Trvá mi to dlouho, protože mi na PC nejde stále internet a musím přenášet logy na flashkách na notebook, kde mi internet jde.
All processes killed
========== OTL ==========
Service Moliuustp stopped successfully!
Service Moliuustp deleted successfully!
Registry value HKEY_USERS\S-1-5-21-117609710-2111687655-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-117609710-2111687655-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll moved successfully.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "http://slirsredirect.search.aol.com/sli ... ie7&query=" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://eu.ask.com?o=14672&l=dis" removed from browser.startup.homepage
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: "http://search.icq.com/search/afe_result ... r=1.1.9&q=" removed from keyword.URL
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\defaults folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\skin folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\locale\zh-CN folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\locale\en-US folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\locale folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\content folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} folder moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\searchplugins\askcom.xml moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\searchplugins\icqplugin.xml moved successfully.
C:\Documents and Settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\searchplugins\winampsearch.xml moved successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
File C:\Program Files\ICQToolbar\toolbaru.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.
C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQToolbar\toolbaru.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-117609710-2111687655-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQToolbar\toolbaru.dll not found.
Registry value HKEY_USERS\S-1-5-21-117609710-2111687655-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-117609710-2111687655-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\PCSpeedUp deleted successfully.
C:\Program Files\Zrychleni Pocitace\PCSpeedUp.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\P17Helper deleted successfully.
C:\WINDOWS\system32\P17.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz\*\ deleted successfully.
Invalid CLSID key: *
Registry key HKEY_USERS\S-1-5-21-117609710-2111687655-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz\*\ deleted successfully.
Invalid CLSID key: *
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\000001_.tmp deleted successfully.
C:\WINDOWS\003544_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\Installer\MSI199.tmp deleted successfully.
C:\WINDOWS\Installer\MSI4E.tmp deleted successfully.
C:\WINDOWS\Installer\MSI53.tmp deleted successfully.
C:\WINDOWS\Installer\MSI73.tmp deleted successfully.
C:\WINDOWS\Installer\MSI86.tmp deleted successfully.
C:\WINDOWS\Installer\MSI92.tmp deleted successfully.
C:\WINDOWS\Installer\MSI9F.tmp deleted successfully.
C:\WINDOWS\system32\CONFIG.TMP deleted successfully.
C:\WINDOWS\system32\SET8D.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\4A1.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\CR_EEF34.tmp\SETUP_PATCH.PACKED.7Z deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\CR_EEF34.tmp folder deleted successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp deleted successfully.
C:\Documents and Settings\Pet\Data aplikací\ICQ Toolbar folder moved successfully.
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job moved successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:F8662B30 deleted successfully.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Photo Downloader deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ArcSoft Connection Service deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PCSpeedUp not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr not found.
========== FILES ==========
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk moved successfully.
C:\Program Files\Zrychleni Pocitace folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
C:\Program Files\ICQToolbar\Cache folder moved successfully.
C:\Program Files\ICQToolbar folder moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 34718 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 211038786 bytes
User: New Folder
User: Pet
->Temp folder emptied: 47607469 bytes
->Temporary Internet Files folder emptied: 147858 bytes
->Java cache emptied: 2360671 bytes
->FireFox cache emptied: 41961106 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 806 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 14119 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 152230 bytes
Total Files Cleaned = 289,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: New Folder
User: Pet
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 12082011_220447
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu- pomalejší PC a internet
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu- pomalejší PC a internet
Zkuste aplikovat tohle http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=22 treba se nam net rozchodi
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu- pomalejší PC a internet
Jsem připojený přes WIFI a mám v PC zasunutou WIFI TP-LINK v USB. Teď jsem jí vyndal a znovu zandal a naběhla a internet už funguje. Vypadá to, jako by mi stále nějak podivně fungovaly USB.
Tu aplikaci http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=22 už nemusím spouštět?
Tu aplikaci http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=22 už nemusím spouštět?
Re: Prosím o kontrolu- pomalejší PC a internet
WinSockFix uz tedy spoustet nemusite... Stahnete SPTD http://www.duplexsecure.com/en/downloads
- Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
- Ulozte na plochu a spustte
- Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe
- Ulozte na plochu a spustte
- Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe ale nespoustejte Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
- Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
"%userprofile%\desktop\mbr" -t -s- Kliknete na OK
- Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte
Dejte logy z Gmeru - viz muj podpis"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu- pomalejší PC a internet
Log mbr.txt se mi nepodařilo udělat. Když jsem dal Start- Spustit, objevila se chybová hláška, viz. příloha.
- Přílohy
-
- hlášení.jpg (257.31 KiB) Zobrazeno 1210 x
Re: Prosím o kontrolu- pomalejší PC a internet
Proc ja vul i myslel ze mate W7 a dal dektop misto plocha 
Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
- Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t -s- Kliknete na OK
- Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte
Pak udelejte gmera"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu- pomalejší PC a internet
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JB-00REA0 rev.20.00K20 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x83B447D8]<<
_asm { JMP 0x4; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x83F2EAB8]
3 CLASSPNP[0xF786EFD7] -> nt!IofCallDriver[0x804E37C5] -> \Device\00000063[0x83F31178]
5 ACPI[0xF77BE620] -> nt!IofCallDriver[0x804E37C5] -> \Device\Ide\IdeDeviceP0T0L0-4[0x83F30D98]
\Driver\atapi[0x83F64160] -> IRP_MJ_CREATE -> 0x83B447D8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi -> 0x83b447d8
user & kernel MBR OK
Warning: possible MBR rootkit infection !
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-09 14:04:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD2500JB-00REA0 rev.20.00K20
Running: gmer.exe; Driver: C:\DOCUME~1\Pet\LOCALS~1\Temp\kfrcqfow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF50F1BDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF50F1A45]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF51467A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 83B447D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 83B447D8
Device \Driver\atapi \Device\Ide\IdePort1 83B447D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 83B447D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 83B447D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 83B447D8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Modules - GMER 1.0.15 ----
Module _________ F774A000-F7762000 (98304 bytes)
---- EOF - GMER 1.0.15 ----
Windows 5.1.2600 Disk: WDC_WD2500JB-00REA0 rev.20.00K20 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x83B447D8]<<
_asm { JMP 0x4; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x83F2EAB8]
3 CLASSPNP[0xF786EFD7] -> nt!IofCallDriver[0x804E37C5] -> \Device\00000063[0x83F31178]
5 ACPI[0xF77BE620] -> nt!IofCallDriver[0x804E37C5] -> \Device\Ide\IdeDeviceP0T0L0-4[0x83F30D98]
\Driver\atapi[0x83F64160] -> IRP_MJ_CREATE -> 0x83B447D8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi -> 0x83b447d8
user & kernel MBR OK
Warning: possible MBR rootkit infection !
