Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu

#31 Příspěvek od vyosek »

:arrow: Odinstalujte Combofix
  • Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
  • Napiste ComboFix /Uninstall
  • Stisknete Enter
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner (viz muj podpis)
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za 14 dni

:arrow: Doporucuji provest defragmentaci disku
  • Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
    • Kliknete na Tento pocitac, dale na disk kliknete pravym tlacitkem, vyberte Vlastnosti
    • prepnete se do zalozky Nastroje
    • Nyni vidite pomucky Defragmentace - spustte ji kliknutim na Defragmentovat
    • Toto provedte se vsemi disky
  • Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
    • Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
    • Kliknete na Analyzovat
    • Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
    • Postup provedte se vsemi disky
  • Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
    • Vyhodou programku je, ze se neinstaluje
    • Staci tedy jen stahnout dle verze vaseho OS a rozbalit
    • Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
    • Probehne analyza disku a nasledne i defragmentace
:arrow: Zkuste kontaktovat poskytovatele internetu, PC by melo byt na havet ciste
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
kajaa1
Návštěvník
Návštěvník
Příspěvky: 97
Registrován: 10 úno 2011 19:57

Re: Prosím o kontrolu logu

#32 Příspěvek od kajaa1 »

Děkuju, vyzkouším.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu

#33 Příspěvek od vyosek »

Neni zac, pak dejte vedet :wink:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
kajaa1
Návštěvník
Návštěvník
Příspěvky: 97
Registrován: 10 úno 2011 19:57

Re: Prosím o kontrolu logu

#34 Příspěvek od kajaa1 »

Zkusil jsem vše a problém přetrvává. Když spustím Mozillu v nouzovém režimu, tak to chodí líp. Teď jsem si našel fórum, kde se řeší různé problémy s Firefoxem, tak ho pročtu a zkusím zjitit, co by mohlo problémy způsobovat. Jen nevím, co s tím startem PC, který mně přijde dost pomalý. Není možné, že by mohla být chyba třeba v některých ovladačích?
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu

#35 Příspěvek od vyosek »

:arrow: Moozilu kompletne odinstalujte - navod zde http://jasnapakablog.mozilla.cz/684381- ... x-3-0.html

:arrow: Znovu nainstalujte, zatim zadny doplnek neinstalujte

:arrow: podivame se jeste po haveti typu rootkit

:arrow: Stahnete SPTD http://www.duplexsecure.com/en/downloads
  • Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
  • Ulozte na plochu a spustte
  • Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
:arrow: Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe
  • Ulozte na plochu a spustte
  • Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
:arrow: Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe ale nespoustejte

:arrow: Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
  • Vyskoci na Vas okenko, do ktereho zkopirujte text nize

  • Kód: Vybrat vše

    "%userprofile%\plocha\mbr" -t
  • Kliknete na OK
  • Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte
:arrow: Dejte logy z Gmeru - viz muj podpis
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
kajaa1
Návštěvník
Návštěvník
Příspěvky: 97
Registrován: 10 úno 2011 19:57

Re: Prosím o kontrolu logu

#36 Příspěvek od kajaa1 »

Firefox se mně nedaří odinstalovat. Zkoušel jsem to přes Advance System Care i přes odebrání programů, ale prostě nejde. Jinak vkládám log z mbr:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD6400AARS-00Y5B1 rev.80.00A80 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-6

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AF32AB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000069[0x8AF409E8]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP1T0L0-6[0x8AF58940]
kernel: MBR read successfully
user & kernel MBR OK


A 1. log (ten rychlý) z gmeru:

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-02 16:17:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-6 WDC_WD6400AARS-00Y5B1 rev.80.00A80
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\ugdcypoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB1E35026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB1E34E91]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB1E7E8DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu

#37 Příspěvek od vyosek »

:arrow: Advance System Care hodte do pryc - je to cinsky smejd, databazi ukradli jine spolecnosti a spise skodi nez prinasi uzitek

:arrow: Ve slozce moozilly je slozk uninstal a v ni soupor helper - ten spustte :wink:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
kajaa1
Návštěvník
Návštěvník
Příspěvky: 97
Registrován: 10 úno 2011 19:57

Re: Prosím o kontrolu logu

#38 Příspěvek od kajaa1 »

A tady vklkádám 2. log (ten velký sken) z gmeru:


GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-03 10:30:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-6 WDC_WD6400AARS-00Y5B1 rev.80.00A80
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\ugdcypoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB26919CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB26E6A68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB26B1AF5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB2693EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB2693F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB269401A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB26B14A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB2693E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB2693F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB2693E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB2693FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB26919EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB26B21BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB26B2471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB269429E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB26B2026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB26B1E91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB26E6B18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB26917B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB2691A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB2694412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB26924AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB2693EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB2693F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB2694044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB26B1805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB2693E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB26940D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB2693F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB2693E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB26941BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB2693FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB26E6BB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB26B1D0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB2692370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB26B1B5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB26EEE26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB26B0B1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB2691A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB2691A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB2691812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB269194E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB26B22C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB269192A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB2691972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB2691A7E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB26FB8DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject


