VIRY.CZ

Dobrý den,
ve Foxce nejde přidat téma? Po kliknutí na tlačítko "Nové téma" jsem byl odhlášen.
Ale to může být součástí problému. Takže v IE pokračuji...

Myslel jsem si, še si poradím a za den laborování jsem zjistil, že potřebuji poradit.

Zkoušel jsem jiného WiFi providera a myslel, že mám problém s DNS. Dnes jsem se vrátil k původnímu a problém zůstal. A hlavně - stránky ČS fungují na ostatních počítačích v LAN a i v této mašině ve vituálním stroji. DNS cache by se měla restartem smazat, zkoušel jsemi ipconfig /flush, bez efektu.

Dost jsem prolézal různá fóra s cílem zprovoznit nahrávání rádií se satelitní kartou. Nenahrávalo mi to rádia, TV ano. Nešlo nastavit jiné, než windows filtry, W7 bránily své kodeky... Také jsem zkoušel jsem jiný DVB software. Je možné, že se na mě při hledání řešení nabalilo něco oč nestojím.

Pro začátek zasílám log z RSIT a zkusím sken MBAM.
Předem velký dík za Váš čas.
========================

Logfile of random's system information tool 1.08 (written by random/random)
Run by drb at 2011-01-31 22:37:54
Microsoft Windows 7 Professional
System drive C: has 10 GB (48%) free of 21 GB
Total RAM: 3325 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:37:55, on 31.1.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ASUS\Turbo Key\TurboKey.exe
C:\Program Files\Online Armor\oaui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\SmartClock\SmartClock.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\vpc.exe
C:\Windows\system32\NOTEPAD.EXE
D:\drb\Dnl\mbam-setup.exe
C:\Users\drb\AppData\Local\Temp\is-K5BDR.tmp\mbam-setup.tmp
D:\drb\Dnl\RSIT.exe
C:\Program Files\trend micro\drb.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Turbo Key] "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKCU\..\Run: [SmartClock] C:\Program Files\SmartClock\SmartClock.exe /boot
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB19C5CE-78FE-4B9F-83B4-B6ACF356B913}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{DB19C5CE-78FE-4B9F-83B4-B6ACF356B913}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{DB19C5CE-78FE-4B9F-83B4-B6ACF356B913}: NameServer = 192.168.1.1
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe

--
End of file - 5160 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-08-18 7711264]
"Turbo Key"=C:\Program Files\ASUS\Turbo Key\TurboKey.exe [2009-06-02 1769472]
"@OnlineArmor GUI"=C:\Program Files\Online Armor\oaui.exe [2010-10-26 2345000]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 136216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 170520]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Trend Micro RUBotted V2.0 Beta"=C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [2010-12-17 1103184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartClock"=C:\Program Files\SmartClock\SmartClock.exe [2003-04-26 880128]
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2007-06-02 1457152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-03-26 1234216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
D:\PROGRA~1\MSO\Office\OSA9.EXE [1999-02-17 65588]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\ONLINE~1\oaevent.dll [2010-10-26 353992]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-01-31 21:43:09 ----D---- C:\rsit
2011-01-31 20:10:21 ----D---- C:\Windows\system32\BestPractices
2011-01-31 17:28:22 ----A---- C:\Windows\system32\urlmon.dll
2011-01-31 17:28:22 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-01-31 17:28:22 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-01-31 17:28:22 ----A---- C:\Windows\system32\pngfilt.dll
2011-01-31 17:28:22 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-01-31 17:28:22 ----A---- C:\Windows\system32\msfeeds.dll
2011-01-31 17:28:22 ----A---- C:\Windows\system32\licmgr10.dll
2011-01-31 17:28:22 ----A---- C:\Windows\system32\jsproxy.dll
2011-01-31 17:28:22 ----A---- C:\Windows\system32\jscript9.dll
2011-01-31 17:28:22 ----A---- C:\Windows\system32\jscript.dll
2011-01-31 17:28:22 ----A---- C:\Windows\system32\inseng.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\wininet.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\wextract.exe
2011-01-31 17:28:21 ----A---- C:\Windows\system32\webcheck.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\vbscript.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\url.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\occache.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\msrating.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\msls31.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\mshtmler.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\mshtmled.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\mshtml.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\mshta.exe
2011-01-31 17:28:21 ----A---- C:\Windows\system32\msfeedssync.exe
2011-01-31 17:28:21 ----A---- C:\Windows\system32\imgutil.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\iexpress.exe
2011-01-31 17:28:21 ----A---- C:\Windows\system32\ieUnatt.exe
2011-01-31 17:28:21 ----A---- C:\Windows\system32\ieui.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\iesysprep.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\iesetup.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\iertutil.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\iernonce.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\iepeers.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\ieframe.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\iedkcs32.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\ieapfltr.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\ieakui.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\ieaksie.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\ieakeng.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\ie4uinit.exe
2011-01-31 17:28:21 ----A---- C:\Windows\system32\icardie.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\dxtrans.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\dxtmsft.dll
2011-01-31 17:28:21 ----A---- C:\Windows\system32\admparse.dll
2011-01-31 17:26:38 ----A---- C:\Windows\system32\WMVDECOD.DLL
2011-01-31 17:26:38 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-01-31 17:26:38 ----A---- C:\Windows\system32\mf.dll
2011-01-31 17:26:33 ----A---- C:\Windows\system32\FntCache.dll
2011-01-31 17:26:33 ----A---- C:\Windows\system32\DWrite.dll
2011-01-31 17:26:33 ----A---- C:\Windows\system32\d3d10warp.dll
2011-01-31 17:26:33 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-01-31 17:26:33 ----A---- C:\Windows\system32\d2d1.dll
2011-01-31 17:26:30 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-01-31 17:26:30 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-01-31 17:26:25 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-01-31 16:33:41 ----D---- C:\Windows\system32\log
2011-01-31 16:25:04 ----D---- C:\Program Files\Trend Micro
2011-01-27 22:09:07 ----D---- C:\ProgramData\PC Drivers HeadQuarters
2011-01-27 21:14:35 ----D---- C:\Users\drb\AppData\Roaming\Driver Smith
2011-01-27 01:24:14 ----D---- C:\Users\drb\AppData\Roaming\BMG
2011-01-25 22:58:09 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2011-01-25 22:58:09 ----A---- C:\Windows\system32\msmpeg2adec.dll
2011-01-25 22:58:09 ----A---- C:\Windows\system32\mp4sdecd.dll
2011-01-25 22:58:09 ----A---- C:\Windows\system32\mp43decd.dll
2011-01-25 22:58:09 ----A---- C:\Windows\system32\mp3dmod.dll
2011-01-25 22:58:09 ----A---- C:\Windows\system32\mfds.dll
2011-01-25 05:55:12 ----D---- C:\Users\drb\AppData\Roaming\Azureus
2011-01-25 05:50:42 ----D---- C:\Program Files\Vuze
2011-01-19 23:00:59 ----D---- C:\Windows\system32\Satellites
2011-01-16 12:32:23 ----A---- C:\Windows\ntbtlog.txt
2011-01-16 12:18:13 ----D---- C:\Users\drb\AppData\Roaming\Audacity
2011-01-16 11:06:24 ----D---- C:\none
2011-01-16 10:58:44 ----A---- C:\Windows\system32\ra32dnet.dll
2011-01-16 10:58:44 ----A---- C:\Windows\system32\ra3228_8.dll
2011-01-16 10:58:44 ----A---- C:\Windows\system32\ra3214_4.dll
2011-01-16 10:58:43 ----A---- C:\Windows\system32\pncrt.dll
2011-01-16 10:58:43 ----A---- C:\Windows\system32\pnc32301.dll
2011-01-16 10:58:43 ----A---- C:\Windows\system32\encdnet.dll
2011-01-16 10:58:43 ----A---- C:\Windows\system32\decdnet.dll
2011-01-16 10:58:42 ----A---- C:\Windows\cep1unin.exe
2011-01-16 01:14:33 ----D---- C:\Users\drb\AppData\Roaming\avidemux
2011-01-15 23:38:30 ----D---- C:\Users\drb\AppData\Roaming\Free MP3 WMA Cutter
2011-01-15 23:38:13 ----A---- C:\Windows\system32\NCTAudioCDGrabber2.dll
2011-01-15 23:38:12 ----A---- C:\Windows\system32\msvcr70.dll
2011-01-15 17:16:14 ----D---- C:\Windows\pss
2011-01-13 08:41:12 ----A---- C:\Windows\WINCMD.INI
2011-01-13 01:50:16 ----D---- C:\ProgramData\launcher
2011-01-13 01:42:10 ----A---- C:\Windows\system32\drivers\hotcore3.sys
2011-01-13 01:42:09 ----DC---- C:\Windows\system32\DRVSTORE
2011-01-13 01:38:34 ----D---- C:\Program Files\Paragon Backup
2011-01-10 00:04:26 ----D---- C:\Users\drb\AppData\Roaming\vlc
2011-01-09 23:56:11 ----D---- C:\Users\drb\AppData\Roaming\Win7codecs
2011-01-09 23:56:10 ----D---- C:\Program Files\Win7codecs
2011-01-09 23:51:07 ----D---- C:\ProgramData\Win7codecs
2011-01-09 22:34:18 ----D---- C:\Windows\system32\appmgmt
2011-01-09 12:28:24 ----A---- C:\Windows\system32\drivers\mcdbus.sys
2011-01-09 12:27:57 ----D---- C:\Program Files\MagicDisc
2011-01-09 10:52:10 ----A---- C:\Windows\system32\msv1_0.dll