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-09 14:04:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD2500JB-00REA0 rev.20.00K20
Running: gmer.exe; Driver: C:\DOCUME~1\Pet\LOCALS~1\Temp\kfrcqfow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF50F1BDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF50F1A45]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF51467A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 83B447D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 83B447D8
Device \Driver\atapi \Device\Ide\IdePort1 83B447D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 83B447D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 83B447D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 83B447D8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Modules - GMER 1.0.15 ----
Module _________ F774A000-F7762000 (98304 bytes)
---- EOF - GMER 1.0.15 ----
Re: Prosím o kontrolu- pomalejší PC a internet
Tady je druhý scan z GMERu. Musím to vložit na dvě části.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-09 14:20:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD2500JB-00REA0 rev.20.00K20
Running: gmer.exe; Driver: C:\DOCUME~1\Pet\LOCALS~1\Temp\kfrcqfow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF50CDFC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF5132510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF50F16A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF50D0456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF50D04AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF50D05C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF50F105D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF50D03AC]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF77E7A20]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF50D04FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF50D0400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF50D0572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF50CDFE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF50F1D6F]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF50F2025]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF50D0848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF50F1BDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF50F1A45]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF51325C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF50CDDB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF50CE00C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF50D09BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF50CEAA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF50D0486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF50D04D6]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwOpenFile [0xF77E7A60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF50D05EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF50F13B9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF50D03D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF50D0680]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF50D053E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF50D042E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF50D0764]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF50D059C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF5132658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF50F18C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF50CE96A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF50F1712]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF513A9E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF50F06D0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF50CE030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF50CE054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF50CDE0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF50CDF48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF50F1E76]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF50CDF24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF50CDF6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF50CE078]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF51467A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + F1 804E274D 3 Bytes [10, 0F, F5] {ADC [EDI], CL; CMC }
.text ntoskrnl.exe!_abnormal_termination + 140 804E279C 4 Bytes CALL 8C433480
.text ntoskrnl.exe!_abnormal_termination + 214 804E2870 16 Bytes [86, 04, 0D, F5, D6, 04, 0D, ...]
.text ntoskrnl.exe!_abnormal_termination + 2D8 804E2934 4 Bytes [6A, E9, 0C, F5] {PUSH -0x17; OR AL, 0xf5}
PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP F514515C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056B712 4 Bytes CALL F50CF00F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC60 7 Bytes JMP F51467A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F84D 5 Bytes JMP F514369C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF67E6360, 0x204DFD, 0xE8000020]
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E743 5 Bytes JMP F50D0AD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 7657 BF82868B 5 Bytes JMP F50D0B9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + D9AB BF845873 5 Bytes JMP F50D0C0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 2F20 BF8527E0 5 Bytes JMP F50D0ABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 413A BF890AD9 5 Bytes JMP F50D0F76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4B52 BF8B3770 5 Bytes JMP F50D0DE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4BDD BF8B37FB 5 Bytes JMP F50D0FBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP F50D0CA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8ED991 5 Bytes JMP F50D09F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + D4C6 BF8F9489 5 Bytes JMP F50D0D14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + D746 BF8F9709 5 Bytes JMP F50D0D4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1994 BF912612 5 Bytes JMP F50D0B56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2568 BF9131E6 5 Bytes JMP F50D0C6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F29 BF915BA7 5 Bytes JMP F50D10D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\DOCUME~1\Pet\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !
.text ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes [E9, 50, 9E, 83, 83] {JMP 0xffffffff83839e55}
.text ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes [E9, 8C, 90, 83, 83] {JMP 0xffffffff83839091}
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Opera\Opera.exe[152] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Opera\Opera.exe[152] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Opera\Opera.exe[152] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Opera\Opera.exe[152] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Opera\Opera.exe[152] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\Opera\Opera.exe[152] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Opera\Opera.exe[152] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\Opera\Opera.exe[152] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Opera\Opera.exe[152] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Opera\Opera.exe[152] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003F1014
.text C:\Program Files\Opera\Opera.exe[152] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003F0804
.text C:\Program Files\Opera\Opera.exe[152] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003F0A08
.text C:\Program Files\Opera\Opera.exe[152] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003F0C0C
.text C:\Program Files\Opera\Opera.exe[152] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003F0E10
.text C:\Program Files\Opera\Opera.exe[152] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003F01F8
.text C:\Program Files\Opera\Opera.exe[152] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003F03FC
.text C:\Program Files\Opera\Opera.exe[152] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003F0600
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000801F8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000803FC
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00311014
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00310804
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310A08
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00310C0C
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310E10
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003101F8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003103FC
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00310600
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003D1014
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003D0804
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003D0A08
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003D0C0C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003D0E10
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003D01F8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003D03FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\wdfmgr.exe[444] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\wdfmgr.exe[444] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[444] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\wdfmgr.exe[444] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[444] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\wdfmgr.exe[444] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\wdfmgr.exe[444] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\wdfmgr.exe[444] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\wdfmgr.exe[444] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\wdfmgr.exe[444] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\wdfmgr.exe[444] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\wdfmgr.exe[444] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\wdfmgr.exe[444] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\wdfmgr.exe[444] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\wdfmgr.exe[444] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\wdfmgr.exe[444] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\wdfmgr.exe[444] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 002401F8
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 002403FC
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00650804
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00650A08
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00650600
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 006501F8
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 006503FC
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00661014
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00660804
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00660A08
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00660C0C
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00660E10
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 006601F8
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 006603FC
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00660600
.text C:\WINDOWS\System32\smss.exe[720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[768] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[768] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\services.exe[836] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[836] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\lsass.exe[848] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[848] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[848] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[848] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003C1014
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003C0804
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003C0A08
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003C0C0C
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003C0E10
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003C01F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003C03FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003C0600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\spoolsv.exe[1212] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1212] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1212] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1212] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1212] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\spoolsv.exe[1212] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[1212] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[1212] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\spoolsv.exe[1212] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\spoolsv.exe[1212] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[1212] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[1212] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\spoolsv.exe[1212] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\spoolsv.exe[1212] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\spoolsv.exe[1212] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\spoolsv.exe[1212] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\spoolsv.exe[1212] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\alg.exe[1448] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[1448] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1448] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[1448] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1448] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\alg.exe[1448] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\alg.exe[1448] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\alg.exe[1448] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\alg.exe[1448] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\alg.exe[1448] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00311014
.text C:\WINDOWS\System32\alg.exe[1448] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\alg.exe[1448] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\alg.exe[1448] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00310C0C
.text C:\WINDOWS\System32\alg.exe[1448] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310E10
.text C:\WINDOWS\System32\alg.exe[1448] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\alg.exe[1448] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\alg.exe[1448] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-09 14:20:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD2500JB-00REA0 rev.20.00K20
Running: gmer.exe; Driver: C:\DOCUME~1\Pet\LOCALS~1\Temp\kfrcqfow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF50CDFC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF5132510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF50F16A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF50D0456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF50D04AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF50D05C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF50F105D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF50D03AC]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF77E7A20]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF50D04FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF50D0400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF50D0572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF50CDFE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF50F1D6F]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF50F2025]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF50D0848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF50F1BDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF50F1A45]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF51325C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF50CDDB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF50CE00C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF50D09BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF50CEAA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF50D0486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF50D04D6]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwOpenFile [0xF77E7A60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF50D05EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF50F13B9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF50D03D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF50D0680]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF50D053E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF50D042E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF50D0764]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF50D059C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF5132658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF50F18C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF50CE96A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF50F1712]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF513A9E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF50F06D0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF50CE030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF50CE054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF50CDE0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF50CDF48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF50F1E76]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF50CDF24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF50CDF6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF50CE078]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF51467A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + F1 804E274D 3 Bytes [10, 0F, F5] {ADC [EDI], CL; CMC }
.text ntoskrnl.exe!_abnormal_termination + 140 804E279C 4 Bytes CALL 8C433480
.text ntoskrnl.exe!_abnormal_termination + 214 804E2870 16 Bytes [86, 04, 0D, F5, D6, 04, 0D, ...]