Bohužel se nevejde celý, takže druhou polovinu dám v dalším příspěvku.
Nahoru
kajaa1
Návštěvník
Návštěvník
Příspěvky: 97
Registrován: 10 úno 2011 19:57

Re: Prosím o kontrolu logu

#39 Příspěvek od kajaa1 »

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL B2692E25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP B26F729E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP B26F8D38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP B26FB8E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB74003A0, 0x5FE082, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB0EC6300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8448300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\spoolsv.exe[156] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\spoolsv.exe[156] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003001D4
.text C:\WINDOWS\system32\spoolsv.exe[156] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\spoolsv.exe[156] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\spoolsv.exe[156] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 0030015C
.text C:\WINDOWS\system32\spoolsv.exe[156] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300198
.text C:\WINDOWS\system32\spoolsv.exe[156] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\spoolsv.exe[156] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\spoolsv.exe[156] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\spoolsv.exe[156] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003100E4
.text C:\WINDOWS\system32\spoolsv.exe[156] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310120
.text C:\WINDOWS\system32\spoolsv.exe[156] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003100A8
.text C:\WINDOWS\system32\spoolsv.exe[156] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00310030
.text C:\WINDOWS\system32\spoolsv.exe[156] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0031006C
.text C:\WINDOWS\system32\IoctlSvc.exe[212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\WINDOWS\system32\IoctlSvc.exe[212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\WINDOWS\system32\IoctlSvc.exe[212] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E01D4
.text C:\WINDOWS\system32\IoctlSvc.exe[212] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E00E4
.text C:\WINDOWS\system32\IoctlSvc.exe[212] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0120
.text C:\WINDOWS\system32\IoctlSvc.exe[212] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E015C
.text C:\WINDOWS\system32\IoctlSvc.exe[212] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0198
.text C:\WINDOWS\system32\IoctlSvc.exe[212] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E0030
.text C:\WINDOWS\system32\IoctlSvc.exe[212] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E006C
.text C:\WINDOWS\system32\IoctlSvc.exe[212] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E00A8
.text C:\WINDOWS\system32\IoctlSvc.exe[212] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F00E4
.text C:\WINDOWS\system32\IoctlSvc.exe[212] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0120
.text C:\WINDOWS\system32\IoctlSvc.exe[212] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F00A8
.text C:\WINDOWS\system32\IoctlSvc.exe[212] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F0030
.text C:\WINDOWS\system32\IoctlSvc.exe[212] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F006C
.text C:\WINDOWS\System32\svchost.exe[240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\svchost.exe[240] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\svchost.exe[240] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003001D4
.text C:\WINDOWS\System32\svchost.exe[240] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003000E4
.text C:\WINDOWS\System32\svchost.exe[240] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300120
.text C:\WINDOWS\System32\svchost.exe[240] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 0030015C
.text C:\WINDOWS\System32\svchost.exe[240] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300198
.text C:\WINDOWS\System32\svchost.exe[240] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00300030
.text C:\WINDOWS\System32\svchost.exe[240] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0030006C
.text C:\WINDOWS\System32\svchost.exe[240] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003000A8
.text C:\WINDOWS\System32\svchost.exe[240] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003100E4
.text C:\WINDOWS\System32\svchost.exe[240] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310120
.text C:\WINDOWS\System32\svchost.exe[240] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003100A8
.text C:\WINDOWS\System32\svchost.exe[240] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00310030
.text C:\WINDOWS\System32\svchost.exe[240] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0031006C
.text C:\Program Files\SUPERAntiSpyware\SASCore.exe[392] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\SUPERAntiSpyware\SASCore.exe[392] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\SUPERAntiSpyware\SASCore.exe[392] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E01D4
.text C:\Program Files\SUPERAntiSpyware\SASCore.exe[392] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E00E4
.text C:\Program Files\SUPERAntiSpyware\SASCore.exe[392] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0120
.text C:\Program Files\SUPERAntiSpyware\SASCore.exe[392] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E015C
.text C:\Program Files\SUPERAntiSpyware\SASCore.exe[392] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0198
.text C:\Program Files\SUPERAntiSpyware\SASCore.exe[392] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E0030
.text C:\Program Files\SUPERAntiSpyware\SASCore.exe[392] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E006C
.text C:\Program Files\SUPERAntiSpyware\SASCore.exe[392] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E00A8
.text C:\Program Files\SUPERAntiSpyware\SASCore.exe[392] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F00E4
.text C:\Program Files\SUPERAntiSpyware\SASCore.exe[392] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0120
.text C:\Program Files\SUPERAntiSpyware\SASCore.exe[392] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F00A8
.text C:\Program Files\SUPERAntiSpyware\SASCore.exe[392] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F0030
.text C:\Program Files\SUPERAntiSpyware\SASCore.exe[392] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F006C
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003001D4
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 0030015C
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300198
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\svchost.exe[508] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003100E4
.text C:\WINDOWS\system32\svchost.exe[508] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310120
.text C:\WINDOWS\system32\svchost.exe[508] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003100A8
.text C:\WINDOWS\system32\svchost.exe[508] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00310030
.text C:\WINDOWS\system32\svchost.exe[508] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0031006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E01D4
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E00E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0120
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E015C
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0198
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E0030
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F00E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0120
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F0030
.text C:\Program Files\Java\jre6\bin\jqs.exe[608] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F006C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[660] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004100E4
