOCALS~1\Temp\sfareca00001.dll
c:\documents and settings\Jarda\Local Settings\temp\sfamcc00001.dll
c:\documents and settings\Jarda\Local Settings\temp\sfareca00001.dll
c:\windows\CSC\d6
c:\windows\msmqinst.log
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-04 do 2011-12-04 )))))))))))))))))))))))))))))))
.
.
2011-12-04 05:41 . 2011-12-04 07:17 -------- d-----w- c:\windows\LastGood.Tmp
2011-12-03 21:51 . 2011-12-03 21:51 -------- d-----w- C:\e0d0b5ea33171de026
2011-12-03 21:37 . 2011-12-03 21:37 -------- d-----w- c:\program files\DBNS
2011-12-03 18:15 . 2011-12-03 18:15 -------- d-----w- c:\program files\Toolbar Cleaner
2011-12-03 18:15 . 2011-12-03 18:58 -------- d-----w- c:\documents and settings\Jarda\Local Settings\Data aplikací\panda2_0dn
2011-12-03 18:15 . 2011-12-04 11:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Panda Security URL Filtering
2011-12-03 18:15 . 2011-12-03 18:15 -------- d-----w- c:\documents and settings\Jarda\Data aplikací\pandasecuritytb
2011-12-03 18:15 . 2011-12-03 18:15 -------- d-----w- c:\program files\Panda Security
2011-12-03 17:50 . 2011-12-03 17:50 3584 ----a-r- c:\documents and settings\Jarda\Data aplikací\Microsoft\Installer\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}\Icon386ED4E3.exe
2011-12-01 20:57 . 2011-12-01 20:57 -------- d-----w- c:\documents and settings\Jarda\Local Settings\Data aplikací\NeoSmart_Technologies
2011-12-01 20:55 . 2011-12-01 21:02 -------- d-----w- c:\program files\NeoSmart Technologies
2011-12-01 16:43 . 2011-12-01 16:43 -------- d-----w- C:\rsit
2011-11-30 17:16 . 2011-11-30 17:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\GFI Software
2011-11-30 17:16 . 2011-11-30 17:16 -------- d-----w- c:\windows\system32\drivers\VDD
2011-11-30 17:14 . 2011-11-30 17:14 -------- d-----w- c:\program files\GFI Software
2011-11-30 17:14 . 2011-11-30 17:14 -------- d-----w- c:\documents and settings\Jarda\Data aplikací\GFI Software
2011-11-30 16:56 . 2008-04-14 07:52 185856 -c--a-w- c:\windows\system32\dllcache\accwiz.exe
2011-11-30 16:56 . 2008-04-14 07:52 185856 ----a-w- c:\windows\system32\accwiz.exe
2011-11-30 16:46 . 2011-12-01 21:31 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-11-29 19:17 . 2011-11-29 20:52 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-29 19:17 . 2011-11-30 20:15 -------- d-----w- c:\documents and settings\Jarda\Local Settings\Data aplikací\Yandex
2011-11-29 19:17 . 2011-11-30 20:15 -------- d-----w- c:\documents and settings\Jarda\Data aplikací\Yandex
2011-11-29 17:48 . 2001-10-24 11:24 91264 -c--a-w- c:\windows\system32\dllcache\cirrus.dll
2011-11-29 17:47 . 2008-04-14 07:51 29696 -c--a-w- c:\windows\system32\dllcache\admexs.dll
2011-11-29 17:46 . 2008-04-14 07:51 46592 -c--a-w- c:\windows\system32\dllcache\coadmin.dll
2011-11-29 17:46 . 2008-04-14 07:52 188480 -c--a-w- c:\windows\system32\dllcache\cfgwiz.exe
2011-11-29 17:45 . 2008-04-14 07:52 16439 -c--a-w- c:\windows\system32\dllcache\author.exe
2011-11-29 17:45 . 2008-04-14 07:51 20540 -c--a-w- c:\windows\system32\dllcache\author.dll
2011-11-29 17:45 . 2008-04-14 07:51 43520 -c--a-w- c:\windows\system32\dllcache\admwprox.dll
2011-11-29 17:45 . 2008-04-14 07:51 290816 -c--a-w- c:\windows\system32\dllcache\adsiis51.dll
2011-11-29 17:45 . 2008-04-14 07:52 16439 -c--a-w- c:\windows\system32\dllcache\admin.exe
2011-11-29 17:45 . 2008-04-14 07:51 20540 -c--a-w- c:\windows\system32\dllcache\admin.dll
2011-11-29 17:19 . 2011-11-29 17:19 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-29 17:19 . 2011-11-29 17:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Hitman Pro
2011-11-29 16:55 . 2011-11-29 16:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-11-29 16:16 . 2011-12-03 18:21 -------- d-----w- c:\program files\Perfect Uninstaller
2011-11-27 16:38 . 2008-10-16 21:35 138368 ----a-w- c:\windows\system32\drivers\afd1.sys
2011-11-27 15:53 . 2011-11-27 15:53 -------- d-----w- c:\program files\DLLSuite