.text ntoskrnl.exe!_abnormal_termination + 2D8 804E2934 4 Bytes [6A, E9, 0C, F5] {PUSH -0x17; OR AL, 0xf5}
PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP F514515C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056B712 4 Bytes CALL F50CF00F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC60 7 Bytes JMP F51467A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F84D 5 Bytes JMP F514369C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF67E6360, 0x204DFD, 0xE8000020]
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E743 5 Bytes JMP F50D0AD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 7657 BF82868B 5 Bytes JMP F50D0B9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + D9AB BF845873 5 Bytes JMP F50D0C0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 2F20 BF8527E0 5 Bytes JMP F50D0ABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 413A BF890AD9 5 Bytes JMP F50D0F76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4B52 BF8B3770 5 Bytes JMP F50D0DE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4BDD BF8B37FB 5 Bytes JMP F50D0FBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP F50D0CA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8ED991 5 Bytes JMP F50D09F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + D4C6 BF8F9489 5 Bytes JMP F50D0D14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + D746 BF8F9709 5 Bytes JMP F50D0D4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1994 BF912612 5 Bytes JMP F50D0B56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2568 BF9131E6 5 Bytes JMP F50D0C6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F29 BF915BA7 5 Bytes JMP F50D10D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\DOCUME~1\Pet\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !
.text ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes [E9, 50, 9E, 83, 83] {JMP 0xffffffff83839e55}
.text ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes [E9, 8C, 90, 83, 83] {JMP 0xffffffff83839091}
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Opera\Opera.exe[152] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Opera\Opera.exe[152] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Opera\Opera.exe[152] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Opera\Opera.exe[152] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Opera\Opera.exe[152] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\Opera\Opera.exe[152] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Opera\Opera.exe[152] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\Opera\Opera.exe[152] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Opera\Opera.exe[152] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Opera\Opera.exe[152] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003F1014
.text C:\Program Files\Opera\Opera.exe[152] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003F0804
.text C:\Program Files\Opera\Opera.exe[152] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003F0A08
.text C:\Program Files\Opera\Opera.exe[152] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003F0C0C
.text C:\Program Files\Opera\Opera.exe[152] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003F0E10
.text C:\Program Files\Opera\Opera.exe[152] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003F01F8
.text C:\Program Files\Opera\Opera.exe[152] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003F03FC
.text C:\Program Files\Opera\Opera.exe[152] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003F0600
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000801F8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000803FC
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00311014
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00310804
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310A08
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00310C0C
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310E10
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003101F8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003103FC
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00310600
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[232] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003D1014
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003D0804
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003D0A08
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003D0C0C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003D0E10
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003D01F8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003D03FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[428] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\wdfmgr.exe[444] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\wdfmgr.exe[444] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[444] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\wdfmgr.exe[444] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[444] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\wdfmgr.exe[444] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\wdfmgr.exe[444] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\wdfmgr.exe[444] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\wdfmgr.exe[444] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\wdfmgr.exe[444] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\wdfmgr.exe[444] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\wdfmgr.exe[444] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\wdfmgr.exe[444] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\wdfmgr.exe[444] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\wdfmgr.exe[444] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\wdfmgr.exe[444] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\wdfmgr.exe[444] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 002401F8
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 002403FC
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00650804
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00650A08
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00650600
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 006501F8
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 006503FC
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00661014
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00660804
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00660A08
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00660C0C
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00660E10
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 006601F8
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 006603FC
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe[624] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00660600
.text C:\WINDOWS\System32\smss.exe[720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[768] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[768] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\services.exe[836] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[836] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\lsass.exe[848] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[848] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[848] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[848] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003C1014
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003C0804
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003C0A08
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003C0C0C
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003C0E10
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003C01F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003C03FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003C0600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[852] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\spoolsv.exe[1212] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1212] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1212] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1212] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1212] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\spoolsv.exe[1212] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[1212] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[1212] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\spoolsv.exe[1212] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\spoolsv.exe[1212] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[1212] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[1212] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\spoolsv.exe[1212] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\spoolsv.exe[1212] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\spoolsv.exe[1212] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\spoolsv.exe[1212] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\spoolsv.exe[1212] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\alg.exe[1448] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[1448] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1448] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[1448] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1448] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\alg.exe[1448] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\alg.exe[1448] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\alg.exe[1448] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\alg.exe[1448] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\alg.exe[1448] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00311014
.text C:\WINDOWS\System32\alg.exe[1448] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\alg.exe[1448] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\alg.exe[1448] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00310C0C
.text C:\WINDOWS\System32\alg.exe[1448] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310E10
.text C:\WINDOWS\System32\alg.exe[1448] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\alg.exe[1448] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\alg.exe[1448] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1508] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
Re: Prosím o kontrolu- pomalejší PC a internet
A tady je zbytek.