2011-01-09 10:51:20 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2011-01-09 10:51:20 ----A---- C:\Windows\system32\PresentationHost.exe
2011-01-09 10:51:20 ----A---- C:\Windows\system32\netfxperf.dll
2011-01-09 10:51:20 ----A---- C:\Windows\system32\mscoree.dll
2011-01-09 10:51:20 ----A---- C:\Windows\system32\dfshim.dll
2011-01-09 10:49:14 ----D---- C:\Windows\system32\x64
2011-01-09 10:46:06 ----A---- C:\Windows\system32\browserchoice.exe
2011-01-09 10:45:42 ----A---- C:\Windows\system32\drivers\sffp_sd.sys
2011-01-09 10:45:39 ----A---- C:\Windows\system32\drivers\ks.sys
2011-01-09 10:45:25 ----D---- C:\Program Files\MSXML 4.0
2011-01-09 10:44:23 ----A---- C:\Windows\system32\MRT.exe
2011-01-09 10:41:15 ----A---- C:\Windows\system32\winresume.exe
2011-01-09 10:41:15 ----A---- C:\Windows\system32\winload.exe
2011-01-09 10:41:15 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-01-09 10:41:15 ----A---- C:\Windows\system32\CertEnroll.dll
2011-01-09 10:41:14 ----A---- C:\Windows\system32\lsasrv.dll
2011-01-09 10:41:14 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2011-01-09 10:40:54 ----A---- C:\Windows\system32\mfc40u.dll
2011-01-09 10:40:54 ----A---- C:\Windows\system32\mfc40.dll
2011-01-09 10:40:52 ----A---- C:\Windows\system32\wmicmiplugin.dll
2011-01-09 10:40:52 ----A---- C:\Windows\system32\taskschd.dll
2011-01-09 10:40:52 ----A---- C:\Windows\system32\taskeng.exe
2011-01-09 10:40:52 ----A---- C:\Windows\system32\taskcomp.dll
2011-01-09 10:40:52 ----A---- C:\Windows\system32\schtasks.exe
2011-01-09 10:40:52 ----A---- C:\Windows\system32\schedsvc.dll
2011-01-09 10:40:52 ----A---- C:\Windows\system32\ole32.dll
2011-01-09 10:40:51 ----A---- C:\Windows\system32\webio.dll
2011-01-09 10:40:49 ----A---- C:\Windows\system32\srvsvc.dll
2011-01-09 10:40:49 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-01-09 10:40:49 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-01-09 10:40:49 ----A---- C:\Windows\system32\drivers\srv.sys
2011-01-09 10:40:48 ----A---- C:\Windows\system32\rtutils.dll
2011-01-09 10:40:48 ----A---- C:\Windows\system32\comctl32.dll
2011-01-09 10:40:47 ----A---- C:\Windows\system32\kernel32.dll
2011-01-09 10:40:47 ----A---- C:\Windows\system32\apphelp.dll
2011-01-09 10:40:46 ----A---- C:\Windows\system32\tzres.dll
2011-01-09 10:40:44 ----A---- C:\Windows\system32\inetcomm.dll
2011-01-09 10:40:43 ----A---- C:\Windows\system32\t2embed.dll
2011-01-09 10:40:43 ----A---- C:\Windows\system32\msxml3.dll
2011-01-09 10:40:41 ----A---- C:\Windows\system32\oleaut32.dll
2011-01-09 10:40:40 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2011-01-09 10:40:40 ----A---- C:\Windows\system32\secproc_ssp.dll
2011-01-09 10:40:40 ----A---- C:\Windows\system32\secproc_isv.dll
2011-01-09 10:40:40 ----A---- C:\Windows\system32\secproc.dll
2011-01-09 10:40:40 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2011-01-09 10:40:40 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2011-01-09 10:40:40 ----A---- C:\Windows\system32\RMActivate_isv.exe
2011-01-09 10:40:40 ----A---- C:\Windows\system32\RMActivate.exe
2011-01-09 10:40:40 ----A---- C:\Windows\system32\asycfilt.dll
2011-01-09 10:40:39 ----A---- C:\Windows\system32\shell32.dll
2011-01-09 10:40:39 ----A---- C:\Windows\system32\fontsub.dll
2011-01-09 10:40:39 ----A---- C:\Windows\system32\atmlib.dll
2011-01-09 10:40:39 ----A---- C:\Windows\system32\atmfd.dll
2011-01-09 10:40:38 ----A---- C:\Windows\system32\ir32_32.dll
2011-01-09 10:40:38 ----A---- C:\Windows\system32\iccvid.dll
2011-01-09 10:40:38 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-01-09 10:40:37 ----A---- C:\Windows\system32\wintrust.dll
2011-01-09 10:40:37 ----A---- C:\Windows\system32\consent.exe
2011-01-09 10:40:36 ----A---- C:\Windows\system32\ntdll.dll
2011-01-09 10:40:36 ----A---- C:\Windows\system32\drivers\fvevol.sys
2011-01-09 10:40:35 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-01-09 10:40:34 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-01-09 10:40:28 ----A---- C:\Windows\system32\cabview.dll
2011-01-09 10:40:27 ----A---- C:\Windows\system32\winlogon.exe
2011-01-09 10:40:27 ----A---- C:\Windows\system32\spoolsv.exe
2011-01-09 10:40:27 ----A---- C:\Windows\explorer.exe
2011-01-09 10:40:26 ----A---- C:\Windows\system32\tsbyuv.dll
2011-01-09 10:40:26 ----A---- C:\Windows\system32\quartz.dll
2011-01-09 10:40:26 ----A---- C:\Windows\system32\msyuv.dll
2011-01-09 10:40:26 ----A---- C:\Windows\system32\msvidc32.dll
2011-01-09 10:40:26 ----A---- C:\Windows\system32\msrle32.dll
2011-01-09 10:40:26 ----A---- C:\Windows\system32\mciavi32.dll
2011-01-09 10:40:26 ----A---- C:\Windows\system32\iyuv_32.dll
2011-01-09 10:40:26 ----A---- C:\Windows\system32\avifil32.dll
2011-01-09 10:40:25 ----A---- C:\Windows\system32\schannel.dll
2011-01-09 10:39:10 ----A---- C:\Windows\system32\msasn1.dll
2011-01-09 10:39:10 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-01-09 10:38:03 ----A---- C:\Windows\system32\StructuredQuery.dll
2011-01-09 10:37:56 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-01-09 10:37:56 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-01-09 10:37:56 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-01-09 10:37:52 ----A---- C:\Windows\system32\win32k.sys
2011-01-08 12:40:29 ----D---- C:\Program Files\Windows Virtual PC
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\zh-TW
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\zh-CN
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\tr-TR
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\th-TH
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\sv-SE
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\ru-RU
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\ro-RO
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\pt-PT
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\pt-BR
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\pl-PL
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\nl-NL
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\nb-NO
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\ko-KR
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\ja-JP
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\it-IT
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\hu-HU
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\he-IL
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\fr-FR
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\fi-FI
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\es-ES
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\el-GR
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\de-DE
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\da-DK
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\cs-CZ
2011-01-08 12:40:28 ----D---- C:\Windows\system32\drivers\ar-SA
2011-01-08 12:00:49 ----A---- C:\Windows\system32\vpchbuspipe.dll
2011-01-08 12:00:47 ----A---- C:\Windows\system32\drivers\vpcusb.sys
2011-01-08 12:00:46 ----A---- C:\Windows\system32\drivers\vpchbus.sys
2011-01-08 12:00:46 ----A---- C:\Windows\system32\drivers\vpcvmm.sys
2011-01-08 12:00:46 ----A---- C:\Windows\system32\drivers\vpcnfltr.sys
2011-01-08 12:00:45 ----A---- C:\Windows\system32\VPCWizard.exe
2011-01-08 12:00:45 ----A---- C:\Windows\system32\VPCSettings.exe
2011-01-08 12:00:45 ----A---- C:\Windows\system32\vpc.exe
2011-01-08 12:00:45 ----A---- C:\Windows\system32\VMWindow.exe
2011-01-08 12:00:45 ----A---- C:\Windows\system32\vmsal.exe
2011-01-08 12:00:45 ----A---- C:\Windows\system32\VMCPropertyHandler.dll
2011-01-08 11:42:44 ----D---- C:\inetpub
2011-01-04 20:46:41 ----D---- C:\Users\drb\AppData\Roaming\foobar2000
2011-01-04 20:44:22 ----D---- C:\Program Files\foobar2000
2011-01-03 23:20:05 ----D---- C:\Users\drb\AppData\Roaming\PDF Writer
2011-01-03 23:20:05 ----D---- C:\ProgramData\PDF Writer
2011-01-03 23:16:36 ----D---- C:\Program Files\gs
2011-01-03 22:42:01 ----D---- C:\Program Files\Common Files\Bullzip
2011-01-03 22:41:59 ----A---- C:\Windows\system32\bzDCT.dll
2011-01-03 22:41:52 ----A---- C:\Windows\system32\bzFlRdr.dll
2011-01-03 22:41:20 ----A---- C:\Windows\system32\bzpdfc.dll
2011-01-03 22:40:37 ----A---- C:\Windows\system32\bzpdf.dll
2011-01-03 22:39:29 ----D---- C:\Program Files\PDF Printer
2011-01-03 16:01:19 ----D---- C:\Program Files\Microsoft Office
2011-01-03 15:18:36 ----A---- C:\Windows\ODBC.INI
2011-01-03 15:18:36 ----A---- C:\Windows\mdm.ini
2011-01-03 15:06:52 ----D---- C:\Program Files\Microsoft Visual Studio
2011-01-03 15:06:50 ----D---- C:\Program Files\Common Files\Designer
2011-01-03 15:05:54 ----D---- C:\Windows\Twain32
2011-01-03 15:05:54 ----D---- C:\Users\drb\AppData\Roaming\Microsoft Web Folders
2011-01-02 22:48:25 ----D---- C:\ProgramData\WEBREG
2011-01-02 22:48:07 ----D---- C:\Users\drb\AppData\Roaming\HP
2011-01-02 22:44:04 ----D---- C:\ProgramData\HP Product Assistant
2011-01-02 22:42:53 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2011-01-02 22:42:40 ----D---- C:\Program Files\Common Files\HP
2011-01-02 22:41:23 ----D---- C:\Program Files\HP
2011-01-02 22:38:44 ----D---- C:\ProgramData\HP
2011-01-02 22:34:49 ----A---- C:\Windows\system32\hpzids01.dll
2011-01-02 22:34:49 ----A---- C:\Windows\system32\hpowiav1.dll
2011-01-02 22:34:49 ----A---- C:\Windows\system32\hpovst01.dll
2011-01-02 22:34:48 ----A---- C:\Windows\system32\hpotscl1.dll
2011-01-01 22:37:20 ----HD---- C:\Config.Msi
2011-01-01 01:12:54 ----D---- C:\Users\drb\AppData\Roaming\PSpad