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[660] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00410120
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[660] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004100A8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[660] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00410030
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[660] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0041006C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 004201D4
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[660] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 004200E4
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[660] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00420120
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 0042015C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00420198
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[660] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00420030
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[660] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0042006C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[660] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 004200A8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[728] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[884] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[884] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[884] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E01D4
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[884] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E00E4
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[884] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0120
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[884] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E015C
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[884] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0198
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[884] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E0030
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[884] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E006C
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[884] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E00A8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[884] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F00E4
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[884] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0120
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[884] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F00A8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[884] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F0030
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[884] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F006C
.text C:\WINDOWS\RTHDCPL.EXE[976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\WINDOWS\RTHDCPL.EXE[976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\WINDOWS\RTHDCPL.EXE[976] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D01D4
.text C:\WINDOWS\RTHDCPL.EXE[976] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D00E4
.text C:\WINDOWS\RTHDCPL.EXE[976] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0120
.text C:\WINDOWS\RTHDCPL.EXE[976] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D015C
.text C:\WINDOWS\RTHDCPL.EXE[976] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0198
.text C:\WINDOWS\RTHDCPL.EXE[976] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D0030
.text C:\WINDOWS\RTHDCPL.EXE[976] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D006C
.text C:\WINDOWS\RTHDCPL.EXE[976] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D00A8
.text C:\WINDOWS\RTHDCPL.EXE[976] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E00E4
.text C:\WINDOWS\RTHDCPL.EXE[976] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0120
.text C:\WINDOWS\RTHDCPL.EXE[976] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E00A8
.text C:\WINDOWS\RTHDCPL.EXE[976] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E0030
.text C:\WINDOWS\RTHDCPL.EXE[976] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E006C
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1072] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1072] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1072] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E00E4
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1072] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0120
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1072] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E00A8
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1072] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E0030
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1072] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E006C
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1072] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F01D4
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1072] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F00E4
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1072] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0120
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1072] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F015C
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1072] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0198
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1072] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F0030
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1072] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F006C
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1072] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F00A8
.text C:\WINDOWS\system32\ctfmon.exe[1112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A0030
.text C:\WINDOWS\system32\ctfmon.exe[1112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A006C
.text C:\WINDOWS\system32\ctfmon.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003801D4
.text C:\WINDOWS\system32\ctfmon.exe[1112] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\ctfmon.exe[1112] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\ctfmon.exe[1112] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 0038015C
.text C:\WINDOWS\system32\ctfmon.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380198
.text C:\WINDOWS\system32\ctfmon.exe[1112] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\ctfmon.exe[1112] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\ctfmon.exe[1112] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003800A8
.text C:\WINDOWS\system32\ctfmon.exe[1112] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003900E4
.text C:\WINDOWS\system32\ctfmon.exe[1112] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390120
.text C:\WINDOWS\system32\ctfmon.exe[1112] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\ctfmon.exe[1112] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00390030
.text C:\WINDOWS\system32\ctfmon.exe[1112] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 0039006C
.text C:\WINDOWS\system32\ctfmon.exe[1112] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1124] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E00E4
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1124] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0120
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1124] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E00A8
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1124] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E0030