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00621014
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00620804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00620A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00620C0C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00620E10
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 006201F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 006203FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00620600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00630804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00630A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00630600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 006301F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 006303FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1648] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1648] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1648] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\nvsvc32.exe[1812] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1812] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\nvsvc32.exe[1812] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\nvsvc32.exe[1812] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\nvsvc32.exe[1812] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\nvsvc32.exe[1812] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 009C1014
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 009C0804
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 009C0A08
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 009C0C0C
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 009C0E10
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 009C01F8
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 009C03FC
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 009C0600
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC
.text C:\WINDOWS\system32\wscntfy.exe[2828] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wscntfy.exe[2828] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2828] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wscntfy.exe[2828] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2828] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\wscntfy.exe[2828] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\wscntfy.exe[2828] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\wscntfy.exe[2828] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\wscntfy.exe[2828] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\wscntfy.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00331014
.text C:\WINDOWS\system32\wscntfy.exe[2828] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00330804
.text C:\WINDOWS\system32\wscntfy.exe[2828] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00330A08
.text C:\WINDOWS\system32\wscntfy.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 3 Bytes JMP 00330C0C
.text C:\WINDOWS\system32\wscntfy.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A + 4 77E270DD 1 Byte [88]
.text C:\WINDOWS\system32\wscntfy.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00330E10
.text C:\WINDOWS\system32\wscntfy.exe[2828] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003301F8
.text C:\WINDOWS\system32\wscntfy.exe[2828] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003303FC
.text C:\WINDOWS\system32\wscntfy.exe[2828] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00330600
.text C:\WINDOWS\Explorer.EXE[2892] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[2892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2892] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[2892] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2892] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00381014
.text C:\WINDOWS\Explorer.EXE[2892] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00380804
.text C:\WINDOWS\Explorer.EXE[2892] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00380A08
.text C:\WINDOWS\Explorer.EXE[2892] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00380C0C
.text C:\WINDOWS\Explorer.EXE[2892] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00380E10
.text C:\WINDOWS\Explorer.EXE[2892] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003801F8
.text C:\WINDOWS\Explorer.EXE[2892] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003803FC
.text C:\WINDOWS\Explorer.EXE[2892] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00380600
.text C:\WINDOWS\Explorer.EXE[2892] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\Explorer.EXE[2892] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\Explorer.EXE[2892] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\Explorer.EXE[2892] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\Explorer.EXE[2892] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\Explorer.EXE[2892] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003D1014
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003D0804
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003D0A08
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003D0C0C
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003D0E10
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003D01F8
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003D03FC
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003D0600
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3020] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3020] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003F1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003F0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003F0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003F0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003F0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003F01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003F03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003F0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00450804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00450A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00450600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004503FC
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\ctfmon.exe[3392] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[3392] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3392] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[3392] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3392] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\ctfmon.exe[3392] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\ctfmon.exe[3392] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\ctfmon.exe[3392] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\ctfmon.exe[3392] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\ctfmon.exe[3392] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\ctfmon.exe[3392] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\ctfmon.exe[3392] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\ctfmon.exe[3392] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\ctfmon.exe[3392] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\ctfmon.exe[3392] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\ctfmon.exe[3392] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\ctfmon.exe[3392] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ctfmon.exe[3392] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[836] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002
IAT C:\WINDOWS\system32\services.exe[836] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\Cdrom \Device\CdRom0 83BCBD20
Device \FileSystem\Rdbss \Device\FsWrap 83B95080
Device \Driver\atapi \Device\Ide\IdePort0 83B447D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 83B447D8
Device \Driver\atapi \Device\Ide\IdePort1 83B447D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 83B447D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 83B447D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 83B447D8
Device \Driver\Cdrom \Device\CdRom1 83BCBD20
Device \FileSystem\Srv \Device\LanmanServer 83D3D2F8
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 832F2190
Device \FileSystem\MRxSmb \Device\LanmanRedirector 832F2190
Device \FileSystem\Npfs \Device\NamedPipe 83C1C198
Device \FileSystem\Msfs \Device\Mailslot 83B47030
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 83CA5198
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 83CA5198
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 83CA5198
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 83CA5198
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 83CA5198
Device \FileSystem\Cdfs \Cdfs 83D7C298
---- Modules - GMER 1.0.15 ----
Module _________ F774A000-F7762000 (98304 bytes)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}@DisplayName DAEMON Tools
Reg HKLM\SOFTWARE\Classes\Installer\Products\B3D5AC652003B7E409EF70D1F8FD8341@ProductName DAEMON Tools
---- EOF - GMER 1.0.15 ----
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1560] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00621014
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00620804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00620A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00620C0C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00620E10
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 006201F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 006203FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00620600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00630804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00630A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00630600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 006301F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1596] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 006303FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1648] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1648] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1648] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1684] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC
.text C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe[1728] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\nvsvc32.exe[1812] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1812] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\nvsvc32.exe[1812] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\nvsvc32.exe[1812] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\nvsvc32.exe[1812] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\nvsvc32.exe[1812] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\nvsvc32.exe[1812] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1856] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 009C1014
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 009C0804
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 009C0A08
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 009C0C0C
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 009C0E10
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 009C01F8
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 009C03FC
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 009C0600
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8
.text C:\DOCUME~1\Pet\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2664] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC
.text C:\WINDOWS\system32\wscntfy.exe[2828] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wscntfy.exe[2828] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2828] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wscntfy.exe[2828] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2828] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\wscntfy.exe[2828] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\wscntfy.exe[2828] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\wscntfy.exe[2828] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\wscntfy.exe[2828] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\wscntfy.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00331014
.text C:\WINDOWS\system32\wscntfy.exe[2828] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00330804
.text C:\WINDOWS\system32\wscntfy.exe[2828] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00330A08
.text C:\WINDOWS\system32\wscntfy.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 3 Bytes JMP 00330C0C
.text C:\WINDOWS\system32\wscntfy.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A + 4 77E270DD 1 Byte [88]
.text C:\WINDOWS\system32\wscntfy.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00330E10
.text C:\WINDOWS\system32\wscntfy.exe[2828] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003301F8
.text C:\WINDOWS\system32\wscntfy.exe[2828] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003303FC
.text C:\WINDOWS\system32\wscntfy.exe[2828] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00330600
.text C:\WINDOWS\Explorer.EXE[2892] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[2892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2892] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[2892] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2892] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00381014
.text C:\WINDOWS\Explorer.EXE[2892] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00380804
.text C:\WINDOWS\Explorer.EXE[2892] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00380A08
.text C:\WINDOWS\Explorer.EXE[2892] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00380C0C
.text C:\WINDOWS\Explorer.EXE[2892] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00380E10
.text C:\WINDOWS\Explorer.EXE[2892] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003801F8
.text C:\WINDOWS\Explorer.EXE[2892] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003803FC
.text C:\WINDOWS\Explorer.EXE[2892] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00380600
.text C:\WINDOWS\Explorer.EXE[2892] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\Explorer.EXE[2892] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\Explorer.EXE[2892] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\Explorer.EXE[2892] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\Explorer.EXE[2892] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\Explorer.EXE[2892] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2900] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003D1014
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003D0804
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003D0A08
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003D0C0C
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003D0E10
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003D01F8
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003D03FC
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003D0600
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[3000] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3020] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3020] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe[3032] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003F1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003F0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003F0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003F0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003F0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003F01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003F03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003F0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00450804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00450A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00450600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3072] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004503FC
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[3104] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\ctfmon.exe[3392] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[3392] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3392] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[3392] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3392] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\ctfmon.exe[3392] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\ctfmon.exe[3392] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\ctfmon.exe[3392] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\ctfmon.exe[3392] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\ctfmon.exe[3392] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\ctfmon.exe[3392] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\ctfmon.exe[3392] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\ctfmon.exe[3392] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\ctfmon.exe[3392] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\ctfmon.exe[3392] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\ctfmon.exe[3392] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\ctfmon.exe[3392] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ctfmon.exe[3392] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[836] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002
IAT C:\WINDOWS\system32\services.exe[836] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\Cdrom \Device\CdRom0 83BCBD20
Device \FileSystem\Rdbss \Device\FsWrap 83B95080
Device \Driver\atapi \Device\Ide\IdePort0 83B447D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 83B447D8
Device \Driver\atapi \Device\Ide\IdePort1 83B447D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 83B447D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 83B447D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 83B447D8
Device \Driver\Cdrom \Device\CdRom1 83BCBD20
Device \FileSystem\Srv \Device\LanmanServer 83D3D2F8
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 832F2190
Device \FileSystem\MRxSmb \Device\LanmanRedirector 832F2190
Device \FileSystem\Npfs \Device\NamedPipe 83C1C198
Device \FileSystem\Msfs \Device\Mailslot 83B47030
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 83CA5198
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 83CA5198
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 83CA5198
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 83CA5198
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 83CA5198
Device \FileSystem\Cdfs \Cdfs 83D7C298
---- Modules - GMER 1.0.15 ----
Module _________ F774A000-F7762000 (98304 bytes)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}@DisplayName DAEMON Tools
Reg HKLM\SOFTWARE\Classes\Installer\Products\B3D5AC652003B7E409EF70D1F8FD8341@ProductName DAEMON Tools
---- EOF - GMER 1.0.15 ----
Re: Prosím o kontrolu- pomalejší PC a internet
Predpokladam ze SPTD a Deffoger jste pouzil pred mbr skenem 
Pouzivate ochranu StarForce 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu- pomalejší PC a internet
SPTD a Deffoger jsem udelal jiz vcera vecer. Dnes jsem je znovu pred mbr skenem nedelal. Ochranu StarForce nepouzivam, alespon o tom nevim.
Re: Prosím o kontrolu- pomalejší PC a internet
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu- pomalejší PC a internet
ComboFix 11-12-10.01 - Pet 10.12.2011 11:57:02.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.214 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pet\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Pet\g2mdlhlpx.exe
c:\program files\aaw2008.exe
c:\program files\Codecs6030_allin1.exe
c:\windows\daemon.dll
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\settings.reg
c:\windows\system32\CF26697.exe
c:\windows\WindowsXP-KB835935-SP2-CSY.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-10 do 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-12-08 21:04 . 2011-12-08 21:04 -------- d-----w- C:\_OTL
2011-12-08 19:25 . 2011-12-08 19:34 -------- d-----w- C:\UsbFix
2011-12-08 16:50 . 2011-12-08 16:50 512 ------w- C:\PhysicalMBR.bin
2011-12-08 14:40 . 2011-12-08 14:40 -------- d-----w- c:\program files\trend micro
2011-12-08 14:40 . 2011-12-08 14:41 -------- d-----w- C:\rsit
2011-12-08 14:36 . 2011-12-08 14:36 781383 ----a-w- c:\program files\RSIT.exe
2011-12-03 20:00 . 2006-11-10 14:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2011-12-03 20:00 . 2005-04-27 15:36 245408 ----a-w- c:\windows\system32\unicows.dll
2011-11-11 19:50 . 2011-11-29 06:53 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2010-08-16 17:12 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2008-11-23 17:19 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-06-23 15:39 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2008-11-23 17:19 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2008-11-23 17:19 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2008-11-23 17:19 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2008-11-23 17:19 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2008-11-23 17:19 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2008-11-23 17:19 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2008-11-23 17:19 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-24 10:50 . 2011-07-06 09:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-03 04:06 . 2010-05-02 08:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2008-05-29 20:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-23 15:17 . 2011-07-23 15:17 4195288 ----a-w- c:\program files\GarminMapUpdater_v2.7.10.exe
2011-04-18 15:14 . 2011-04-18 15:14 4157464 ----a-w- c:\program files\GarminMapUpdater_v2.6.7.exe
2011-04-17 19:18 . 2011-04-17 19:18 4157448 ----a-w- c:\program files\GarminMapUpdater_v2.6.6.exe
2011-02-16 09:32 . 2010-10-15 09:37 12443528 ----a-w- c:\program files\aTube_Catcher.exe
2010-09-14 16:45 . 2010-09-14 16:45 3821175 ----a-w- c:\program files\pspad454inst_cz.exe
2010-02-06 11:54 . 2010-02-06 11:52 25012216 ----a-w- c:\program files\moviexone.exe
2009-12-22 07:52 . 2009-10-14 18:05 7771349 ----a-w- c:\program files\aTube_Catcher_Installer.exe
2008-12-24 12:25 . 2009-06-05 10:23 44805700 ----a-w- c:\program files\SystemMechanicPro.exe
2008-07-07 17:04 . 2008-07-07 17:04 19555 ----a-w- c:\program files\T-Cleaner.bat
2008-07-07 14:54 . 2008-07-07 14:54 401720 ----a-w- c:\program files\HijackThis.exe
1996-12-02 17:44 . 1996-12-02 17:44 582144 ----a-w- c:\program files\Common Files\dao350.dll
2011-11-29 06:53 . 2011-11-11 19:50 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[-] 2004-08-03 21:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"nwiz"="nwiz.exe" [2005-11-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"MyGarminAgent"="c:\program files\Garmin\MyGarminAgent\MyGarminAgent.exe" [2010-03-16 337256]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf h:\program files\iolo\System Mechanic Professional 6\\0iolobtdfg c:\windows\system32
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\STRONG DC\\StrongDC.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\JetAudio\\JcServer.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13985:TCP"= 13985:TCP:BitComet 13985 TCP
"13985:UDP"= 13985:UDP:BitComet 13985 UDP
.