======List of files/folders modified in the last 1 months======

2011-01-31 22:00:48 ----RD---- C:\Program Files
2011-01-31 21:56:59 ----D---- C:\Windows
2011-01-31 20:20:26 ----D---- C:\Windows\Prefetch
2011-01-31 20:16:40 ----D---- C:\Windows\System32
2011-01-31 20:16:40 ----D---- C:\Windows\inf
2011-01-31 20:16:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-31 20:13:43 ----SHD---- C:\$Recycle.Bin
2011-01-31 20:13:39 ----RD---- C:\Users
2011-01-31 20:12:24 ----D---- C:\Windows\Temp
2011-01-31 20:11:04 ----D---- C:\Windows\Microsoft.NET
2011-01-31 20:10:56 ----D---- C:\Windows\winsxs
2011-01-31 20:10:21 ----D---- C:\Windows\system32\migration
2011-01-31 20:10:21 ----D---- C:\Windows\system32\inetsrv
2011-01-31 20:10:21 ----D---- C:\Windows\system32\en-US
2011-01-31 20:06:53 ----D---- C:\Windows\system32\config
2011-01-31 20:04:59 ----SHD---- C:\Windows\Installer
2011-01-31 20:04:59 ----D---- C:\Program Files\Adobe
2011-01-31 19:53:26 ----D---- C:\Windows\system32\drivers
2011-01-31 18:17:06 ----D---- C:\Windows\rescache
2011-01-31 17:32:49 ----D---- C:\Program Files\Online Armor
2011-01-31 17:29:31 ----D---- C:\Windows\PolicyDefinitions
2011-01-31 17:29:31 ----D---- C:\Program Files\Internet Explorer
2011-01-31 17:28:27 ----D---- C:\Windows\system32\catroot
2011-01-31 17:28:26 ----D---- C:\Windows\system32\catroot2
2011-01-31 17:25:16 ----D---- C:\Windows\Logs
2011-01-31 13:17:33 ----D---- C:\Windows\system32\NDF
2011-01-29 09:26:48 ----D---- C:\Program Files\CCleaner
2011-01-27 22:28:10 ----D---- C:\Windows\system32\DriverStore
2011-01-27 22:24:38 ----HD---- C:\ProgramData
2011-01-27 22:08:38 ----RSD---- C:\Windows\assembly
2011-01-27 15:15:14 ----D---- C:\Windows\system32\wdi
2011-01-26 22:26:02 ----D---- C:\SkyView
2011-01-25 19:51:18 ----SHD---- C:\System Volume Information
2011-01-25 15:55:15 ----D---- C:\Program Files\Windows Media Player
2011-01-25 15:55:15 ----D---- C:\Program Files\DVD Maker
2011-01-25 15:55:14 ----D---- C:\Windows\system32\wbem
2011-01-25 15:55:14 ----D---- C:\Windows\ShellNew
2011-01-25 15:55:13 ----SD---- C:\ProgramData\Microsoft
2011-01-22 01:36:36 ----D---- C:\Program Files\SpeedFan
2011-01-19 23:02:30 ----D---- C:\Windows\system32\Tasks
2011-01-18 14:12:28 ----SD---- C:\Users\drb\AppData\Roaming\Microsoft
2011-01-16 10:58:55 ----D---- C:\Windows\Help
2011-01-09 12:43:12 ----D---- C:\Program Files\KMPlayer
2011-01-09 11:16:32 ----D---- C:\Program Files\Windows Mail
2011-01-09 11:16:30 ----D---- C:\Windows\system32\Boot
2011-01-09 11:16:30 ----D---- C:\Windows\AppPatch
2011-01-09 10:44:25 ----D---- C:\Windows\debug
2011-01-08 18:36:12 ----D---- C:\Users\drb\AppData\Roaming\Thunderbird
2011-01-08 18:36:03 ----D---- C:\Program Files\Mozilla Thunderbird
2011-01-08 12:40:32 ----D---- C:\Windows\system32\tr-TR
2011-01-08 12:40:32 ----D---- C:\Windows\system32\pt-PT
2011-01-08 12:40:32 ----D---- C:\Windows\system32\nl-NL
2011-01-08 12:40:32 ----D---- C:\Windows\system32\ja-JP
2011-01-08 12:40:32 ----D---- C:\Windows\system32\it-IT
2011-01-08 12:40:32 ----D---- C:\Windows\system32\fr-FR
2011-01-08 12:40:32 ----D---- C:\Windows\system32\el-GR
2011-01-08 12:40:32 ----D---- C:\Windows\system32\de-DE
2011-01-08 12:40:31 ----D---- C:\Windows\system32\zh-TW
2011-01-08 12:40:31 ----D---- C:\Windows\system32\th-TH
2011-01-08 12:40:31 ----D---- C:\Windows\system32\sv-SE
2011-01-08 12:40:31 ----D---- C:\Windows\system32\ro-RO
2011-01-08 12:40:31 ----D---- C:\Windows\system32\pt-BR
2011-01-08 12:40:31 ----D---- C:\Windows\system32\pl-PL
2011-01-08 12:40:31 ----D---- C:\Windows\system32\nb-NO
2011-01-08 12:40:31 ----D---- C:\Windows\system32\ko-KR
2011-01-08 12:40:31 ----D---- C:\Windows\system32\hu-HU
2011-01-08 12:40:31 ----D---- C:\Windows\system32\he-IL
2011-01-08 12:40:31 ----D---- C:\Windows\system32\fi-FI
2011-01-08 12:40:31 ----D---- C:\Windows\system32\es-ES
2011-01-08 12:40:31 ----D---- C:\Windows\system32\drivers\en-US
2011-01-08 12:40:31 ----D---- C:\Windows\system32\da-DK
2011-01-08 12:40:31 ----D---- C:\Windows\system32\cs-CZ
2011-01-08 12:40:31 ----D---- C:\Windows\system32\ar-SA
2011-01-08 12:40:29 ----D---- C:\Windows\system32\zh-CN
2011-01-08 12:40:29 ----D---- C:\Windows\system32\ru-RU
2011-01-08 12:01:31 ----D---- C:\Windows\SoftwareDistribution
2011-01-07 13:21:10 ----A---- C:\Windows\win.ini
2011-01-07 13:21:05 ----D---- C:\Windows\twain_32
2011-01-03 22:42:01 ----D---- C:\Program Files\Common Files
2011-01-03 15:53:04 ----D---- C:\Program Files\Common Files\microsoft shared
2011-01-03 15:53:03 ----D---- C:\Windows\system
2011-01-03 15:07:04 ----RSD---- C:\Windows\Fonts
2011-01-01 21:07:05 ----D---- C:\Program Files\Nero
2011-01-01 20:56:53 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-01 20:56:53 ----D---- C:\Program Files\ASUS
2011-01-01 15:56:26 ----D---- C:\Windows\system32\en
2011-01-01 15:56:26 ----D---- C:\Program Files\Windows Sidebar

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 hotcore3;hc3ServiceName; C:\Windows\system32\DRIVERS\hotcore3.sys [2010-08-25 56208]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2006-09-24 5248]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2009-08-04 11296]
R1 AsUpIO;AsUpIO; C:\Windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 OADevice;OADriver; \??\C:\Windows\system32\drivers\OADriver.sys [2010-10-26 202064]
R1 oahlpXX;Online Armor helper driver; \??\C:\Windows\system32\drivers\oahlp32.sys [2010-10-26 38856]
R1 OAmon;OAmon; \??\C:\Windows\system32\drivers\OAmon.sys [2010-10-26 25000]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\Windows\System32\Drivers\Uim_IM.sys [2010-08-25 395464]
R1 UimBus;Universal Image Mounter Controller; C:\Windows\system32\DRIVERS\UimBus.sys [2010-08-25 37080]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 55040]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-09-23 294912]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 RtNdPt60;Realtek NDIS Protocol Driver; C:\Windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 27648]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-08-25 9024512]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-18 2752352]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2009-05-25 122368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 13216]
R3 OAnet;OnlineArmor Service; C:\Windows\system32\DRIVERS\oanet.sys [2010-10-26 29120]
R3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys [2007-06-02 8192]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
R3 ttBudget2;TechnoTrend BDA/DVB (BDA); C:\Windows\system32\drivers\ttBudget2.sys [2009-01-16 457472]
R3 vpcbus;Virtual PC Host Bus Service; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 165376]
R3 vpcusb;USB Virtualization Connector Service; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 78336]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 Cap7146_DVB;TechnoTrend BDA/DVB Capture; C:\Windows\System32\Drivers\TTCap46n.sys [2007-08-09 81024]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 pgldipow;pgldipow; \??\C:\Users\drb\AppData\Local\Temp\pgldipow.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0); C:\Windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 35328]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0); C:\Windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 19968]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0); C:\Windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 35328]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
R2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Online Armor\OAcat.exe [2010-10-26 380784]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Online Armor\oasrv.exe [2010-10-26 3652696]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 RUBotSrv;Trend Micro RUBotted Service; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 CscService;Offline Files; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NAUpdate;Nero Update; C:\Program Files\Nero\Update\NASvc.exe [2010-03-25 490280]
S4 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]

-----------------EOF-----------------

Takže NOD32 nic nenašel.
Výsledek skenu Anti-Malware - také nic:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5650

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

1.2.2011 6:58:27
mbam-log-2011-02-01 (06-58-27).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 267634
Uplynulý čas: 1 hodin, 35 minut, 24 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Vřešeno zrušením systémového oddílu a reinstalací systému.
Stejmě jsem to měl chuť udělat. Instaloval jsem W7 jako upgrade XP a výsledek se mi moc nelíbil.

Posílal jsem tu ještě log GMERu, ale ten se propadl někam do internetu, ale pravděpodobnější je, že jsem při té spoustě tabů zapoměl použít tlačítko "Odeslat".. Ten jediný odhalil škodlivý kód v sektoru 61. Experimentoval jsem s jeho MBR.EXE, ale bez úspěchu. Pokus o fixnutí MBR skončil při bootu z instalačního CD chybovým hlášením o nedostatečnosti systémových prostředků a při "normálním" bootu skončil zatuhnutím systému,kdy žil jen diskový driver a neustále se snažil na disk zapsat.

Myslel jsem si, že patřím mezi ty opatrnější, ale s trochou štěstí je i opatrnost nanic. Toto fórum mi zatím už několikrát pomohlo tím, že jsem si vyhledal podobné problémy a použil podobná řešení. Inu, kdo nic nedělá, nic nepokazí. Díky všem co se starají o to, že to tu žije.

Dobrý večer
Tím jak jste si odpovídal, tak jsme Vás tu neviděli, zapadl jste nám mezi zodpovězené topicy.

Je možné, že i po formátu tam stále máte ten kod v 61.sektoru, většinou je to jen zbytkový kod po mbr rootkitu, ale pokud nejste proti, prověřila bych to.
Fixmbr v tomto případě nic neřeší, protože opravuje pouze 0.sektor na disku, na obravu těch dalších sektorů se používá speciální utilitka

Díky za povšimnutí:-)
Ano, máte pravdu. Je to tam stále.
-----------------------------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-02 22:53:18
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-3 ST3320620AS rev.3.AAJ
Running: zwqo93os.exe; Driver: C:\Users\drb\AppData\Local\Temp\pxldipow.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x12a18ac1 size 0x1b7
---- Devices - GMER 1.0.15 ----
Device \Driver\tdx \Device\Ip OAmon.sys
Device \Driver\tdx \Device\Tcp OAmon.sys
Device \Driver\tdx \Device\Udp OAmon.sys
Device \Driver\tdx \Device\RawIp OAmon.sys
---- EOF - GMER 1.0.15 ----
Při použití MBR.EXE systém po několika kliknutí myší umře. Např. při snaze o Shutdown.

Musel jsem si to napsat na papírek:-)

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x12a18ac1 size 0x1b7 !
error: Read The request cannot be performed because of an IO device error
===================================================

Takže bych si tipnul, že mi odchází harddisk. Podle SMART má chyby ještě v limitu, ale žádná sláva to není. Je 5 let starý, dneska se už asi větší životnost od disku čekat nedá.

Ale žeby jak naschvál blbnul na MBR?
Ale také tam mohou být nějaké podisnosti, kdysi ten disk prošel Part. Magicem a při přechodu na W7 jsem jej o vánocích upravoval Paragon PM.

Fakt je ten, že jiný soft, než Gmer, co jsem vyzkoušel, žádný problém nehlásí. Ani před reintalací, ani po ní.

The best je prý "Spyware Doktor", ale podle mě to bude zase jenom spousta umořeného času. V každém případě budu pro internetové bankovnictví používat jiný počítač. Zkoušel jsem simulovat přihlášení do Servis24 ČS a žádné podezřelé změny jsem nezaznamena. Jestli ta nedostupnost ČS byla způsobena nějakým trojanem, tak se mu pod W7 moc nedařilo.

Stejně si pro jistotu udělám radost novým teradiskem.

Pokud ale máte nějaké řešení té IO device erroru, se stejnou radostí ty peníze za nový disk ušetřím.
Mějte se hezky.

Uff, popořadě
Druhý log z gmeru by jste také měl?

Takže když jen spustíte mbr.exe, tak později Vám odejde systém - to znamená co? Vypne se pc a zase pak naběhne?

Co jste ještě zkoušel za utilitky na MBR?


stáhněte
http://www.slunecnice.cz/sw/crystaldiskinfo/
- spusťte ho a v nabídce zvolte Kopírovat.
-Data ze schránky sem pak vložte pomocí Ctrl+V


A nevím jak si potvrzujete transkakce na internetovém bankovnictví, ale až dokončíme kontrolu a vyčistíme mbr sektory, změnte si hesla, tohle vypadá opravdu na MBR rootkita

Jelikož FIXMBR skončilo spolu s Win WP, použil jsem pouze MBR. Byl po ruce.
To jak ten systém umře jsem popsal stručně, ale myslím výstižně. Prostě se zdá, že je vše vpořádku, ale po výpisu MBR o IO erroru se dlouho nic neděje. Kouknete na LED diskových aktivit - bliká jak zběsilá. Zatřesete myší - žije. Zkusíte ukončit CMD.EXE - tlačítko s křížkem zůstane zatlačeno. Ve Startmenu ještě stihnu klepnout na Shutdown, ale to je poslední akce na obrazovce. Dále "žije" už jen HD LED.

Heslo IB jsem si změnil, žádné jiné transakce než mé tam nebyly. U ČS se transakce potvrzuje jednorázově SMSkama, takže by to mohlo být relativně bezpečné, ale jeden nikdy neví co nějaký kreativní lump vymyslí.