2011-11-27 13:49 . 2011-11-27 13:49 388096 ----a-r- c:\documents and settings\Jarda\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-27 13:49 . 2011-12-01 16:43 -------- d-----w- c:\program files\Trend Micro
2011-11-27 10:55 . 2011-11-29 17:31 -------- d-----w- c:\program files\Hit Malware
2011-11-27 10:18 . 2011-11-27 14:30 -------- d-----w- c:\program files\SpyDig
2011-11-26 16:47 . 2011-11-26 16:47 -------- d---a-w- C:\.Trash-1000
2011-11-26 14:45 . 2011-11-26 14:46 -------- d-----w- c:\program files\TeeSupport
2011-11-26 13:07 . 2011-11-26 14:58 -------- d-----w- c:\windows\system32\drivers\backup
2011-11-26 12:41 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 12:41 . 2011-12-02 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 07:49 . 2011-11-27 10:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Autorun Eater
2011-11-26 07:49 . 2011-11-26 07:49 -------- d-----w- c:\program files\Autorun Eater
2011-11-25 21:52 . 2011-11-25 21:52 -------- d-----w- c:\documents and settings\Jarda\Data aplikací\PC Cleaners
2011-11-25 21:51 . 2011-11-25 21:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC1Data
2011-11-25 20:44 . 2011-11-25 21:16 -------- d-----w- C:\ERDNT
2011-11-24 13:26 . 2011-11-24 13:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ErrorEND
2011-11-24 13:18 . 2011-11-24 13:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RegSERVO
2011-11-23 19:28 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2011-11-23 19:28 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-23 14:39 . 2011-11-26 17:34 -------- d-sh--w- c:\documents and settings\Jarda\Local Settings\Data aplikací\7e5ddc10
2011-11-23 14:33 . 2011-11-23 14:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sibelius Software
2011-11-22 21:31 . 2007-05-17 16:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2011-11-22 21:31 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll
2011-11-22 21:20 . 2011-11-22 21:20 -------- d-----w- c:\program files\KillSoft
2011-11-22 15:53 . 2011-11-22 15:53 -------- d-----w- c:\program files\DevEject
2011-11-20 07:12 . 2011-11-20 07:12 -------- d-----w- c:\documents and settings\Jarda\Videos
2011-11-17 16:24 . 2011-11-17 16:25 -------- d-----w- c:\program files\Dooble
2011-11-11 17:26 . 2011-11-22 18:23 -------- d-----w- c:\documents and settings\Jarda\Data aplikací\keepnote
2011-11-11 17:26 . 2011-11-11 17:53 -------- d-----w- c:\program files\KeepNote
2011-11-11 17:24 . 2011-11-11 17:28 -------- d-----w- c:\documents and settings\Jarda\Data aplikací\TreeDBNotes 4
2011-11-08 19:49 . 2011-11-08 19:49 -------- d-----w- c:\documents and settings\Jarda\Data aplikací\.t4k_common
2011-11-08 19:43 . 2011-11-08 19:44 -------- d-----w- c:\documents and settings\Jarda\Data aplikací\klavaro
2011-11-08 19:42 . 2011-11-08 19:42 -------- d-----w- c:\program files\Klavaro-1.9.0
2011-11-08 19:38 . 2011-11-08 19:38 -------- d-----w- c:\program files\UPSANI
2011-11-08 19:30 . 2011-11-08 19:30 -------- d-----w- c:\documents and settings\Jarda\Data aplikací\RapidTyping
2011-11-08 19:30 . 2011-11-08 19:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RapidTyping
2011-11-08 19:29 . 2011-11-08 19:29 -------- d-----w- c:\program files\RapidTyping
2011-11-08 19:25 . 2011-11-08 19:25 -------- d-----w- c:\documents and settings\Jarda\Data aplikací\USBSafelyRemove
2011-11-08 19:25 . 2011-11-08 19:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\USBSRService
2011-11-08 19:25 . 2011-11-30 19:42 -------- d-----w- c:\program files\USB Safely Remove
2011-11-08 19:12 . 2008-03-29 00:36 499200 ----a-w- c:\documents and settings\Jarda\Data aplikací\Microsoft\Internet Explorer\Quick Launch\USB_Disk_Eject.exe
2011-11-08 18:49 . 2011-11-08 18:56 -------- d-----w- c:\documents and settings\Jarda\Data aplikací\TuxType
2011-11-08 18:48 . 2011-12-03 09:16 -------- d-----w- c:\program files\TuxType
2011-11-08 16:09 . 2011-11-08 16:09 -------- d-----w- C:\tmp