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [10.3.2008 23:40 156800]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10.9.2011 17:40 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23.6.2011 16:39 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23.11.2008 18:19 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.11.2008 18:19 20568]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [3.11.2010 16:26 1714176]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 7:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 7:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 7:11 12928]
S1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\DRIVERS\wfcxacap.sys --> c:\windows\system32\DRIVERS\wfcxacap.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.8.2011 14:25 2152152]
S2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys --> c:\windows\system32\drivers\wfcxatun.sys [?]
S2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys --> c:\windows\system32\drivers\wfcxvcap.sys [?]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys --> c:\windows\system32\DRIVERS\gflmouhid.sys [?]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys --> c:\windows\system32\DRIVERS\ewdcsc.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [18.8.2011 14:25 15232]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [5.12.2009 12:28 83496]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys --> c:\windows\system32\drivers\wfcxdtun.sys [?]
S3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys --> c:\windows\system32\drivers\wfcxtcap.sys [?]
S3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys --> c:\windows\system32\drivers\wfcxxbar.sys [?]
S4 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [10.3.2008 23:40 5248]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [12.3.2008 9:46 159616]
S4 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [12.3.2008 9:46 5248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 08:09]
.
.
------- Doplňkový sken -------
.
IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.21\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Nvu - j:\nvu\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-10 12:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = "c:\program files\Creative\MediaSource\Detector\CTDetect.exe" /R??9~0?6~????*?6~??6~?w????8~????m???????????????????h???h???????]?6~??8~????m???????????????????k!?s??6~??6~6?????????>w??????6~?pj???????6~??????>w??6~???????s????W?9~??6~??????6~??>w6??????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Celkový čas: 2011-12-10 12:19:51
ComboFix-quarantined-files.txt 2011-12-10 11:19
.
Před spuštěním: 7 256 559 616
Po spuštění: 7 438 962 688
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - BE7B04909068D3BAB2005965666B78F8
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.214 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pet\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Pet\g2mdlhlpx.exe
c:\program files\aaw2008.exe
c:\program files\Codecs6030_allin1.exe
c:\windows\daemon.dll
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\settings.reg
c:\windows\system32\CF26697.exe
c:\windows\WindowsXP-KB835935-SP2-CSY.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-10 do 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-12-08 21:04 . 2011-12-08 21:04 -------- d-----w- C:\_OTL
2011-12-08 19:25 . 2011-12-08 19:34 -------- d-----w- C:\UsbFix
2011-12-08 16:50 . 2011-12-08 16:50 512 ------w- C:\PhysicalMBR.bin
2011-12-08 14:40 . 2011-12-08 14:40 -------- d-----w- c:\program files\trend micro
2011-12-08 14:40 . 2011-12-08 14:41 -------- d-----w- C:\rsit
2011-12-08 14:36 . 2011-12-08 14:36 781383 ----a-w- c:\program files\RSIT.exe
2011-12-03 20:00 . 2006-11-10 14:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2011-12-03 20:00 . 2005-04-27 15:36 245408 ----a-w- c:\windows\system32\unicows.dll
2011-11-11 19:50 . 2011-11-29 06:53 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2010-08-16 17:12 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2008-11-23 17:19 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-06-23 15:39 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2008-11-23 17:19 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2008-11-23 17:19 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2008-11-23 17:19 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2008-11-23 17:19 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2008-11-23 17:19 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2008-11-23 17:19 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2008-11-23 17:19 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-24 10:50 . 2011-07-06 09:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-03 04:06 . 2010-05-02 08:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2008-05-29 20:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-23 15:17 . 2011-07-23 15:17 4195288 ----a-w- c:\program files\GarminMapUpdater_v2.7.10.exe
2011-04-18 15:14 . 2011-04-18 15:14 4157464 ----a-w- c:\program files\GarminMapUpdater_v2.6.7.exe
2011-04-17 19:18 . 2011-04-17 19:18 4157448 ----a-w- c:\program files\GarminMapUpdater_v2.6.6.exe
2011-02-16 09:32 . 2010-10-15 09:37 12443528 ----a-w- c:\program files\aTube_Catcher.exe
2010-09-14 16:45 . 2010-09-14 16:45 3821175 ----a-w- c:\program files\pspad454inst_cz.exe
2010-02-06 11:54 . 2010-02-06 11:52 25012216 ----a-w- c:\program files\moviexone.exe
2009-12-22 07:52 . 2009-10-14 18:05 7771349 ----a-w- c:\program files\aTube_Catcher_Installer.exe
2008-12-24 12:25 . 2009-06-05 10:23 44805700 ----a-w- c:\program files\SystemMechanicPro.exe
2008-07-07 17:04 . 2008-07-07 17:04 19555 ----a-w- c:\program files\T-Cleaner.bat
2008-07-07 14:54 . 2008-07-07 14:54 401720 ----a-w- c:\program files\HijackThis.exe
1996-12-02 17:44 . 1996-12-02 17:44 582144 ----a-w- c:\program files\Common Files\dao350.dll
2011-11-29 06:53 . 2011-11-11 19:50 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[-] 2004-08-03 21:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"nwiz"="nwiz.exe" [2005-11-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"MyGarminAgent"="c:\program files\Garmin\MyGarminAgent\MyGarminAgent.exe" [2010-03-16 337256]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf h:\program files\iolo\System Mechanic Professional 6\\0iolobtdfg c:\windows\system32
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\STRONG DC\\StrongDC.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\JetAudio\\JcServer.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13985:TCP"= 13985:TCP:BitComet 13985 TCP
"13985:UDP"= 13985:UDP:BitComet 13985 UDP
.