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1124] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E006C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F01D4
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F00E4
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0120
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F015C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0198
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1124] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F0030
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1124] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F006C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1124] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F00A8
.text C:\WINDOWS\system32\winlogon.exe[1216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00070030
.text C:\WINDOWS\system32\winlogon.exe[1216] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\winlogon.exe[1216] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003001D4
.text C:\WINDOWS\system32\winlogon.exe[1216] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\winlogon.exe[1216] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\winlogon.exe[1216] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 0030015C
.text C:\WINDOWS\system32\winlogon.exe[1216] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300198
.text C:\WINDOWS\system32\winlogon.exe[1216] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\winlogon.exe[1216] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\winlogon.exe[1216] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\winlogon.exe[1216] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003100E4
.text C:\WINDOWS\system32\winlogon.exe[1216] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310120
.text C:\WINDOWS\system32\winlogon.exe[1216] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003100A8
.text C:\WINDOWS\system32\winlogon.exe[1216] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00310030
.text C:\WINDOWS\system32\winlogon.exe[1216] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0031006C
.text C:\WINDOWS\Explorer.EXE[1268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\Explorer.EXE[1268] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\Explorer.EXE[1268] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003101D4
.text C:\WINDOWS\Explorer.EXE[1268] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003100E4
.text C:\WINDOWS\Explorer.EXE[1268] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310120
.text C:\WINDOWS\Explorer.EXE[1268] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 0031015C
.text C:\WINDOWS\Explorer.EXE[1268] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310198
.text C:\WINDOWS\Explorer.EXE[1268] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00310030
.text C:\WINDOWS\Explorer.EXE[1268] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0031006C
.text C:\WINDOWS\Explorer.EXE[1268] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003100A8
.text C:\WINDOWS\Explorer.EXE[1268] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003200E4
.text C:\WINDOWS\Explorer.EXE[1268] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320120
.text C:\WINDOWS\Explorer.EXE[1268] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003200A8
.text C:\WINDOWS\Explorer.EXE[1268] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00320030
.text C:\WINDOWS\Explorer.EXE[1268] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0032006C
.text C:\WINDOWS\system32\services.exe[1308] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\services.exe[1308] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\services.exe[1308] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003001D4
.text C:\WINDOWS\system32\services.exe[1308] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\services.exe[1308] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\services.exe[1308] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 0030015C
.text C:\WINDOWS\system32\services.exe[1308] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300198
.text C:\WINDOWS\system32\services.exe[1308] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\services.exe[1308] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\services.exe[1308] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\services.exe[1308] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003100E4
.text C:\WINDOWS\system32\services.exe[1308] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310120
.text C:\WINDOWS\system32\services.exe[1308] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003100A8
.text C:\WINDOWS\system32\services.exe[1308] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00310030
.text C:\WINDOWS\system32\services.exe[1308] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0031006C
.text C:\WINDOWS\system32\lsass.exe[1368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\lsass.exe[1368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003001D4
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 0030015C
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300198
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\lsass.exe[1368] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003100E4
.text C:\WINDOWS\system32\lsass.exe[1368] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310120
.text C:\WINDOWS\system32\lsass.exe[1368] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003100A8
.text C:\WINDOWS\system32\lsass.exe[1368] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00310030
.text C:\WINDOWS\system32\lsass.exe[1368] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0031006C
.text C:\WINDOWS\system32\nvsvc32.exe[1700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\WINDOWS\system32\nvsvc32.exe[1700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\WINDOWS\system32\nvsvc32.exe[1700] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E01D4
.text C:\WINDOWS\system32\nvsvc32.exe[1700] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E00E4
.text C:\WINDOWS\system32\nvsvc32.exe[1700] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0120
.text C:\WINDOWS\system32\nvsvc32.exe[1700] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E015C
.text C:\WINDOWS\system32\nvsvc32.exe[1700] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0198
.text C:\WINDOWS\system32\nvsvc32.exe[1700] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E0030
.text C:\WINDOWS\system32\nvsvc32.exe[1700] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E006C
.text C:\WINDOWS\system32\nvsvc32.exe[1700] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E00A8
.text C:\WINDOWS\system32\nvsvc32.exe[1700] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F00E4
.text C:\WINDOWS\system32\nvsvc32.exe[1700] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0120
.text C:\WINDOWS\system32\nvsvc32.exe[1700] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F00A8
.text C:\WINDOWS\system32\nvsvc32.exe[1700] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F0030
.text C:\WINDOWS\system32\nvsvc32.exe[1700] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F006C
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00080030
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1752] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0008006C
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1752] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003101D4
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1752] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003100E4
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1752] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310120
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1752] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 0031015C
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1752] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310198