Takže Krystalreport:
----------------------------------------------------------------------------
CrystalDiskInfo 3.10.0 (C) 2008-2010 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 [6.1 Build 7600] (x86)
Date : 2011/02/03 10:06:42

-- Controller Map ----------------------------------------------------------
+ ATA Channel 0 (0) [ATA]
- ST3320620AS ATA Device
+ ATA Channel 1 (1) [ATA]
- PIONEER DVD-RW DVR-212 ATA Device
- ATA Channel 0 (0) [ATA]
+ Intel(R) N10/ICH7 Family Serial ATA Storage Controller - 27C0 [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ Intel(R) ICH7 Family Ultra ATA Storage Controllers - 27DF [ATA]
- ATA Channel 0 (0)

-- Disk List ---------------------------------------------------------------
(1) ST3320620AS : 320.0 GB [0-1-1, pd1]

----------------------------------------------------------------------------
(1) ST3320620AS
----------------------------------------------------------------------------
Model : ST3320620AS
Firmware : 3.AAJ
Serial Number : 9RV01EVB
Disk Size : 320.0 GB (8.4/137.4/320.0)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 625142448
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ----
Transfer Mode : SATA/150
Power On Hours : 12402 hod.
Power On Count : 1862 krát
Temparature : 38 C (100 F)
Health Status : Dobrý
Features : S.M.A.R.T., 48bit LBA, NCQ
APM Level : ----
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 117 _95 __6 0000090A6C39 Počet chyb čtení
03 _96 _95 __0 000000000000 Čas na roztočení ploten
04 _97 _97 _20 000000000F77 Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _83 _60 _30 00000C5AF342 Počet chybných hledání
09 _86 _86 __0 000000003072 Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _99 _99 _20 000000000746 Počet cyklů zapnutí zařízení
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _62 _35 _45 000026160026 Teplota toku vzduchu
C2 _38 _65 __0 001000000026 Teplota
C3 _87 _49 __0 00000000CD10 Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 199 __0 000000000004 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů
CA 100 253 __0 000000000000 Počet chyb při směrování údajů

=======================================================
A online analysis Sagate by Speedfan:

Your hard disk is a ST3320620AS with firmware 3.AAJ.
Your hard disk is not in the current database.
An hard disk with the same model, but with a different firmware was found:
The average temperature for this hard disk is 38C (MIN=30C MAX=48C) and yours is 43C.
Your hard disk is not below any attribute threshold. This is good.
Your hard disk was never below any attribute threshold. This is good.
Since your hard disk is not in the current database,
overall ratings and pictures will be based upon realistic values,
but you should carefully check the results.

Attribute Current Raw Overall

Raw Read Error Rate 117 151678009 Normal
Spin Up Time 96 0 Very good
Start/Stop Count 97 3959 Very good
Reallocated Sector Count 100 0 Very good
Seek Error Rate 83 207350549 Good
Power On Hours Count 86 12403 Very good
Spin Retry Count 100 0 Very good
Power Cycle Count 99 1862 Very good
Reported Uncorrectable Errors 100 0 Very good
High Fly Writes 100 0 Very good
Airflow Temperature 57 739639339 Watch
Warning: Airflow Temperature is below the average limits (63-100).
Hardware ECC Recovered 51 25090302 Good
Current Pending Sector 100 0 Very good
Offline Uncorrectable Sector Count 100 0 Very good
Ultra DMA CRC Error Rate 200 4 Very good
Write Error Rate 100 0 Very good
TA Increase Count 100 0 Very good


NOTE: not all warnings are reflected on fitness and performance overall values
as relevancy is based upon the settings from the hard disk manufacturer
who is the best entity deputed to define such relationships.

The overall fitness for this drive is 92%.
The overall performance for this drive is 92%.
=====================================================
S obnovou disku počkám.

Prominte, jak to myslíte?

Jelikož FIXMBR skončilo spolu s Win WP, použil jsem pouze MBR. Byl po ruce.

Jako že jste udělat Fixmbr z konzoli zotavení a pak měl po ruce pouze Mbr.exe a proto jste ho použil?

Můžu Vás poprosit o druhý log z Gmeru?
Pak se pustíme do opravy

Ještě poprosím o log ze Rsitu, viz můj pdopis.


K tomu problému s IO error jsem něco našla, ale pro jistotu jsem poprosila kolegu Milinesse, ať na to mrkne. Ale bude tu asi až v noci.
Jak moc jste zdatný uživatel? tady o tom píšou ale v souvislosti s cd/dvd
http://translate.google.cz/translate?hl ... rmd%3Divns

Ten strojový překlad - to je běs.
Kdysi jsem opravoval dost veké počítače a W7 jsem si na vánoce nainstaloval, abych byl v obraze, jelikož jsem byl jako stará struktůra zrestrukturalizovaný a hledám si nové zaměstnání. A tak jsem se chtěl kouknout kam vše pokročilo. Musím říct, že za tu dobu MS odvedla spoustu dobré i špatné práce. Kdysi byly windows synonymem pro muka uživatelova spasitele. Takže v problematice se trochu orientuju.

Také jsem byl zmaten. Komandprompt jsem zkoušel z CD bootu W7 poprvé. A tak jsem hledal FIXMBR, které, jak jsem se pak na netu dočetl, už ve W7 není. FIXMBR bylo součástí konzoly pro zotavení od vydání WNT po WXP a od W7 už součástí systému není. Možná bych jej našel na nějaké instalačce. Ve W7 máme k dispozici mnoho jiných cooll nástrojů. No a pak jsem si všimnul toho MBR.EXE. Už ani nevím, jak se do adresáře Windows dostal. V té chvíli jsem ještě nevěděl, že je "součástí" Gmeru, nebo mi to prostě z hlavy vypadlo, to mám chvilkama furt.

Ten odkaz na IO error u optické mechaniky a ještě k tomu PATA je spíše o HW problému. Nejsnadněji se k takovým problémům lze dostat třeba připojením PATA mechaniky, která nezvládá UDMA na 80.žilový PATA kabel. Problémy na ATA sběrnici mohou vést k zablokování systémové sběrnice. Stačí nečitelné médium. Mno, teď jsem to zkoušel a zdáse, že to u nových optických mechanik řeší firmware, strčil jsem tam jeden s "pivních tácků". Otázka by byla co by se stalo, kdyby bylo médium trochu čitelné. Kdysi pomohl jen tvrdý restart. Ale u HD se s nečitelností média příliš nepočítá, takže nečitelnost sektoru na disku by mohlo vést ke smrti systému. A nebo si ten sektor nějaký breberek hlídá, odchtává žádosti o přístup a celý proces se zacyklí.

Ale také je možné, že jen blábolím, proto k věci.
GMER:
===========================================
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-03 14:41:41
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-3 ST3320620AS rev.3.AAJ
Running: zwqo93os.exe; Driver: C:\Users\drb\AppData\Local\Temp\pxldipow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAllocateVirtualMemory [0x90B86328]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcConnectPort [0x90B84A8C]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcCreatePort [0x90B8455E]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAssignProcessToJobObject [0x90B85824]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwConnectPort [0x90B8464C]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateFile [0x90B8B1F8]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreatePort [0x90B8446A]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateSection [0x90B824F2]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateThread [0x90B83634]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateThreadEx [0x90B83768]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDebugActiveProcess [0x90B83D22]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDuplicateObject [0x90B8432C]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwLoadDriver [0x90B8524C]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenFile [0x90B8B554]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenSection [0x90B827B4]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenThread [0x90B838B0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwProtectVirtualMemory [0x90B855D6]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwQueueApcThread [0x90B85940]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRequestPort [0x90B84CB0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRequestWaitReplyPort [0x90B84F14]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwResumeThread [0x90B840CE]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSecureConnectPort [0x90B8486E]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSetContextThread [0x90B83BCC]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSetSystemInformation [0x90B85FDC]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwShutdownSystem [0x90B85186]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendProcess [0x90B841FE]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendThread [0x90B83F7A]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSystemDebugControl [0x90B83E40]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwTerminateProcess [0x90B83472]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwTerminateThread [0x90B83A66]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwUnloadDriver [0x90B85414]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwWriteVirtualMemory [0x90B85700]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A7A599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A9EF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82AA674C 4 Bytes [28, 63, B8, 90] {SUB [EBX-0x48], AH; NOP }
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82AA6758 8 Bytes [8C, 4A, B8, 90, 5E, 45, B8, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 82AA67AC 4 Bytes [24, 58, B8, 90]
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82AA67EC 4 Bytes [4C, 46, B8, 90]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F8 82AA6808 4 Bytes [F8, B1, B8, 90] {CLC ; MOV CL, 0xb8; NOP }
.text ...
.text peauth.sys 9894EC9D 28 Bytes JMP 05111869
.text peauth.sys 9894ECC1 28 Bytes JMP 0511188D
.text user32.dll!RegisterRawInputDevices 77765C2F 3 Bytes [FF, 25, 1E]
.text user32.dll!RegisterRawInputDevices + 4 77765C33 2 Bytes [84, 71]
.text user32.dll!RegisterHotKey 7776C8F9 3 Bytes [FF, 25, 1E]
.text user32.dll!RegisterHotKey + 4 7776C8FD 2 Bytes [87, 71]
.text user32.dll!ExitWindowsEx 777B06EF 6 Bytes JMP 71A30F5A
.text user32.dll!DdeClientTransaction 777C329C 6 Bytes JMP 718B0F5A
.text advapi32.dll!CreateServiceW 7614DBC1 6 Bytes JMP 718E0F5A
.text advapi32.dll!CreateServiceA 76162120 6 Bytes JMP 71910F5A
.text kernel32.dll!CreateProcessW 75C7202D 6 Bytes JMP 71A60F5A
.text kernel32.dll!CreateProcessA 75C72062 6 Bytes JMP 71A90F5A
.text kernel32.dll!CloseHandle 75CC05D7 6 Bytes JMP 71940F5A
.text kernel32.dll!CreateFileW 75CC0B7D 6 Bytes JMP 71970F5A
.text kernel32.dll!LoadLibraryA 75CC2884 6 Bytes JMP 71700F5A
.text kernel32.dll!LoadLibraryW 75CC28D2 6 Bytes JMP 716D0F5A
.text gdi32.dll!DeleteDC 75AA6A2C 6 Bytes JMP 717C0F5A
.text gdi32.dll!BitBlt 75AA7180 6 Bytes JMP 71790F5A
.text gdi32.dll!CreateDCA 75AA9975 6 Bytes JMP 71820F5A
.text gdi32.dll!CreateDCW 75AABD21 6 Bytes JMP 717F0F5A
.text ws2_32.dll!socket 75A53F00 6 Bytes JMP 71AF0F5A

Mbr.exe je součastí gmeru, máte pravdu. jde udělat fixmbr právě přes MBR.exe.
Kolega Miliness říká, že občas mbr.exe - jeho driver, někomu v systému dělá neplechu, takže asi i u Vás


zazálohujte si vaše důležitá data, pro jistotu, pořád je to jen stroj

ještě poprosím o log ze Rsitu,viz můj podpis.