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [10.3.2008 23:40 156800]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10.9.2011 17:40 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23.6.2011 16:39 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23.11.2008 18:19 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.11.2008 18:19 20568]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [3.11.2010 16:26 1714176]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 7:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 7:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 7:11 12928]
S1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\DRIVERS\wfcxacap.sys --> c:\windows\system32\DRIVERS\wfcxacap.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.8.2011 14:25 2152152]
S2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys --> c:\windows\system32\drivers\wfcxatun.sys [?]
S2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys --> c:\windows\system32\drivers\wfcxvcap.sys [?]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys --> c:\windows\system32\DRIVERS\gflmouhid.sys [?]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys --> c:\windows\system32\DRIVERS\ewdcsc.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [18.8.2011 14:25 15232]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [5.12.2009 12:28 83496]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys --> c:\windows\system32\drivers\wfcxdtun.sys [?]
S3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys --> c:\windows\system32\drivers\wfcxtcap.sys [?]
S3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys --> c:\windows\system32\drivers\wfcxxbar.sys [?]
S4 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [10.3.2008 23:40 5248]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [12.3.2008 9:46 159616]
S4 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [12.3.2008 9:46 5248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 08:09]
.
.
------- Doplňkový sken -------
.
IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.21\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Nvu - j:\nvu\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-10 12:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = "c:\program files\Creative\MediaSource\Detector\CTDetect.exe" /R??9~0?6~????*?6~??6~?w????8~????m???????????????????h???h???????]?6~??8~????m???????????????????k!?s??6~??6~6?????????>w??????6~?pj???????6~??????>w??6~???????s????W?9~??6~??????6~??>w6??????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Celkový čas: 2011-12-10 12:19:51
ComboFix-quarantined-files.txt 2011-12-10 11:19
.
Před spuštěním: 7 256 559 616
Po spuštění: 7 438 962 688
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - BE7B04909068D3BAB2005965666B78F8
Re: Prosím o kontrolu- pomalejší PC a internet
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Restore:: c:\windows\system32\drivers\atapi.sys Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=- [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000000 Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu- pomalejší PC a internet
ComboFix 11-12-10.01 - Pet 10.12.2011 12:57:14.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.211 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pet\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pet\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\atapi.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-10 do 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-12-08 21:04 . 2011-12-08 21:04 -------- d-----w- C:\_OTL
2011-12-08 19:25 . 2011-12-08 19:34 -------- d-----w- C:\UsbFix
2011-12-08 16:50 . 2011-12-08 16:50 512 ------w- C:\PhysicalMBR.bin
2011-12-08 14:40 . 2011-12-08 14:40 -------- d-----w- c:\program files\trend micro
2011-12-08 14:40 . 2011-12-08 14:41 -------- d-----w- C:\rsit
2011-12-08 14:36 . 2011-12-08 14:36 781383 ----a-w- c:\program files\RSIT.exe
2011-12-03 20:00 . 2006-11-10 14:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2011-12-03 20:00 . 2005-04-27 15:36 245408 ----a-w- c:\windows\system32\unicows.dll
2011-11-11 19:50 . 2011-11-29 06:53 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2010-08-16 17:12 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2008-11-23 17:19 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-06-23 15:39 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2008-11-23 17:19 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2008-11-23 17:19 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2008-11-23 17:19 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2008-11-23 17:19 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2008-11-23 17:19 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2008-11-23 17:19 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2008-11-23 17:19 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-24 10:50 . 2011-07-06 09:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-03 04:06 . 2010-05-02 08:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2008-05-29 20:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-23 15:17 . 2011-07-23 15:17 4195288 ----a-w- c:\program files\GarminMapUpdater_v2.7.10.exe
2011-04-18 15:14 . 2011-04-18 15:14 4157464 ----a-w- c:\program files\GarminMapUpdater_v2.6.7.exe
2011-04-17 19:18 . 2011-04-17 19:18 4157448 ----a-w- c:\program files\GarminMapUpdater_v2.6.6.exe
2011-02-16 09:32 . 2010-10-15 09:37 12443528 ----a-w- c:\program files\aTube_Catcher.exe
2010-09-14 16:45 . 2010-09-14 16:45 3821175 ----a-w- c:\program files\pspad454inst_cz.exe
2010-02-06 11:54 . 2010-02-06 11:52 25012216 ----a-w- c:\program files\moviexone.exe
2009-12-22 07:52 . 2009-10-14 18:05 7771349 ----a-w- c:\program files\aTube_Catcher_Installer.exe
2008-12-24 12:25 . 2009-06-05 10:23 44805700 ----a-w- c:\program files\SystemMechanicPro.exe
2008-07-07 17:04 . 2008-07-07 17:04 19555 ----a-w- c:\program files\T-Cleaner.bat
2008-07-07 14:54 . 2008-07-07 14:54 401720 ----a-w- c:\program files\HijackThis.exe
1996-12-02 17:44 . 1996-12-02 17:44 582144 ----a-w- c:\program files\Common Files\dao350.dll
2011-11-29 06:53 . 2011-11-11 19:50 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"nwiz"="nwiz.exe" [2005-11-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"MyGarminAgent"="c:\program files\Garmin\MyGarminAgent\MyGarminAgent.exe" [2010-03-16 337256]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf h:\program files\iolo\System Mechanic Professional 6\\0iolobtdfg c:\windows\system32
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\STRONG DC\\StrongDC.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\JetAudio\\JcServer.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13985:TCP"= 13985:TCP:BitComet 13985 TCP
"13985:UDP"= 13985:UDP:BitComet 13985 UDP
.
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [10.3.2008 23:40 156800]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10.9.2011 17:40 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23.6.2011 16:39 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23.11.2008 18:19 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.11.2008 18:19 20568]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.8.2011 14:25 2152152]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [3.11.2010 16:26 1714176]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 7:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 7:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 7:11 12928]
S1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\DRIVERS\wfcxacap.sys --> c:\windows\system32\DRIVERS\wfcxacap.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys --> c:\windows\system32\drivers\wfcxatun.sys [?]
S2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys --> c:\windows\system32\drivers\wfcxvcap.sys [?]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys --> c:\windows\system32\DRIVERS\gflmouhid.sys [?]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys --> c:\windows\system32\DRIVERS\ewdcsc.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [18.8.2011 14:25 15232]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [5.12.2009 12:28 83496]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys --> c:\windows\system32\drivers\wfcxdtun.sys [?]