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1752] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00310030
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1752] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0031006C
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1752] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003100A8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1752] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003200E4
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1752] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320120
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1752] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003200A8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1752] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00320030
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1752] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0032006C
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1780] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1780] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1780] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 006601D4
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1780] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 006600E4
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1780] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00660120
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1780] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 0066015C
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1780] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00660198
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1780] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00660030
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1780] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0066006C
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1780] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 006600A8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1780] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 006700E4
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1780] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00670120
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1780] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 006700A8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1780] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00670030
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1780] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0067006C
.text C:\WINDOWS\system32\svchost.exe[1812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003001D4
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 0030015C
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300198
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\svchost.exe[1812] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003100E4
.text C:\WINDOWS\system32\svchost.exe[1812] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310120
.text C:\WINDOWS\system32\svchost.exe[1812] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003100A8
.text C:\WINDOWS\system32\svchost.exe[1812] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00310030
.text C:\WINDOWS\system32\svchost.exe[1812] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0031006C
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003001D4
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 0030015C
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300198
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003100E4
.text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310120
.text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003100A8
.text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00310030
.text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0031006C
.text C:\WINDOWS\System32\alg.exe[3316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\alg.exe[3316] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\alg.exe[3316] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003000E4
.text C:\WINDOWS\System32\alg.exe[3316] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300120
.text C:\WINDOWS\System32\alg.exe[3316] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003000A8
.text C:\WINDOWS\System32\alg.exe[3316] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00300030
.text C:\WINDOWS\System32\alg.exe[3316] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0030006C
.text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003101D4
.text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003100E4
.text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310120
.text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 0031015C
.text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310198
.text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00310030
.text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0031006C
.text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003100A8
.text C:\Documents and Settings\Owner\Plocha\gmer\gmer.exe[3956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Documents and Settings\Owner\Plocha\gmer\gmer.exe[3956] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1308] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002
IAT C:\WINDOWS\system32\services.exe[1308] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA6 0x57 0xEA 0x26 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x84 0xBF 0x13 0xAE ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDA 0x96 0x1A 0x8B ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x8A 0xE8 0x37 0xF0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x8C 0xC0 0x64 0xCF ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x8C 0xC0 0x64 0xCF ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD4 0xAB 0xE6 0x78 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1F 0xEE 0xD4 0x94 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE4 0xB9 0xD1 0xEC ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB5 0xEC 0xE5 0x72 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x53 0xF4 0x01 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA6 0x57 0xEA 0x26 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x84 0xBF 0x13 0xAE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDA 0x96 0x1A 0x8B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x8A 0xE8 0x37 0xF0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x8C 0xC0 0x64 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x8C 0xC0 0x64 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x98 0xBB 0x10 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1F 0xEE 0xD4 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6C 0x51 0x5A 0xDA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x92 0x5B 0x3E 0xA1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x1F 0xC0 0xB4 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA6 0x57 0xEA 0x26 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x84 0xBF 0x13 0xAE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x1B 0x73 0xE1 0x91 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x32 0x98 0x37 0xC1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x8C 0xC0 0x64 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x8C 0xC0 0x64 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF4 0x4B 0x64 0x21 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA6 0x57 0xEA 0x26 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x84 0xBF 0x13 0xAE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x1B 0x73 0xE1 0x91 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x32 0x98 0x37 0xC1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x8C 0xC0 0x64 0xCF ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x8C 0xC0 0x64 0xCF ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF4 0x4B 0x64 0x21 ...