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\Dwm.exe[1172] ntdll.dll!NtCreateSymbolicLinkObject 77644B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1172] ntdll.dll!NtCreateSymbolicLinkObject + 4 77644B74 2 Bytes [75, 71] {JNZ 0x73}
.text C:\Windows\system32\Dwm.exe[1172] ntdll.dll!NtOpenFile 77645140 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1172] ntdll.dll!NtOpenFile + 4 77645144 2 Bytes [72, 71] {JB 0x73}
.text C:\Windows\system32\Dwm.exe[1172] kernel32.dll!CreateProcessW 75C7202D 6 Bytes JMP 71A60F5A
.text C:\Windows\system32\Dwm.exe[1172] kernel32.dll!CreateProcessA 75C72062 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\Dwm.exe[1172] kernel32.dll!CloseHandle 75CC05D7 6 Bytes JMP 71940F5A
.text C:\Windows\system32\Dwm.exe[1172] kernel32.dll!CreateFileW 75CC0B7D 6 Bytes JMP 71970F5A
.text C:\Windows\system32\Dwm.exe[1172] kernel32.dll!LoadLibraryA 75CC2884 6 Bytes JMP 71700F5A
.text C:\Windows\system32\Dwm.exe[1172] kernel32.dll!LoadLibraryW 75CC28D2 6 Bytes JMP 716D0F5A
.text C:\Windows\system32\Dwm.exe[1172] user32.dll!RegisterRawInputDevices 77765C2F 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1172] user32.dll!RegisterRawInputDevices + 4 77765C33 2 Bytes [84, 71]
.text C:\Windows\system32\Dwm.exe[1172] user32.dll!RegisterHotKey 7776C8F9 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1172] user32.dll!RegisterHotKey + 4 7776C8FD 2 Bytes [87, 71]
.text C:\Windows\system32\Dwm.exe[1172] user32.dll!ExitWindowsEx 777B06EF 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\Dwm.exe[1172] user32.dll!DdeClientTransaction 777C329C 6 Bytes JMP 718B0F5A
.text C:\Windows\system32\Dwm.exe[1172] GDI32.dll!DeleteDC 75AA6A2C 6 Bytes JMP 717C0F5A
.text C:\Windows\system32\Dwm.exe[1172] GDI32.dll!BitBlt 75AA7180 6 Bytes JMP 71790F5A
.text C:\Windows\system32\Dwm.exe[1172] GDI32.dll!CreateDCA 75AA9975 6 Bytes JMP 71820F5A
.text C:\Windows\system32\Dwm.exe[1172] GDI32.dll!CreateDCW 75AABD21 6 Bytes JMP 717F0F5A
.text C:\Windows\system32\Dwm.exe[1172] advapi32.dll!CreateServiceW 7614DBC1 6 Bytes JMP 718E0F5A
.text C:\Windows\system32\Dwm.exe[1172] advapi32.dll!CreateServiceA 76162120 6 Bytes JMP 71910F5A
.text C:\Windows\system32\Dwm.exe[1172] WS2_32.dll!socket 75A53F00 6 Bytes JMP 71AF0F5A
.text C:\Windows\system32\Dwm.exe[1172] IPHLPAPI.DLL!IcmpSendEcho2Ex 737E561D 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\Dwm.exe[1172] IPHLPAPI.DLL!IcmpSendEcho 737E67C3 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\Dwm.exe[1172] IPHLPAPI.DLL!IcmpSendEcho2 737E67F3 6 Bytes JMP 719D0F5A
.text D:\Program Files\Online Armor\oasrv.exe[1280] user32.dll!LoadStringA 77766563 6 Bytes JMP 71AF0F5A
.text D:\Program Files\Online Armor\oasrv.exe[1280] user32.dll!LoadStringW 77775533 6 Bytes JMP 71A90F5A
.text D:\drb\Dnl\zwqo93os.exe[1868] ntdll.dll!NtCreateSymbolicLinkObject 77644B70 3 Bytes [FF, 25, 1E]
.text D:\drb\Dnl\zwqo93os.exe[1868] ntdll.dll!NtCreateSymbolicLinkObject + 4 77644B74 2 Bytes [75, 71] {JNZ 0x73}
.text D:\drb\Dnl\zwqo93os.exe[1868] ntdll.dll!NtOpenFile 77645140 3 Bytes [FF, 25, 1E]
.text D:\drb\Dnl\zwqo93os.exe[1868] ntdll.dll!NtOpenFile + 4 77645144 2 Bytes [72, 71] {JB 0x73}
.text D:\drb\Dnl\zwqo93os.exe[1868] kernel32.dll!CreateProcessW 75C7202D 6 Bytes JMP 71A60F5A
.text D:\drb\Dnl\zwqo93os.exe[1868] kernel32.dll!CreateProcessA 75C72062 6 Bytes JMP 71A90F5A
.text D:\drb\Dnl\zwqo93os.exe[1868] kernel32.dll!CloseHandle 75CC05D7 6 Bytes JMP 71940F5A
.text D:\drb\Dnl\zwqo93os.exe[1868] kernel32.dll!CreateFileW 75CC0B7D 6 Bytes JMP 71970F5A
.text D:\drb\Dnl\zwqo93os.exe[1868] kernel32.dll!LoadLibraryA 75CC2884 6 Bytes JMP 71700F5A
.text D:\drb\Dnl\zwqo93os.exe[1868] kernel32.dll!LoadLibraryW 75CC28D2 6 Bytes JMP 716D0F5A
.text D:\drb\Dnl\zwqo93os.exe[1868] user32.dll!RegisterRawInputDevices 77765C2F 3 Bytes [FF, 25, 1E]
.text D:\drb\Dnl\zwqo93os.exe[1868] user32.dll!RegisterRawInputDevices + 4 77765C33 2 Bytes [84, 71]
.text D:\drb\Dnl\zwqo93os.exe[1868] user32.dll!RegisterHotKey 7776C8F9 3 Bytes [FF, 25, 1E]
.text D:\drb\Dnl\zwqo93os.exe[1868] user32.dll!RegisterHotKey + 4 7776C8FD 2 Bytes [87, 71]
.text D:\drb\Dnl\zwqo93os.exe[1868] user32.dll!ExitWindowsEx 777B06EF 6 Bytes JMP 71A30F5A
.text D:\drb\Dnl\zwqo93os.exe[1868] user32.dll!DdeClientTransaction 777C329C 6 Bytes JMP 718B0F5A
.text D:\drb\Dnl\zwqo93os.exe[1868] GDI32.dll!DeleteDC 75AA6A2C 6 Bytes JMP 717C0F5A
.text D:\drb\Dnl\zwqo93os.exe[1868] GDI32.dll!BitBlt 75AA7180 6 Bytes JMP 71790F5A
.text D:\drb\Dnl\zwqo93os.exe[1868] GDI32.dll!CreateDCA 75AA9975 6 Bytes JMP 71820F5A
.text D:\drb\Dnl\zwqo93os.exe[1868] GDI32.dll!CreateDCW 75AABD21 6 Bytes JMP 717F0F5A
.text D:\drb\Dnl\zwqo93os.exe[1868] advapi32.dll!CreateServiceW 7614DBC1 6 Bytes JMP 718E0F5A
.text D:\drb\Dnl\zwqo93os.exe[1868] advapi32.dll!CreateServiceA 76162120 6 Bytes JMP 71910F5A
.text D:\drb\Dnl\zwqo93os.exe[1868] WS2_32.dll!socket 75A53F00 6 Bytes JMP 71AF0F5A
.text D:\drb\Dnl\zwqo93os.exe[1868] IPHLPAPI.DLL!IcmpSendEcho2Ex 737E561D 6 Bytes JMP 719A0F5A
.text D:\drb\Dnl\zwqo93os.exe[1868] IPHLPAPI.DLL!IcmpSendEcho 737E67C3 6 Bytes JMP 71A00F5A
.text D:\drb\Dnl\zwqo93os.exe[1868] IPHLPAPI.DLL!IcmpSendEcho2 737E67F3 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\taskeng.exe[1912] ntdll.dll!NtCreateSymbolicLinkObject 77644B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1912] ntdll.dll!NtCreateSymbolicLinkObject + 4 77644B74 2 Bytes [75, 71] {JNZ 0x73}
.text C:\Windows\system32\taskeng.exe[1912] ntdll.dll!NtOpenFile 77645140 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1912] ntdll.dll!NtOpenFile + 4 77645144 2 Bytes [72, 71] {JB 0x73}
.text C:\Windows\system32\taskeng.exe[1912] kernel32.dll!CreateProcessW 75C7202D 6 Bytes JMP 71A60F5A
.text C:\Windows\system32\taskeng.exe[1912] kernel32.dll!CreateProcessA 75C72062 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\taskeng.exe[1912] kernel32.dll!CloseHandle 75CC05D7 6 Bytes JMP 71940F5A
.text C:\Windows\system32\taskeng.exe[1912] kernel32.dll!CreateFileW 75CC0B7D 6 Bytes JMP 71970F5A
.text C:\Windows\system32\taskeng.exe[1912] kernel32.dll!LoadLibraryA 75CC2884 6 Bytes JMP 71700F5A
.text C:\Windows\system32\taskeng.exe[1912] kernel32.dll!LoadLibraryW 75CC28D2 6 Bytes JMP 716D0F5A
.text C:\Windows\system32\taskeng.exe[1912] user32.dll!RegisterRawInputDevices 77765C2F 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1912] user32.dll!RegisterRawInputDevices + 4 77765C33 2 Bytes [84, 71]
.text C:\Windows\system32\taskeng.exe[1912] user32.dll!RegisterHotKey 7776C8F9 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1912] user32.dll!RegisterHotKey + 4 7776C8FD 2 Bytes [87, 71]
.text C:\Windows\system32\taskeng.exe[1912] user32.dll!ExitWindowsEx 777B06EF 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\taskeng.exe[1912] user32.dll!DdeClientTransaction 777C329C 6 Bytes JMP 718B0F5A
.text C:\Windows\system32\taskeng.exe[1912] GDI32.dll!DeleteDC 75AA6A2C 6 Bytes JMP 717C0F5A
.text C:\Windows\system32\taskeng.exe[1912] GDI32.dll!BitBlt 75AA7180 6 Bytes JMP 71790F5A
.text C:\Windows\system32\taskeng.exe[1912] GDI32.dll!CreateDCA 75AA9975 6 Bytes JMP 71820F5A
.text C:\Windows\system32\taskeng.exe[1912] GDI32.dll!CreateDCW 75AABD21 6 Bytes JMP 717F0F5A
.text C:\Windows\system32\taskeng.exe[1912] advapi32.dll!CreateServiceW 7614DBC1 6 Bytes JMP 718E0F5A
.text C:\Windows\system32\taskeng.exe[1912] advapi32.dll!CreateServiceA 76162120 6 Bytes JMP 71910F5A
.text C:\Windows\system32\taskeng.exe[1912] WS2_32.dll!socket 75A53F00 6 Bytes JMP 71AF0F5A
.text C:\Windows\system32\taskeng.exe[1912] IPHLPAPI.DLL!IcmpSendEcho2Ex 737E561D 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\taskeng.exe[1912] IPHLPAPI.DLL!IcmpSendEcho 737E67C3 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\taskeng.exe[1912] IPHLPAPI.DLL!IcmpSendEcho2 737E67F3 6 Bytes JMP 719D0F5A