2011-11-08 16:06 . 2009-02-13 19:02 11520 ----a-r- c:\windows\system32\drivers\wdcsam.sys
2011-11-08 16:05 . 2011-11-08 16:05 -------- d-----w- c:\documents and settings\Jarda\Data aplikací\Foxit Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-02 18:13 . 2010-08-29 10:43 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-02 18:13 . 2010-08-29 10:43 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-29 16:54 . 2010-01-29 19:35 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2011-11-25 21:38 . 2010-03-15 14:56 5359888 ----a-w- c:\windows\uninst.exe
2011-11-13 12:46 . 2010-01-16 16:33 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-10-31 23:42 . 2011-10-31 23:42 11632 ----a-w- c:\windows\system32\drivers\VDD\apvdd.dll
2011-10-31 23:42 . 2011-10-31 23:42 42864 ----a-w- c:\windows\system32\sbbd.exe
2011-10-25 13:41 . 2011-10-02 05:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2010-01-15 21:56 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-09 10:03 . 2011-10-09 10:03 9745278 ----a-w- c:\windows\REGBK00.ZIP
2011-10-09 09:44 . 2011-10-09 09:44 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-10-09 09:44 . 2011-10-09 09:44 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-10-09 09:44 . 2011-10-09 09:44 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-10-03 10:07 . 2011-10-12 15:37 23376 ----a-w- c:\windows\system32\dopdfmn7.dll
2011-10-03 10:07 . 2011-10-12 15:37 20816 ----a-w- c:\windows\system32\dopdfmi7.dll
2011-10-03 03:06 . 2010-11-02 18:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2010-11-02 18:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-29 13:46 . 2011-09-29 13:46 90784 ----a-w- c:\windows\system32\EasyHook32.dll
2011-09-29 13:46 . 2011-09-29 13:46 109216 ----a-w- c:\windows\system32\EasyHook64.dll
2011-09-28 07:06 . 2001-10-25 11:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2007-10-09 12:03 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 11:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-21 14:59 . 2011-09-21 14:59 26112 ----a-r- c:\windows\LgUninst.exe
2011-09-06 14:10 . 2001-10-25 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 11:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-03-21 13:29 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2010-03-21 13:29 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
2011-06-28 15:41 498840 ----a-w- c:\program files\SearchPredict\SearchPredict.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}]
2011-11-20 07:11 2660016 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2011-06-24 17:37 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2011-06-24 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NiceCopier"="c:\program files\NiceCopier/NiceCopier.exe" [2011-09-25 11402752]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2010-04-28 3727411]
"Handy Start Menu"="c:\documents and settings\Jarda\Local Settings\Data aplikací\ChemTable Software\Handy Start Menu\HandyStartMenu.exe" [2011-11-24 2914560]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Speedfan"="c:\program files\SpeedFan\speedfan.exe" [2011-07-13 4615064]
"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2011-08-04 1839448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2008-03-19 270336]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-10-28 237693]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi Go\Console Launcher\CTAPR2.exe" [2008-08-07 61546]
"Creative KSRun Persistence Module"="KSRun.dll" [2009-05-13 23552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"Panda Security URL Filtering"="c:\documents and settings\All Users\Data aplikací\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2011-06-29 217256]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2010-03-21 24064]
.
c:\documents and settings\Jarda\Nabídka Start\Programy\Po spuštění\AutorunsDisabled
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-3-3 547840]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jarda^Nabídka Start^Programy^Po spuštění^SpeedFan.lnk]