S3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys --> c:\windows\system32\drivers\wfcxtcap.sys [?]
S3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys --> c:\windows\system32\drivers\wfcxxbar.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S4 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [10.3.2008 23:40 5248]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [12.3.2008 9:46 159616]
S4 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [12.3.2008 9:46 5248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 08:09]
.
.
------- Doplňkový sken -------
.
IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.21\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-10 13:17
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = "c:\program files\Creative\MediaSource\Detector\CTDetect.exe" /R??9~0?6~????*?6~??6~?w????8~????m???????????????????h???h???????]?6~??8~????m???????????????????k!?s??6~??6~6?????????>w??????6~?pj???????6~??????>w??6~???????s????W?9~??6~??????6~??>w6??????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3064)
c:\windows\system32\msimtf.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2011-12-10 13:26:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-10 12:25
ComboFix2.txt 2011-12-10 11:19
.
Před spuštěním: 7 463 575 552
Po spuštění: 7 293 468 672
.
- - End Of File - - 52A32E73B93435F92593C8288635D460
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.211 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pet\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pet\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\atapi.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-10 do 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-12-08 21:04 . 2011-12-08 21:04 -------- d-----w- C:\_OTL
2011-12-08 19:25 . 2011-12-08 19:34 -------- d-----w- C:\UsbFix
2011-12-08 16:50 . 2011-12-08 16:50 512 ------w- C:\PhysicalMBR.bin
2011-12-08 14:40 . 2011-12-08 14:40 -------- d-----w- c:\program files\trend micro
2011-12-08 14:40 . 2011-12-08 14:41 -------- d-----w- C:\rsit
2011-12-08 14:36 . 2011-12-08 14:36 781383 ----a-w- c:\program files\RSIT.exe
2011-12-03 20:00 . 2006-11-10 14:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2011-12-03 20:00 . 2005-04-27 15:36 245408 ----a-w- c:\windows\system32\unicows.dll
2011-11-11 19:50 . 2011-11-29 06:53 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2010-08-16 17:12 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2008-11-23 17:19 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-06-23 15:39 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2008-11-23 17:19 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2008-11-23 17:19 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2008-11-23 17:19 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2008-11-23 17:19 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2008-11-23 17:19 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2008-11-23 17:19 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2008-11-23 17:19 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-24 10:50 . 2011-07-06 09:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-03 04:06 . 2010-05-02 08:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2008-05-29 20:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-23 15:17 . 2011-07-23 15:17 4195288 ----a-w- c:\program files\GarminMapUpdater_v2.7.10.exe
2011-04-18 15:14 . 2011-04-18 15:14 4157464 ----a-w- c:\program files\GarminMapUpdater_v2.6.7.exe
2011-04-17 19:18 . 2011-04-17 19:18 4157448 ----a-w- c:\program files\GarminMapUpdater_v2.6.6.exe
2011-02-16 09:32 . 2010-10-15 09:37 12443528 ----a-w- c:\program files\aTube_Catcher.exe
2010-09-14 16:45 . 2010-09-14 16:45 3821175 ----a-w- c:\program files\pspad454inst_cz.exe
2010-02-06 11:54 . 2010-02-06 11:52 25012216 ----a-w- c:\program files\moviexone.exe
2009-12-22 07:52 . 2009-10-14 18:05 7771349 ----a-w- c:\program files\aTube_Catcher_Installer.exe
2008-12-24 12:25 . 2009-06-05 10:23 44805700 ----a-w- c:\program files\SystemMechanicPro.exe
2008-07-07 17:04 . 2008-07-07 17:04 19555 ----a-w- c:\program files\T-Cleaner.bat
2008-07-07 14:54 . 2008-07-07 14:54 401720 ----a-w- c:\program files\HijackThis.exe
1996-12-02 17:44 . 1996-12-02 17:44 582144 ----a-w- c:\program files\Common Files\dao350.dll
2011-11-29 06:53 . 2011-11-11 19:50 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"nwiz"="nwiz.exe" [2005-11-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"MyGarminAgent"="c:\program files\Garmin\MyGarminAgent\MyGarminAgent.exe" [2010-03-16 337256]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf h:\program files\iolo\System Mechanic Professional 6\\0iolobtdfg c:\windows\system32
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\STRONG DC\\StrongDC.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\JetAudio\\JcServer.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13985:TCP"= 13985:TCP:BitComet 13985 TCP
"13985:UDP"= 13985:UDP:BitComet 13985 UDP
.
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [10.3.2008 23:40 156800]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10.9.2011 17:40 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23.6.2011 16:39 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23.11.2008 18:19 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.11.2008 18:19 20568]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.8.2011 14:25 2152152]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [3.11.2010 16:26 1714176]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 7:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 7:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 7:11 12928]
S1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\DRIVERS\wfcxacap.sys --> c:\windows\system32\DRIVERS\wfcxacap.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys --> c:\windows\system32\drivers\wfcxatun.sys [?]
S2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys --> c:\windows\system32\drivers\wfcxvcap.sys [?]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys --> c:\windows\system32\DRIVERS\gflmouhid.sys [?]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys --> c:\windows\system32\DRIVERS\ewdcsc.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [18.8.2011 14:25 15232]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [5.12.2009 12:28 83496]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys --> c:\windows\system32\drivers\wfcxdtun.sys [?]
S3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys --> c:\windows\system32\drivers\wfcxtcap.sys [?]
S3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys --> c:\windows\system32\drivers\wfcxxbar.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S4 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [10.3.2008 23:40 5248]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [12.3.2008 9:46 159616]
S4 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [12.3.2008 9:46 5248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 08:09]
.
.
------- Doplňkový sken -------
.
IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.21\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Pet\Data aplikací\Mozilla\Firefox\Profiles\npuaubjh.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-10 13:17
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = "c:\program files\Creative\MediaSource\Detector\CTDetect.exe" /R??9~0?6~????*?6~??6~?w????8~????m???????????????????h???h???????]?6~??8~????m???????????????????k!?s??6~??6~6?????????>w??????6~?pj???????6~??????>w??6~???????s????W?9~??6~??????6~??>w6??????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3064)
c:\windows\system32\msimtf.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2011-12-10 13:26:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-10 12:25
ComboFix2.txt 2011-12-10 11:19
.
Před spuštěním: 7 463 575 552
Po spuštění: 7 293 468 672
.
- - End Of File - - 52A32E73B93435F92593C8288635D460
Přispějete na provoz fóra?