.text C:\Windows\Explorer.EXE[2116] ntdll.dll!NtCreateSymbolicLinkObject 77644B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2116] ntdll.dll!NtCreateSymbolicLinkObject + 4 77644B74 2 Bytes [7B, 71] {JNP 0x73}
.text C:\Windows\Explorer.EXE[2116] ntdll.dll!NtOpenFile 77645140 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2116] ntdll.dll!NtOpenFile + 4 77645144 2 Bytes [78, 71] {JS 0x73}
.text C:\Windows\Explorer.EXE[2116] kernel32.dll!CreateProcessW 75C7202D 6 Bytes JMP 71A60F5A
.text C:\Windows\Explorer.EXE[2116] kernel32.dll!CreateProcessA 75C72062 6 Bytes JMP 71A90F5A
.text C:\Windows\Explorer.EXE[2116] kernel32.dll!LoadLibraryA 75CC2884 6 Bytes JMP 71760F5A
.text C:\Windows\Explorer.EXE[2116] kernel32.dll!LoadLibraryW 75CC28D2 6 Bytes JMP 71730F5A
.text C:\Windows\Explorer.EXE[2116] user32.dll!RegisterRawInputDevices 77765C2F 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2116] user32.dll!RegisterRawInputDevices + 4 77765C33 2 Bytes [8A, 71]
.text C:\Windows\Explorer.EXE[2116] user32.dll!RegisterHotKey 7776C8F9 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2116] user32.dll!RegisterHotKey + 4 7776C8FD 2 Bytes [8D, 71]
.text C:\Windows\Explorer.EXE[2116] user32.dll!ExitWindowsEx 777B06EF 6 Bytes JMP 71A30F5A
.text C:\Windows\Explorer.EXE[2116] user32.dll!DdeClientTransaction 777C329C 6 Bytes JMP 71910F5A
.text C:\Windows\Explorer.EXE[2116] GDI32.dll!DeleteDC 75AA6A2C 6 Bytes JMP 71820F5A
.text C:\Windows\Explorer.EXE[2116] GDI32.dll!BitBlt 75AA7180 6 Bytes JMP 717F0F5A
.text C:\Windows\Explorer.EXE[2116] GDI32.dll!CreateDCA 75AA9975 6 Bytes JMP 71880F5A
.text C:\Windows\Explorer.EXE[2116] GDI32.dll!CreateDCW 75AABD21 6 Bytes JMP 71850F5A
.text C:\Windows\Explorer.EXE[2116] advapi32.dll!CreateServiceW 7614DBC1 6 Bytes JMP 71940F5A
.text C:\Windows\Explorer.EXE[2116] advapi32.dll!CreateServiceA 76162120 6 Bytes JMP 71970F5A
.text C:\Windows\Explorer.EXE[2116] WS2_32.dll!socket 75A53F00 6 Bytes JMP 71AF0F5A
.text C:\Windows\Explorer.EXE[2116] IPHLPAPI.DLL!IcmpSendEcho2Ex 737E561D 6 Bytes JMP 719A0F5A
.text C:\Windows\Explorer.EXE[2116] IPHLPAPI.DLL!IcmpSendEcho 737E67C3 6 Bytes JMP 71A00F5A
.text C:\Windows\Explorer.EXE[2116] IPHLPAPI.DLL!IcmpSendEcho2 737E67F3 6 Bytes JMP 719D0F5A
.text D:\Program Files\Verdict Free\Verdict.exe[2216] ntdll.dll!NtCreateSymbolicLinkObject 77644B70 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Verdict Free\Verdict.exe[2216] ntdll.dll!NtCreateSymbolicLinkObject + 4 77644B74 2 Bytes [75, 71] {JNZ 0x73}
.text D:\Program Files\Verdict Free\Verdict.exe[2216] ntdll.dll!NtOpenFile 77645140 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Verdict Free\Verdict.exe[2216] ntdll.dll!NtOpenFile + 4 77645144 2 Bytes [72, 71] {JB 0x73}
.text D:\Program Files\Verdict Free\Verdict.exe[2216] kernel32.dll!CreateProcessW 75C7202D 6 Bytes JMP 71A60F5A
.text D:\Program Files\Verdict Free\Verdict.exe[2216] kernel32.dll!CreateProcessA 75C72062 6 Bytes JMP 71A90F5A
.text D:\Program Files\Verdict Free\Verdict.exe[2216] kernel32.dll!CloseHandle 75CC05D7 6 Bytes JMP 71940F5A
.text D:\Program Files\Verdict Free\Verdict.exe[2216] kernel32.dll!CreateFileW 75CC0B7D 6 Bytes JMP 71970F5A
.text D:\Program Files\Verdict Free\Verdict.exe[2216] kernel32.dll!LoadLibraryA 75CC2884 6 Bytes JMP 71700F5A
.text D:\Program Files\Verdict Free\Verdict.exe[2216] kernel32.dll!LoadLibraryW 75CC28D2 6 Bytes JMP 716D0F5A
.text D:\Program Files\Verdict Free\Verdict.exe[2216] user32.dll!RegisterRawInputDevices 77765C2F 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Verdict Free\Verdict.exe[2216] user32.dll!RegisterRawInputDevices + 4 77765C33 2 Bytes [84, 71]
.text D:\Program Files\Verdict Free\Verdict.exe[2216] user32.dll!RegisterHotKey 7776C8F9 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Verdict Free\Verdict.exe[2216] user32.dll!RegisterHotKey + 4 7776C8FD 2 Bytes [87, 71]
.text D:\Program Files\Verdict Free\Verdict.exe[2216] user32.dll!ExitWindowsEx 777B06EF 6 Bytes JMP 71A30F5A
.text D:\Program Files\Verdict Free\Verdict.exe[2216] user32.dll!DdeClientTransaction 777C329C 6 Bytes JMP 718B0F5A
.text D:\Program Files\Verdict Free\Verdict.exe[2216] GDI32.dll!DeleteDC 75AA6A2C 6 Bytes JMP 717C0F5A
.text D:\Program Files\Verdict Free\Verdict.exe[2216] GDI32.dll!BitBlt 75AA7180 6 Bytes JMP 71790F5A
.text D:\Program Files\Verdict Free\Verdict.exe[2216] GDI32.dll!CreateDCA 75AA9975 6 Bytes JMP 71820F5A
.text D:\Program Files\Verdict Free\Verdict.exe[2216] GDI32.dll!CreateDCW 75AABD21 6 Bytes JMP 717F0F5A
.text D:\Program Files\Verdict Free\Verdict.exe[2216] advapi32.dll!CreateServiceW 7614DBC1 6 Bytes JMP 718E0F5A
.text D:\Program Files\Verdict Free\Verdict.exe[2216] advapi32.dll!CreateServiceA 76162120 6 Bytes JMP 71910F5A
.text D:\Program Files\Verdict Free\Verdict.exe[2216] WS2_32.dll!socket 75A53F00 6 Bytes JMP 71AF0F5A
.text D:\Program Files\Verdict Free\Verdict.exe[2216] IPHLPAPI.DLL!IcmpSendEcho2Ex 737E561D 6 Bytes JMP 719A0F5A
.text D:\Program Files\Verdict Free\Verdict.exe[2216] IPHLPAPI.DLL!IcmpSendEcho 737E67C3 6 Bytes JMP 71A00F5A
.text D:\Program Files\Verdict Free\Verdict.exe[2216] IPHLPAPI.DLL!IcmpSendEcho2 737E67F3 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\taskhost.exe[2228] ntdll.dll!NtCreateSymbolicLinkObject 77644B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2228] ntdll.dll!NtCreateSymbolicLinkObject + 4 77644B74 2 Bytes [75, 71] {JNZ 0x73}
.text C:\Windows\system32\taskhost.exe[2228] ntdll.dll!NtOpenFile 77645140 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2228] ntdll.dll!NtOpenFile + 4 77645144 2 Bytes [72, 71] {JB 0x73}
.text C:\Windows\system32\taskhost.exe[2228] kernel32.dll!CreateProcessW 75C7202D 6 Bytes JMP 71A60F5A
.text C:\Windows\system32\taskhost.exe[2228] kernel32.dll!CreateProcessA 75C72062 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\taskhost.exe[2228] kernel32.dll!CloseHandle 75CC05D7 6 Bytes JMP 71940F5A
.text C:\Windows\system32\taskhost.exe[2228] kernel32.dll!CreateFileW 75CC0B7D 6 Bytes JMP 71970F5A
.text C:\Windows\system32\taskhost.exe[2228] kernel32.dll!LoadLibraryA 75CC2884 6 Bytes JMP 71700F5A
.text C:\Windows\system32\taskhost.exe[2228] kernel32.dll!LoadLibraryW 75CC28D2 6 Bytes JMP 716D0F5A
.text C:\Windows\system32\taskhost.exe[2228] user32.dll!RegisterRawInputDevices 77765C2F 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2228] user32.dll!RegisterRawInputDevices + 4 77765C33 2 Bytes [84, 71]
.text C:\Windows\system32\taskhost.exe[2228] user32.dll!RegisterHotKey 7776C8F9 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2228] user32.dll!RegisterHotKey + 4 7776C8FD 2 Bytes [87, 71]
.text C:\Windows\system32\taskhost.exe[2228] user32.dll!ExitWindowsEx 777B06EF 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\taskhost.exe[2228] user32.dll!DdeClientTransaction 777C329C 6 Bytes JMP 718B0F5A
.text C:\Windows\system32\taskhost.exe[2228] GDI32.dll!DeleteDC 75AA6A2C 6 Bytes JMP 717C0F5A
.text C:\Windows\system32\taskhost.exe[2228] GDI32.dll!BitBlt 75AA7180 6 Bytes JMP 71790F5A
.text C:\Windows\system32\taskhost.exe[2228] GDI32.dll!CreateDCA 75AA9975 6 Bytes JMP 71820F5A
.text C:\Windows\system32\taskhost.exe[2228] GDI32.dll!CreateDCW 75AABD21 6 Bytes JMP 717F0F5A
.text C:\Windows\system32\taskhost.exe[2228] advapi32.dll!CreateServiceW 7614DBC1 6 Bytes JMP 718E0F5A
.text C:\Windows\system32\taskhost.exe[2228] advapi32.dll!CreateServiceA 76162120 6 Bytes JMP 71910F5A
.text C:\Windows\system32\taskhost.exe[2228] WS2_32.dll!socket 75A53F00 6 Bytes JMP 71AF0F5A
.text C:\Windows\system32\taskhost.exe[2228] IPHLPAPI.DLL!IcmpSendEcho2Ex 737E561D 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\taskhost.exe[2228] IPHLPAPI.DLL!IcmpSendEcho 737E67C3 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\taskhost.exe[2228] IPHLPAPI.DLL!IcmpSendEcho2 737E67F3 6 Bytes JMP 719D0F5A
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] ntdll.dll!NtCreateSymbolicLinkObject 77644B70 3 Bytes [FF, 25, 1E]
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] ntdll.dll!NtCreateSymbolicLinkObject + 4 77644B74 2 Bytes [75, 71] {JNZ 0x73}