---- EOF - GMER 1.0.15 ----
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu

#40 Příspěvek od vyosek »

Logy z mbr i gmeru vypadaji ciste...zpomaleni nebude zpusobene haveti :o
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
kajaa1
Návštěvník
Návštěvník
Příspěvky: 97
Registrován: 10 úno 2011 19:57

Re: Prosím o kontrolu logu

#41 Příspěvek od kajaa1 »

Bohužel ta mozilla nejde odinstalovat ani podle vašeho návodu. Odinstalace vůbec nenaběhne. Aspoň dobrá zpráva, že PC je čisté od havěti. Advance System Care jsem odinstaloval. Tune Up Utillities je lepší nebo taky zbytečný?
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu

#42 Příspěvek od vyosek »

TuneUp je placeny a dle meho je to zbytecne za nej davat penize - ja pouzivam CCleaner a na cisteni PC to staci...

Zkuste kontaktovt tech. podporu mozilly proc to nejde...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
kajaa1
Návštěvník
Návštěvník
Příspěvky: 97
Registrován: 10 úno 2011 19:57

Re: Prosím o kontrolu logu

#43 Příspěvek od kajaa1 »

Nechci zakládat nové téma, tak to vkládám do svého starého. Měl jsem problémy s aktualizováním SAS a po pročištění ComboFixem ty problémy zmizely. Tak bych chtěl, jestli by mně to někdo neznkotroloval. Děkuju.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2011-06-15 15:40:31
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (4%) free of 200 GB
Total RAM: 3063 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:40:38, on 15.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SUPERAntiSpyware\SASCore.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50848
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1078081533-1085031214-1177238915-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1078081533-1085031214-1177238915-1004\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAS Core Service (SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCore.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 8240 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
&Crawler Toolbar Helper - C:\PROGRA~1\Crawler\ctbr.dll [2011-03-11 1232520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-21 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
{32099AAC-C132-4136-9E9A-4E364A424E17} -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2010-09-07 1976920]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2010-09-07 43608]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-03-21 20053096]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-05-10 3459712]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-04-07 13891176]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2011-02-24 1753192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"SpeedUpMyPC"=C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe [2011-05-23 67960]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-06-10 2424192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2010-05-06 64592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\EA Sports\FIFA 11\Game\fifa.exe"="C:\Program Files\EA Sports\FIFA 11\Game\fifa.exe:*:Enabled:FIFA 11"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Reality Pump\Two Worlds II\TwoWorlds2.exe"="C:\Program Files\Reality Pump\Two Worlds II\TwoWorlds2.exe:*:Enabled:Two Worlds II"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe:*:Enabled:Assassin's Creed Brotherhood"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe:*:Enabled:Assassin's Creed Brotherhood Multiplayer"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe:*:Enabled:Assassin's Creed Brotherhood Update"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe:*:Enabled:Assassin's Creed Brotherhood Uplay"
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\The Witcher 2 (CZ)\bin\witcher2.exe"="C:\Program Files\The Witcher 2 (CZ)\bin\witcher2.exe:*:Enabled:The Witcher 2: Assasins of Kings"
"C:\Program Files\AML Products\Registry Cleaner\regclean.exe"="C:\Program Files\AML Products\Registry Cleaner\regclean.exe:*:Enabled:AML Free Registry Cleaner"
"C:\Program Files\CCleaner\CCleaner.exe"="C:\Program Files\CCleaner\CCleaner.exe:*:Enabled:CCleaner"
"C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe"="C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe:*:Enabled:SpeedUpMyPC"
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-06-15 15:40:33 ----D---- C:\Program Files\trend micro
2011-06-15 15:40:31 ----D---- C:\rsit
2011-06-15 15:38:51 ----SHD---- C:\RECYCLER
2011-06-15 15:31:18 ----A---- C:\ComboFix.txt
2011-06-12 21:56:23 ----D---- C:\Program Files\Unlocker
2011-05-27 18:05:52 ----D---- C:\Program Files\The Witcher 2 (CZ)
2011-05-27 17:19:46 ----D---- C:\Documents and Settings\Owner\Data aplikací\Uniblue
2011-05-27 17:19:28 ----D---- C:\Program Files\Uniblue
2011-05-27 17:13:03 ----A---- C:\WINDOWS\system32\mfc100u.dll
2011-05-26 17:46:08 ----A---- C:\WINDOWS\system32\drivers\DrvAgent32.sys
2011-05-26 17:41:57 ----D---- C:\Program Files\Lavalys
2011-05-18 18:02:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA
2011-05-18 17:53:53 ----A---- C:\WINDOWS\system32\nvgenco322060.dll
2011-05-18 17:53:53 ----A---- C:\WINDOWS\system32\nvdispco3220140.dll