backup=c:\windows\pss\SpeedFan.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
2006-10-06 06:17 53248 ----a-w- c:\windows\CTRegRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BlazeServoTool"="c:\program files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LIVE TV\\LiveTV.exe"=
"c:\\Program Files\\Megacubo\\megacubo.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Steinberg\\WaveLab 6.1\\WaveLab-app.exe"=
"c:\\Program Files\\Cakewalk\\Shared Utilities\\VstScan.exe"=
"c:\\Program Files\\Maxthon3\\Modules\\MxMiniThunder\\ThunderMini.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Daum\\PotPlayer\\PotPlayerMini.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8.8.2011 16:47 218592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [31.8.2011 17:44 14776]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [17.1.2010 9:47 11264]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [29.11.2011 20:17 239168]
R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [11.3.2010 15:47 9600]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [28.4.2011 13:57 129992]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 22:55 67664]
R1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [10.11.2006 14:08 24064]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 0:38 116608]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [28.4.2011 13:58 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [5.7.2011 12:12 143752]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [28.4.2011 13:57 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [28.4.2011 13:57 111688]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [28.4.2011 13:57 112456]
R2 RVIEGVST;VSC VST Engine;c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [22.4.2011 20:40 188276]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [30.7.2008 8:44 772992]
R3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [17.7.2008 9:25 1830912]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [16.1.2010 3:55 22328]
S2 BootlogService;BootlogService;c:\program files\Greatis\BootLog XP\BootLogService.exe [7.8.2011 10:09 65248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.10.2011 10:44 136176]
S2 ttscp;Text-to-Speech system Epos;c:\program files\Epos\epos-2.4.85\src\epos.exe --> c:\program files\Epos\epos-2.4.85\src\epos.exe [?]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [29.11.2011 21:36 257880]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16.1.2010 4:03 1684736]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [11.4.2010 9:29 16512]
S3 azvusb;Virtual USB Hub;c:\windows\system32\drivers\azvusb.sys [24.8.2009 8:14 44544]
S3 CardBusService;CardBusService; [x]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [29.8.2010 11:41 79360]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21.5.2008 12:42 64000]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15.10.2011 10:44 136176]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [16.1.2010 16:37 13824]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [11.4.2010 10:50 3768]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [5.4.2011 13:53 25912]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [5.4.2011 13:53 7680]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [30.11.2011 17:46 111872]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [8.11.2011 17:06 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S4 AODDriver;AODDriver; [x]
S4 esihdrv;esihdrv; [x]
S4 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 7:11 12160]
S4 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 7:11 10496]
S4 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [12.9.2010 17:29 47616]
S4 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 7:11 12928]
S4 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [30.9.2010 13:01 196912]