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] ntdll.dll!NtOpenFile 77645140 3 Bytes [FF, 25, 1E]
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] ntdll.dll!NtOpenFile + 4 77645144 2 Bytes [72, 71] {JB 0x73}
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] kernel32.dll!CreateProcessW 75C7202D 6 Bytes JMP 71A60F5A
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] kernel32.dll!CreateProcessA 75C72062 6 Bytes JMP 71A90F5A
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] kernel32.dll!CloseHandle 75CC05D7 6 Bytes JMP 71940F5A
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] kernel32.dll!CreateFileW 75CC0B7D 6 Bytes JMP 71970F5A
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] kernel32.dll!LoadLibraryA 75CC2884 6 Bytes JMP 71700F5A
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] kernel32.dll!LoadLibraryW 75CC28D2 6 Bytes JMP 716D0F5A
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] user32.dll!RegisterRawInputDevices 77765C2F 3 Bytes [FF, 25, 1E]
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] user32.dll!RegisterRawInputDevices + 4 77765C33 2 Bytes [84, 71]
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] user32.dll!RegisterHotKey 7776C8F9 3 Bytes [FF, 25, 1E]
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] user32.dll!RegisterHotKey + 4 7776C8FD 2 Bytes [87, 71]
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] user32.dll!ExitWindowsEx 777B06EF 6 Bytes JMP 71A30F5A
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] user32.dll!DdeClientTransaction 777C329C 6 Bytes JMP 718B0F5A
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] GDI32.dll!DeleteDC 75AA6A2C 6 Bytes JMP 717C0F5A
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] GDI32.dll!BitBlt 75AA7180 6 Bytes JMP 71790F5A
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] GDI32.dll!CreateDCA 75AA9975 6 Bytes JMP 71820F5A
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] GDI32.dll!CreateDCW 75AABD21 6 Bytes JMP 717F0F5A
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] advapi32.dll!CreateServiceW 7614DBC1 6 Bytes JMP 718E0F5A
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] advapi32.dll!CreateServiceA 76162120 6 Bytes JMP 71910F5A
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] WS2_32.dll!socket 75A53F00 6 Bytes JMP 71AF0F5A
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] IPHLPAPI.DLL!IcmpSendEcho2Ex 737E561D 6 Bytes JMP 719A0F5A
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] IPHLPAPI.DLL!IcmpSendEcho 737E67C3 6 Bytes JMP 71A00F5A
.text D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2508] IPHLPAPI.DLL!IcmpSendEcho2 737E67F3 6 Bytes JMP 719D0F5A
.text C:\Windows\System32\igfxtray.exe[2696] ntdll.dll!NtCreateSymbolicLinkObject 77644B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxtray.exe[2696] ntdll.dll!NtCreateSymbolicLinkObject + 4 77644B74 2 Bytes [75, 71] {JNZ 0x73}
.text C:\Windows\System32\igfxtray.exe[2696] ntdll.dll!NtOpenFile 77645140 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxtray.exe[2696] ntdll.dll!NtOpenFile + 4 77645144 2 Bytes [72, 71] {JB 0x73}
.text C:\Windows\System32\igfxtray.exe[2696] kernel32.dll!CreateProcessW 75C7202D 6 Bytes JMP 71A60F5A
.text C:\Windows\System32\igfxtray.exe[2696] kernel32.dll!CreateProcessA 75C72062 6 Bytes JMP 71A90F5A
.text C:\Windows\System32\igfxtray.exe[2696] kernel32.dll!CloseHandle 75CC05D7 6 Bytes JMP 71940F5A
.text C:\Windows\System32\igfxtray.exe[2696] kernel32.dll!CreateFileW 75CC0B7D 6 Bytes JMP 71970F5A
.text C:\Windows\System32\igfxtray.exe[2696] kernel32.dll!LoadLibraryA 75CC2884 6 Bytes JMP 71700F5A
.text C:\Windows\System32\igfxtray.exe[2696] kernel32.dll!LoadLibraryW 75CC28D2 6 Bytes JMP 716D0F5A
.text C:\Windows\System32\igfxtray.exe[2696] user32.dll!RegisterRawInputDevices 77765C2F 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxtray.exe[2696] user32.dll!RegisterRawInputDevices + 4 77765C33 2 Bytes [84, 71]
.text C:\Windows\System32\igfxtray.exe[2696] user32.dll!RegisterHotKey 7776C8F9 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxtray.exe[2696] user32.dll!RegisterHotKey + 4 7776C8FD 2 Bytes [87, 71]
.text C:\Windows\System32\igfxtray.exe[2696] user32.dll!ExitWindowsEx 777B06EF 6 Bytes JMP 71A30F5A
.text C:\Windows\System32\igfxtray.exe[2696] user32.dll!DdeClientTransaction 777C329C 6 Bytes JMP 718B0F5A
.text C:\Windows\System32\igfxtray.exe[2696] GDI32.dll!DeleteDC 75AA6A2C 6 Bytes JMP 717C0F5A
.text C:\Windows\System32\igfxtray.exe[2696] GDI32.dll!BitBlt 75AA7180 6 Bytes JMP 71790F5A
.text C:\Windows\System32\igfxtray.exe[2696] GDI32.dll!CreateDCA 75AA9975 6 Bytes JMP 71820F5A
.text C:\Windows\System32\igfxtray.exe[2696] GDI32.dll!CreateDCW 75AABD21 6 Bytes JMP 717F0F5A
.text C:\Windows\System32\igfxtray.exe[2696] advapi32.dll!CreateServiceW 7614DBC1 6 Bytes JMP 718E0F5A
.text C:\Windows\System32\igfxtray.exe[2696] advapi32.dll!CreateServiceA 76162120 6 Bytes JMP 71910F5A
.text C:\Windows\System32\igfxtray.exe[2696] WS2_32.dll!socket 75A53F00 6 Bytes JMP 71AF0F5A
.text C:\Windows\System32\igfxtray.exe[2696] IPHLPAPI.DLL!IcmpSendEcho2Ex 737E561D 6 Bytes JMP 719A0F5A
.text C:\Windows\System32\igfxtray.exe[2696] IPHLPAPI.DLL!IcmpSendEcho 737E67C3 6 Bytes JMP 71A00F5A
.text C:\Windows\System32\igfxtray.exe[2696] IPHLPAPI.DLL!IcmpSendEcho2 737E67F3 6 Bytes JMP 719D0F5A
.text C:\Windows\System32\hkcmd.exe[2724] ntdll.dll!NtCreateSymbolicLinkObject 77644B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[2724] ntdll.dll!NtCreateSymbolicLinkObject + 4 77644B74 2 Bytes [75, 71] {JNZ 0x73}
.text C:\Windows\System32\hkcmd.exe[2724] ntdll.dll!NtOpenFile 77645140 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[2724] ntdll.dll!NtOpenFile + 4 77645144 2 Bytes [72, 71] {JB 0x73}
.text C:\Windows\System32\hkcmd.exe[2724] kernel32.dll!CreateProcessW 75C7202D 6 Bytes JMP 71A60F5A
.text C:\Windows\System32\hkcmd.exe[2724] kernel32.dll!CreateProcessA 75C72062 6 Bytes JMP 71A90F5A
.text C:\Windows\System32\hkcmd.exe[2724] kernel32.dll!CloseHandle 75CC05D7 6 Bytes JMP 71940F5A
.text C:\Windows\System32\hkcmd.exe[2724] kernel32.dll!CreateFileW 75CC0B7D 6 Bytes JMP 71970F5A
.text C:\Windows\System32\hkcmd.exe[2724] kernel32.dll!LoadLibraryA 75CC2884 6 Bytes JMP 71700F5A
.text C:\Windows\System32\hkcmd.exe[2724] kernel32.dll!LoadLibraryW 75CC28D2 6 Bytes JMP 716D0F5A
.text C:\Windows\System32\hkcmd.exe[2724] user32.dll!RegisterRawInputDevices 77765C2F 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[2724] user32.dll!RegisterRawInputDevices + 4 77765C33 2 Bytes [84, 71]
.text C:\Windows\System32\hkcmd.exe[2724] user32.dll!RegisterHotKey 7776C8F9 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[2724] user32.dll!RegisterHotKey + 4 7776C8FD 2 Bytes [87, 71]
.text C:\Windows\System32\hkcmd.exe[2724] user32.dll!ExitWindowsEx 777B06EF 6 Bytes JMP 71A30F5A
.text C:\Windows\System32\hkcmd.exe[2724] user32.dll!DdeClientTransaction 777C329C 6 Bytes JMP 718B0F5A
.text C:\Windows\System32\hkcmd.exe[2724] GDI32.dll!DeleteDC 75AA6A2C 6 Bytes JMP 717C0F5A
.text C:\Windows\System32\hkcmd.exe[2724] GDI32.dll!BitBlt 75AA7180 6 Bytes JMP 71790F5A
.text C:\Windows\System32\hkcmd.exe[2724] GDI32.dll!CreateDCA 75AA9975 6 Bytes JMP 71820F5A
.text C:\Windows\System32\hkcmd.exe[2724] GDI32.dll!CreateDCW 75AABD21 6 Bytes JMP 717F0F5A
.text C:\Windows\System32\hkcmd.exe[2724] advapi32.dll!CreateServiceW 7614DBC1 6 Bytes JMP 718E0F5A
.text C:\Windows\System32\hkcmd.exe[2724] advapi32.dll!CreateServiceA 76162120 6 Bytes JMP 71910F5A
.text C:\Windows\System32\hkcmd.exe[2724] WS2_32.dll!socket 75A53F00 6 Bytes JMP 71AF0F5A
.text C:\Windows\System32\hkcmd.exe[2724] IPHLPAPI.DLL!IcmpSendEcho2Ex 737E561D 6 Bytes JMP 719A0F5A
.text C:\Windows\System32\hkcmd.exe[2724] IPHLPAPI.DLL!IcmpSendEcho 737E67C3 6 Bytes JMP 71A00F5A
.text C:\Windows\System32\hkcmd.exe[2724] IPHLPAPI.DLL!IcmpSendEcho2 737E67F3 6 Bytes JMP 719D0F5A