======List of files/folders modified in the last 1 months======

2011-06-15 15:40:33 ----RD---- C:\Program Files
2011-06-15 15:37:30 ----D---- C:\WINDOWS\temp
2011-06-15 15:31:27 ----D---- C:\Qoobox
2011-06-15 15:27:34 ----D---- C:\WINDOWS
2011-06-15 15:27:34 ----A---- C:\WINDOWS\system.ini
2011-06-15 15:22:55 ----D---- C:\WINDOWS\system32\drivers
2011-06-15 15:22:55 ----D---- C:\WINDOWS\system32
2011-06-15 15:22:53 ----D---- C:\WINDOWS\AppPatch
2011-06-15 15:22:32 ----D---- C:\Program Files\Common Files
2011-06-15 15:16:24 ----D---- C:\WINDOWS\system32\CatRoot2
2011-06-15 15:14:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-06-15 15:14:21 ----D---- C:\WINDOWS\Prefetch
2011-06-15 15:03:49 ----A---- C:\WINDOWS\system32\log.txt
2011-06-15 06:48:48 ----A---- C:\WINDOWS\NeroDigital.ini
2011-06-13 10:23:31 ----SHD---- C:\WINDOWS\Installer
2011-06-13 10:23:31 ----D---- C:\Config.Msi
2011-06-13 10:06:42 ----D---- C:\WINDOWS\Minidump
2011-06-12 21:56:43 ----RSD---- C:\WINDOWS\assembly
2011-06-12 16:10:59 ----D---- C:\Program Files\SUPERAntiSpyware
2011-06-12 16:05:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-05-27 17:19:49 ----SD---- C:\WINDOWS\Tasks
2011-05-27 13:18:52 ----HD---- C:\Program Files\InstallShield Installation Information
2011-05-26 17:53:10 ----D---- C:\Program Files\Codec Pack - All In 1
2011-05-26 17:52:26 ----A---- C:\WINDOWS\iun6002.exe
2011-05-26 17:46:12 ----HD---- C:\WINDOWS\inf
2011-05-26 09:54:01 ----D---- C:\Documents and Settings\Owner\Data aplikací\vlc
2011-05-25 21:23:23 ----D---- C:\WINDOWS\Network Diagnostic
2011-05-25 21:21:39 ----D---- C:\Program Files\Crawler
2011-05-19 21:06:28 ----D---- C:\WINDOWS\system32\DirectX
2011-05-18 18:02:52 ----D---- C:\Program Files\NVIDIA Corporation
2011-05-18 18:02:26 ----D---- C:\Documents and Settings
2011-05-18 18:01:22 ----D---- C:\WINDOWS\Help
2011-05-18 17:54:56 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-05-18 17:54:40 ----RSHDC---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2010-10-29 104536]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-05-10 30808]
R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2010-06-29 2712176]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-05-10 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-05-10 49240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-03-21 218688]
R1 eusk2par;Aladdin SmartKey Parallel Driver; \??\C:\WINDOWS\system32\Drivers\eusk2par.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-05-10 102616]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-05-03 281760]
R2 LBeepKE;Logitech Beep Suppression Driver; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2010-08-24 10448]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-05-03 25888]
R3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2009-09-17 41088]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-04-06 6388328]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2010-08-24 38864]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2010-08-24 37328]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2010-08-24 28624]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-04-08 12501600]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-07-06 234392]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2010-04-27 22856]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2010-04-27 37704]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2010-04-27 66632]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2010-04-27 15048]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-05-10 42184]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-21 153376]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-11-04 268824]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-04-03 75136]
R2 SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCore.exe [2011-05-04 114048]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2010-06-29 316816]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-10-28 293456]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2011-04-07 155752]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu

#44 Příspěvek od vyosek »

Zdravim a pekny den preji :)

:arrow: ComboFix se nema pouzivat bez doporuceni - neni to hracka - vizte nize

:arrow: Nebezpeci CFka
  • Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
  • Maze stopy po haveti, takze v logu z RSIT neni nic videt
  • Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
  • CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
  • CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal
:arrow: Vlozte mi sem tedy jeho loh, je ulozen v c:\ComboFix.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
kajaa1
Návštěvník
Návštěvník
Příspěvky: 97
Registrován: 10 úno 2011 19:57

Re: Prosím o kontrolu logu

#45 Příspěvek od kajaa1 »