S4 RushTopDevice_J;RushTopDevice_J; [x]
S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm [?]
S4 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [16.7.2010 19:15 87824]
S4 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [16.7.2010 19:15 85696]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-05 c:\windows\Tasks\Game_Booster_Startup.job
- c:\program files\IObit\Game Booster\gbtray.exe [2011-01-18 15:20]
.
2011-12-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-24 12:08]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-15 09:44]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-15 09:44]
.
2011-09-27 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2010-08-29 10:17]
.
2011-12-03 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
.
2011-10-18 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
.
2011-12-04 c:\windows\Tasks\SBWUpdateTask_Logon_41a5bc6-40618658C964.job
- c:\program files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2011-09-29 07:12]
.
2011-12-04 c:\windows\Tasks\SBWUpdateTask_Time_41a5bc6-40618658C964.job
- c:\program files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2011-09-29 07:12]
.
2011-08-05 c:\windows\Tasks\twelvekeysShakeIcon.job
- c:\program files\NCH Swift Sound\TwelveKeys\twelvekeys.exe [2010-08-29 10:17]
.
2011-12-04 c:\windows\Tasks\User_Feed_Synchronization-{A9E2FD18-65CD-43A3-8E65-50DF745CACDD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.speedbit.com/?aff=205
uDefault_Search_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Přečti to! - c:\windows\Speech\gbs\Precti_to.htm
IE: Přizpůsobit Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF Nástrojová lišta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: Translate this web page with Babylon
IE: Translate with Babylon
IE: Uložit formuláře - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Vyplnit formulář - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
TCP: DhcpNameServer = 192.168.1.254
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
SafeBoot-SBPIMSvc
SafeBoot-SolutoService
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-04 12:31
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1390067357-1960408961-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2843CB9F-051A-E020-FE74-D51E48108B31}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1390067357-1960408961-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{581A8BEB-EB6D-0E15-29F0-AC4A721FB5BB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abljjgblohdpmmjleckhbpkidonjapjmgb"=hex:70,61,62,6e,70,67,69,69,65,6e,6b,6a,
62,65,65,61,6d,6f,66,6b,69,6a,68,62,70,69,6a,6a,6a,68,6d,70,00,00
"mamjeihondjfobkhicbhgoomkj"=hex:6f,61,6c,6c,70,70,6e,62,6f,64,65,63,6c,6d,68,
6f,65,6f,66,6f,62,68,61,6f,68,6a,61,68,6e,64,00,70
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{38D5552A-7E5B-33DE-18B0-49263FB54E47}\InProcServer32*]
"jacjmhdbbpccpaffmocj"=hex:69,61,6e,6d,64,63,66,63,66,67,64,65,62,64,67,68,65,
64,00,00
"iacjcinhlaoodjkbdd"=hex:69,61,6e,6d,64,63,66,63,66,67,64,65,62,64,67,68,65,64,
00,00
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"="kmo"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1688)
c:\documents and settings\All Users\Data aplikací\Panda Security URL Filtering\panda_url_filtering.dll
c:\windows\system32\Amhooker.dll
c:\documents and settings\Jarda\Local Settings\Data aplikací\ChemTable Software\Handy Start Menu\StartMenuHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\RTHDCPL.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\Jarda\Local Settings\Data aplikací\ChemTable Software\Handy Start Menu\StartMenuService.exe
.
**************************************************************************
.
Celkový čas: 2011-12-04 12:38:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-04 11:38
.
Před spuštěním: Volných bajtů: 34 543 308 800
Po spuštění: Volných bajtů: 34 976 313 344
.
- - End Of File - - D56AE0A37F0330D2C95DE3973DE2A11A

Ještě ten obrázek ze správy disků, byl moc velký tak jsem ho musel zmenšit ale na úkor kvality, snad to bude čitelné

Tak jsem ten obrázek zabalil a posílám v plné velikosti

To snad ani není možný, po téměř roce snažení o opravu Safe Modu to konečně fachá. Moc moc díky za tip.
SafeBootKeyRepair bylo to správný ořechový. Ještě jednou superdík!

Výsledek virusTotal:
Antivirus Version Last Update Result
AhnLab-V3 2011.12.03.00 2011.12.03 -
AntiVir 7.11.18.204 2011.12.02 -
Antiy-AVL 2.0.3.7 2011.12.04 -
Avast 6.0.1289.0 2011.12.04 -
AVG 10.0.0.1190 2011.12.04 -
BitDefender 7.2 2011.12.04 -
ByteHero 1.0.0.1 2011.11.29 -
CAT-QuickHeal 12.00 2011.12.04 -
ClamAV 0.97.3.0 2011.12.04 -
Commtouch 5.3.2.6 2011.12.03 -
Comodo 10835 2011.12.04 -
DrWeb 5.0.2.03300 2011.12.04 -
Emsisoft 5.1.0.11 2011.12.04 -
eSafe 7.0.17.0 2011.12.01 -
eTrust-Vet 37.0.9600 2011.12.02 -
F-Prot 4.6.5.141 2011.11.29 -
F-Secure 9.0.16440.0 2011.12.04 -
Fortinet 4.3.388.0 2011.12.04 -
GData 22 2011.12.04 -
Ikarus T3.1.1.109.0 2011.12.04 -
Jiangmin 13.0.900 2011.12.03 -
K7AntiVirus 9.119.5589 2011.12.03 -
Kaspersky 9.0.0.837 2011.12.04 -
McAfee 5.400.0.1158 2011.12.04 -
McAfee-GW-Edition 2010.1D 2011.12.04 -
Microsoft 1.7903 2011.12.04 -
NOD32 6681 2011.12.04 -
Norman 6.07.13 2011.12.04 -
nProtect 2011-12-04.01 2011.12.04 -
Panda 10.0.3.5 2011.12.04 -
PCTools 8.0.0.5 2011.12.04 -
Prevx 3.0 2011.12.04 -
Rising 23.86.04.02 2011.12.02 -
Sophos 4.71.0 2011.12.04 -
SUPERAntiSpyware 4.40.0.1006 2011.12.03 -
Symantec 20111.2.0.82 2011.12.04 -
TheHacker 6.7.0.1.352 2011.12.01 -
TrendMicro 9.500.0.1008 2011.12.04 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.04 -
VBA32 3.12.16.4 2011.12.03 -
VIPRE 11201 2011.12.04 -
ViRobot 2011.12.3.4807 2011.12.04 -
VirusBuster 14.1.98.0 2011.12.03 -
Additional informationShow all
MD5 : c3a2915c71ae6f225eb906c25ccd29b5
SHA1 : 1cf5830c4870e9c898ca2405a9bffd3e262951c8
SHA256: e70818d0dc35a6aaf26c2d48a74f98509f9d0c53cfa1ab604cf47532f044010f

Služba CryptSvc spuštěna automaticky.

Rudý chmer stále běží!

Otázka na ChemTable Software - je to náhrada za Start, všechny programy. Uspořádá všechny instalované programy do skupin dle charakteru a tím je to menu daleko přehlednější viz Handy Start Menu na stahuj.cz.

Přes zavádějící název firmy to opravdu nemá s chemií nic společnýho ale jeden ze antimalware programů mi ho vypíná ale on se přesto zase zapne. Tak nevím.