ComboFix 11-06-14.03 - Owner 15.06.2011 15:18:00.6.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3063.2559 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-15 do 2011-06-15 )))))))))))))))))))))))))))))))
.
.
2011-06-12 19:56 . 2011-06-12 19:57 -------- d-----w- c:\program files\Unlocker
2011-05-27 16:28 . 2011-05-27 16:28 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\The Witcher 2
2011-05-27 16:05 . 2011-06-13 08:11 -------- d-----w- c:\program files\The Witcher 2 (CZ)
2011-05-27 15:19 . 2011-05-27 15:19 -------- d-----w- c:\documents and settings\Owner\Data aplikací\Uniblue
2011-05-27 15:19 . 2011-05-27 15:19 -------- d-----w- c:\program files\Uniblue
2011-05-27 15:13 . 2010-08-24 06:50 4368720 ----a-w- c:\windows\system32\mfc100u.dll
2011-05-27 14:55 . 2011-05-27 14:55 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\PackageAware
2011-05-26 15:46 . 2011-05-26 15:46 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-05-26 15:46 . 2011-05-26 15:46 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\eSupport.com
2011-05-26 15:41 . 2011-05-26 15:41 -------- d-----w- c:\program files\Lavalys
2011-05-18 16:02 . 2011-05-18 16:02 -------- d-----w- c:\documents and settings\UpdatusUser
2011-05-18 16:02 . 2011-05-18 16:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2011-05-18 15:53 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-18 15:53 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-26 15:52 . 2010-02-02 18:01 737280 ----a-w- c:\windows\iun6002.exe
2011-05-10 12:10 . 2011-05-01 09:16 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-05-01 09:16 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-05-03 17:00 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2011-05-03 17:00 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2011-05-03 17:00 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2011-05-03 16:59 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2011-05-03 16:59 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2011-05-03 17:00 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-05-03 16:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2011-05-03 17:00 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-08 05:14 . 2011-04-24 11:38 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2010-02-02 17:45 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2010-02-02 17:45 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2010-02-02 17:45 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2010-02-02 17:45 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14 . 2010-02-02 17:45 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-04-08 05:14 . 2010-02-02 17:45 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14 . 2010-02-02 17:45 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2010-02-02 17:45 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-07 20:16 . 2011-04-07 20:16 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-07 20:16 . 2011-04-07 20:16 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:16 . 2011-04-07 20:16 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-04-07 20:16 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-04-07 20:16 . 2011-04-07 20:16 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-04-07 20:16 . 2011-04-07 20:16 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-04-07 20:16 . 2011-04-07 20:16 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-04-07 20:16 . 2011-04-07 20:16 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-04-07 20:16 . 2011-04-07 20:16 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-04-07 20:16 . 2011-04-07 20:16 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-04-07 20:16 . 2011-04-07 20:16 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-04-07 20:16 . 2011-04-07 20:16 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-04-07 20:16 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-04-07 20:16 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-04-07 20:16 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-04-07 20:16 . 2011-04-07 20:16 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-04-07 20:16 . 2011-04-07 20:16 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-04-07 20:16 . 2011-04-07 20:16 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-04-07 20:16 . 2011-04-07 20:16 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-04-07 20:16 . 2011-04-07 20:16 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-04-07 20:16 . 2011-04-07 20:16 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-04-07 20:16 . 2011-04-07 20:16 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-07 20:16 . 2011-04-07 20:16 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-04-07 20:16 . 2011-04-07 20:16 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-04-07 20:16 . 2011-04-07 20:16 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-04-07 20:16 . 2011-04-07 20:16 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-04-07 20:16 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-04-07 20:16 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-04-07 20:16 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-04-07 20:16 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-04-07 20:16 . 2011-04-07 20:16 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-04-07 20:16 . 2011-04-07 20:16 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:16 . 2011-04-07 20:16 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:16 . 2011-04-07 20:16 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-07 20:16 . 2011-04-07 20:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-04-06 13:33 . 2010-08-07 22:57 6388328 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-04-04 15:22 . 2010-02-02 17:03 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-04-03 18:20 . 2011-04-03 18:20 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-03 18:20 . 2011-04-03 18:20 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-30 19:28 . 2011-03-30 19:28 53248 ----a-r- c:\documents and settings\Owner\Data aplikací\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-03-30 19:24 . 2010-08-07 22:48 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-03-30 15:29 . 2011-03-30 15:29 3678 ----a-w- C:\cc_20110330_172914.reg
2011-03-24 14:03 . 2010-02-02 17:16 56936 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-03-21 15:13 . 2010-02-02 17:16 20053096 ----a-w- c:\windows\RTHDCPL.EXE
2011-03-21 14:38 . 2011-03-20 19:30 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-18 17:55 . 2011-04-08 17:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2011-05-23 67960]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2010-09-07 1976920]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"RTHDCPL"="RTHDCPL.EXE" [2011-03-21 20053096]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\EA Sports\\FIFA 11\\Game\\fifa.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Reality Pump\\Two Worlds II\\TwoWorlds2.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\The Witcher 2 (CZ)\\bin\\witcher2.exe"=
"c:\\Program Files\\AML Products\\Registry Cleaner\\regclean.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\Uniblue\\SpeedUpMyPC\\sump.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [29.6.2010 20:44 2712176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.5.2011 19:00 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.5.2011 19:00 307928]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [20.3.2011 21:30 218688]
R1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2.1.2011 18:38 25680]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.5.2011 19:00 19544]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8.8.2010 0:44 10448]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [18.5.2011 18:02 2218600]
R2 SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [4.5.2011 19:54 114048]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2.2.2010 19:36 2320920]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.2.2010 19:16 1691480]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [26.5.2011 17:46 23456]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2.12.2010 18:27 11520]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-15 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-05-27 15:27]
.
.
------- Doplňkový sken -------
.
uStart Page = www.seznam.cz
uInternet Settings,ProxyServer = http=127.0.0.1:50848
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon
IE: Translate with Babylon
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\yjs6dssc.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50848
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-15 15:26
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-1085031214-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:52,7f,12,0e,39,c3,1f,d0,55,c7,8a,fb,fb,86,20,ab,cc,47,32,65,05,
db,66,d0,a9,2a,13,72,36,4e,ff,97,fe,f8,1a,2b,ed,f0,68,c6,94,58,e8,c5,0a,cd,\
"rkeysecu"=hex:d6,08,b0,b5,9b,35,f5,bc,3e,64,5d,e1,f9,fb,89,d0
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1188)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(3136)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-06-15 15:31:13
ComboFix-quarantined-files.txt 2011-06-15 13:31
ComboFix2.txt 2011-04-30 15:53
ComboFix3.txt 2011-04-29 07:03
.
Před spuštěním: 8 332 877 824
Po spuštění: 8 310 657 024
.
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 1C08FB6891E2794A141B7A887482199C
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“