Ale kecám, letmý pohled na jejich nabídku říká, že má s chemií společnou periodickou tabulku prvků kromě jiného.
A tak teď už je to uvedeno na správnou míru.

takže gmer doběhl a pak už jsem se nedostal do internetu, pro restartu to opět vše chodí takže tady je ten log ze gmeru.

Je moc velký na vložení takže ho přikládám.
Hezké počteníčko!!

tak ještě jednou!

Nechce mi odeslat soubor tak ho vložím na dvě části:

část 1:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-04 19:47:15
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD322HJ rev.1AC01118
Running: gmer.exe; Driver: C:\DOCUME~1\Jarda\LOCALS~1\Temp\pxtdqpob.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF71AD112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF718C2D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF718C4C8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF71AD900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF71ADBB4]
SSDT sptd.sys ZwEnumerateKey [0xF72E7698]
SSDT sptd.sys ZwEnumerateValueKey [0xF72E7A26]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF71ABE12]
SSDT sptd.sys ZwQueryKey [0xF72E7AFE]
SSDT sptd.sys ZwQueryValueKey [0xF72E797E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF71AE020]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF71AD3D2]
SSDT \SystemRoot\system32\DRIVERS\PSINProc.sys (PSINProc Filter Driver for XP32/Panda Security, S.L.) ZwTerminateProcess [0xAAA50416]

INT 0x62 ? 8B63CCB8
INT 0x73 ? 8B63CCB8
INT 0x82 ? 8B63CCB8
INT 0x83 ? 8B28BCB8
INT 0x83 ? 8B28BCB8
INT 0x83 ? 8B28BCB8
INT 0xA4 ? 8B28BCB8
INT 0xB1 ? 8B24ECB8
INT 0xB1 ? 8B24ECB8
INT 0xB4 ? 8B28BCB8
INT 0xB4 ? 8B28BCB8
INT 0xB4 ? 8B28BCB8

---- Kernel code sections - GMER 1.0.15 ----

.text sptd.sys F7277000 28 Bytes [30, 78, 6E, 80, A6, CB, 6E, ...]
.text sptd.sys F727701D 3 Bytes [79, 6E, 80]
.text sptd.sys F7277024 120 Bytes [D8, 52, 53, 80, 68, B9, 54, ...]
.text sptd.sys F727709D 124 Bytes [97, 53, 80, A0, 98, 53, 80, ...]
.text sptd.sys F727711A 178 Bytes [4F, 80, 82, F8, 4E, 80, 3E, ...]
.text ...
.sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xF73231AA]
? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF2431000, 0x273B67, 0xE8000020]
.text USBPORT.SYS!DllUnload F23A28AC 5 Bytes JMP 8B28B1C8
.text avzb58ce.SYS F2353306 50 Bytes [00, 00, 00, 30, 03, 00, F0, ...]
.text avzb58ce.SYS F2353339 23 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text avzb58ce.SYS F2353351 87 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text avzb58ce.SYS F23533A9 10 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text avzb58ce.SYS F23533B4 34 Bytes [40, 00, 00, C8, 50, 41, 47, ...]
.text ...
PAGE aod6v404.SYS F22F9800 32 Bytes [03, 57, 8B, 7D, 08, 89, 75, ...]
PAGE aod6v404.SYS F22F9822 7 Bytes [00, 85, C0, 0F, 84, F6, 03]
PAGE aod6v404.SYS F22F982A 15 Bytes [00, 80, FA, AD, 75, 0A, 80, ...]
PAGE aod6v404.SYS F22F983A 98 Bytes [80, FA, A3, 75, 12, 8A, 53, ...]
PAGE aod6v404.SYS F22F989D 87 Bytes [00, EB, 04, 83, 65, F4, 00, ...]
PAGE ...
init C:\WINDOWS\system32\drivers\ksaudfl.sys entry point in "init" section [0xAD78A630]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[944] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2328] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2556] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2728] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3456] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3784] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]