.text C:\Windows\System32\igfxpers.exe[2748] ntdll.dll!NtCreateSymbolicLinkObject 77644B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxpers.exe[2748] ntdll.dll!NtCreateSymbolicLinkObject + 4 77644B74 2 Bytes [75, 71] {JNZ 0x73}
.text C:\Windows\System32\igfxpers.exe[2748] ntdll.dll!NtOpenFile 77645140 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxpers.exe[2748] ntdll.dll!NtOpenFile + 4 77645144 2 Bytes [72, 71] {JB 0x73}
.text C:\Windows\System32\igfxpers.exe[2748] kernel32.dll!CreateProcessW 75C7202D 6 Bytes JMP 71A60F5A
.text C:\Windows\System32\igfxpers.exe[2748] kernel32.dll!CreateProcessA 75C72062 6 Bytes JMP 71A90F5A
.text C:\Windows\System32\igfxpers.exe[2748] kernel32.dll!CloseHandle 75CC05D7 6 Bytes JMP 71940F5A
.text C:\Windows\System32\igfxpers.exe[2748] kernel32.dll!CreateFileW 75CC0B7D 6 Bytes JMP 71970F5A
.text C:\Windows\System32\igfxpers.exe[2748] kernel32.dll!LoadLibraryA 75CC2884 6 Bytes JMP 71700F5A
.text C:\Windows\System32\igfxpers.exe[2748] kernel32.dll!LoadLibraryW 75CC28D2 6 Bytes JMP 716D0F5A
.text C:\Windows\System32\igfxpers.exe[2748] user32.dll!RegisterRawInputDevices 77765C2F 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxpers.exe[2748] user32.dll!RegisterRawInputDevices + 4 77765C33 2 Bytes [84, 71]
.text C:\Windows\System32\igfxpers.exe[2748] user32.dll!RegisterHotKey 7776C8F9 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxpers.exe[2748] user32.dll!RegisterHotKey + 4 7776C8FD 2 Bytes [87, 71]
.text C:\Windows\System32\igfxpers.exe[2748] user32.dll!ExitWindowsEx 777B06EF 6 Bytes JMP 71A30F5A
.text C:\Windows\System32\igfxpers.exe[2748] user32.dll!DdeClientTransaction 777C329C 6 Bytes JMP 718B0F5A
.text C:\Windows\System32\igfxpers.exe[2748] GDI32.dll!DeleteDC 75AA6A2C 6 Bytes JMP 717C0F5A
.text C:\Windows\System32\igfxpers.exe[2748] GDI32.dll!BitBlt 75AA7180 6 Bytes JMP 71790F5A
.text C:\Windows\System32\igfxpers.exe[2748] GDI32.dll!CreateDCA 75AA9975 6 Bytes JMP 71820F5A
.text C:\Windows\System32\igfxpers.exe[2748] GDI32.dll!CreateDCW 75AABD21 6 Bytes JMP 717F0F5A
.text C:\Windows\System32\igfxpers.exe[2748] advapi32.dll!CreateServiceW 7614DBC1 6 Bytes JMP 718E0F5A
.text C:\Windows\System32\igfxpers.exe[2748] advapi32.dll!CreateServiceA 76162120 6 Bytes JMP 71910F5A
.text C:\Windows\System32\igfxpers.exe[2748] WS2_32.dll!socket 75A53F00 6 Bytes JMP 71AF0F5A
.text C:\Windows\System32\igfxpers.exe[2748] IPHLPAPI.DLL!IcmpSendEcho2Ex 737E561D 6 Bytes JMP 719A0F5A
.text C:\Windows\System32\igfxpers.exe[2748] IPHLPAPI.DLL!IcmpSendEcho 737E67C3 6 Bytes JMP 71A00F5A
.text C:\Windows\System32\igfxpers.exe[2748] IPHLPAPI.DLL!IcmpSendEcho2 737E67F3 6 Bytes JMP 719D0F5A
.text D:\Program Files\Online Armor\oaui.exe[2832] user32.dll!LoadStringA 77766563 6 Bytes JMP 71AF0F5A
.text D:\Program Files\Online Armor\oaui.exe[2832] user32.dll!LoadStringW 77775533 6 Bytes JMP 71A90F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] ntdll.dll!NtCreateSymbolicLinkObject 77644B70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] ntdll.dll!NtCreateSymbolicLinkObject + 4 77644B74 2 Bytes [75, 71] {JNZ 0x73}
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] ntdll.dll!NtOpenFile 77645140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] ntdll.dll!NtOpenFile + 4 77645144 2 Bytes [72, 71] {JB 0x73}
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] kernel32.dll!CreateProcessW 75C7202D 6 Bytes JMP 71A60F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] kernel32.dll!CreateProcessA 75C72062 6 Bytes JMP 71A90F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] kernel32.dll!CloseHandle 75CC05D7 6 Bytes JMP 71940F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] kernel32.dll!CreateFileW 75CC0B7D 6 Bytes JMP 71970F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] kernel32.dll!LoadLibraryA 75CC2884 6 Bytes JMP 71700F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] kernel32.dll!LoadLibraryW 75CC28D2 6 Bytes JMP 716D0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] user32.dll!RegisterRawInputDevices 77765C2F 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] user32.dll!RegisterRawInputDevices + 4 77765C33 2 Bytes [84, 71]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] user32.dll!RegisterHotKey 7776C8F9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] user32.dll!RegisterHotKey + 4 7776C8FD 2 Bytes [87, 71]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] user32.dll!ExitWindowsEx 777B06EF 6 Bytes JMP 71A30F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] user32.dll!DdeClientTransaction 777C329C 6 Bytes JMP 718B0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] GDI32.dll!DeleteDC 75AA6A2C 6 Bytes JMP 717C0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] GDI32.dll!BitBlt 75AA7180 6 Bytes JMP 71790F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] GDI32.dll!CreateDCA 75AA9975 6 Bytes JMP 71820F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] GDI32.dll!CreateDCW 75AABD21 6 Bytes JMP 717F0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] advapi32.dll!CreateServiceW 7614DBC1 6 Bytes JMP 718E0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] advapi32.dll!CreateServiceA 76162120 6 Bytes JMP 71910F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] WS2_32.dll!socket 75A53F00 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] IPHLPAPI.DLL!IcmpSendEcho2Ex 737E561D 6 Bytes JMP 719A0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] IPHLPAPI.DLL!IcmpSendEcho 737E67C3 6 Bytes JMP 71A00F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] IPHLPAPI.DLL!IcmpSendEcho2 737E67F3 6 Bytes JMP 719D0F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] ntdll.dll!NtCreateSymbolicLinkObject 77644B70 3 Bytes [FF, 25, 1E]
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] ntdll.dll!NtCreateSymbolicLinkObject + 4 77644B74 2 Bytes [6C, 71]
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] ntdll.dll!NtOpenFile 77645140 3 Bytes [FF, 25, 1E]
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] ntdll.dll!NtOpenFile + 4 77645144 2 Bytes [69, 71]
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] ntdll.dll!LdrGetProcedureAddressEx 7765EBA5 6 Bytes JMP 715E0F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] ntdll.dll!LdrGetProcedureAddress 7765EEC7 6 Bytes JMP 71610F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] kernel32.dll!CreateProcessW 75C7202D 6 Bytes JMP 71A60F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] kernel32.dll!CreateProcessA 75C72062 6 Bytes JMP 71A90F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] kernel32.dll!CloseHandle 75CC05D7 6 Bytes JMP 718B0F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] kernel32.dll!CreateFileW 75CC0B7D 6 Bytes JMP 718E0F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] kernel32.dll!LoadLibraryA 75CC2884 6 Bytes JMP 71670F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] kernel32.dll!LoadLibraryW 75CC28D2 6 Bytes JMP 71640F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] kernel32.dll!WriteProcessMemory 75CD85C1 6 Bytes JMP 71580F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] kernel32.dll!VirtualProtectEx 75CFF729 6 Bytes JMP 715B0F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] user32.dll!RegisterRawInputDevices 77765C2F 3 Bytes [FF, 25, 1E]
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] user32.dll!RegisterRawInputDevices + 4 77765C33 2 Bytes [7B, 71] {JNP 0x73}
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] user32.dll!RegisterHotKey 7776C8F9 3 Bytes [FF, 25, 1E]
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] user32.dll!RegisterHotKey + 4 7776C8FD 2 Bytes [7E, 71] {JLE 0x73}
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] user32.dll!ExitWindowsEx 777B06EF 6 Bytes JMP 71A30F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] user32.dll!DdeClientTransaction 777C329C 6 Bytes JMP 71820F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] GDI32.dll!DeleteDC 75AA6A2C 6 Bytes JMP 71730F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] GDI32.dll!BitBlt 75AA7180 6 Bytes JMP 71700F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] GDI32.dll!CreateDCA 75AA9975 6 Bytes JMP 71790F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] GDI32.dll!CreateDCW 75AABD21 6 Bytes JMP 71760F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] advapi32.dll!CreateServiceW 7614DBC1 6 Bytes JMP 71850F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] advapi32.dll!CreateServiceA 76162120 6 Bytes JMP 71880F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] ole32.dll!CoGetClassObject 75B2A394 6 Bytes JMP 71910F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] ole32.dll!CoCreateInstance 75B4590C 6 Bytes JMP 71970F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] ole32.dll!CoCreateInstanceEx 75B4594F 6 Bytes JMP 71940F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] WS2_32.dll!socket 75A53F00 6 Bytes JMP 71AF0F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] IPHLPAPI.DLL!IcmpSendEcho2Ex 737E561D 6 Bytes JMP 719A0F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] IPHLPAPI.DLL!IcmpSendEcho 737E67C3 6 Bytes JMP 71A00F5A
.text D:\Program Files\ASUS\Turbo Key\TurboKey.exe[2976] IPHLPAPI.DLL!IcmpSendEcho2 737E67F3 6 Bytes JMP 719D0F5A
.text D:\Program Files\SmartClock\SmartClock.exe[3064] ntdll.dll!NtCreateSymbolicLinkObject 77644B70 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SmartClock\SmartClock.exe[3064] ntdll.dll!NtCreateSymbolicLinkObject + 4 77644B74 2 Bytes [75, 71] {JNZ 0x73}
.text D:\Program Files\SmartClock\SmartClock.exe[3064] ntdll.dll!NtOpenFile 77645140 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SmartClock\SmartClock.exe[3064] ntdll.dll!NtOpenFile + 4 77645144 2 Bytes [72, 71] {JB 0x73}
.text D:\Program Files\SmartClock\SmartClock.exe[3064] kernel32.dll!CreateProcessW 75C7202D 6 Bytes JMP 71A60F5A
.text D:\Program Files\SmartClock\SmartClock.exe[3064] kernel32.dll!CreateProcessA 75C72062 6 Bytes JMP 71A90F5A
.text D:\Program Files\SmartClock\SmartClock.exe[3064] kernel32.dll!CloseHandle 75CC05D7 6 Bytes JMP 71940F5A
.text D:\Program Files\SmartClock\SmartClock.exe[3064] kernel32.dll!CreateFileW 75CC0B7D 6 Bytes JMP 71970F5A
.text D:\Program Files\SmartClock\SmartClock.exe[3064] kernel32.dll!LoadLibraryA 75CC2884 6 Bytes JMP 71700F5A
.text D:\Program Files\SmartClock\SmartClock.exe[3064] kernel32.dll!LoadLibraryW 75CC28D2 6 Bytes JMP 716D0F5A
.text D:\Program Files\SmartClock\SmartClock.exe[3064] user32.dll!RegisterRawInputDevices 77765C2F 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SmartClock\SmartClock.exe[3064] user32.dll!RegisterRawInputDevices + 4 77765C33 2 Bytes [84, 71]
.text D:\Program Files\SmartClock\SmartClock.exe[3064] user32.dll!RegisterHotKey 7776C8F9 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SmartClock\SmartClock.exe[3064] user32.dll!RegisterHotKey + 4 7776C8FD 2 Bytes [87, 71]
.text D:\Program Files\SmartClock\SmartClock.exe[3064] user32.dll!ExitWindowsEx 777B06EF 6 Bytes JMP 71A30F5A
.text D:\Program Files\SmartClock\SmartClock.exe[3064] user32.dll!DdeClientTransaction 777C329C 6 Bytes JMP 718B0F5A
.text D:\Program Files\SmartClock\SmartClock.exe[3064] GDI32.dll!DeleteDC 75AA6A2C 6 Bytes JMP 717C0F5A
.text D:\Program Files\SmartClock\SmartClock.exe[3064] GDI32.dll!BitBlt 75AA7180 6 Bytes JMP 71790F5A
.text D:\Program Files\SmartClock\SmartClock.exe[3064] GDI32.dll!CreateDCA 75AA9975 6 Bytes JMP 71820F5A
.text D:\Program Files\SmartClock\SmartClock.exe[3064] GDI32.dll!CreateDCW 75AABD21 6 Bytes JMP 717F0F5A
.text D:\Program Files\SmartClock\SmartClock.exe[3064] advapi32.dll!CreateServiceW 7614DBC1 6 Bytes JMP 718E0F5A
.text D:\Program Files\SmartClock\SmartClock.exe[3064] advapi32.dll!CreateServiceA 76162120 6 Bytes JMP 71910F5A
.text D:\Program Files\SmartClock\SmartClock.exe[3064] WS2_32.dll!socket 75A53F00 6 Bytes JMP 71AF0F5A
.text D:\Program Files\SmartClock\SmartClock.exe[3064] IPHLPAPI.DLL!IcmpSendEcho2Ex 737E561D 6 Bytes JMP 719A0F5A
.text D:\Program Files\SmartClock\SmartClock.exe[3064] IPHLPAPI.DLL!IcmpSendEcho 737E67C3 6 Bytes JMP 71A00F5A
.text D:\Program Files\SmartClock\SmartClock.exe[3064] IPHLPAPI.DLL!IcmpSendEcho2 737E67F3 6 Bytes JMP 719D0F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] ntdll.dll!NtCreateSymbolicLinkObject 77644B70 3 Bytes [FF, 25, 1E]
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] ntdll.dll!NtCreateSymbolicLinkObject + 4 77644B74 2 Bytes [7B, 71] {JNP 0x73}
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] ntdll.dll!NtOpenFile 77645140 3 Bytes [FF, 25, 1E]
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] ntdll.dll!NtOpenFile + 4 77645144 2 Bytes [78, 71] {JS 0x73}
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] kernel32.dll!CreateProcessW 75C7202D 6 Bytes JMP 71A60F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] kernel32.dll!CreateProcessA 75C72062 6 Bytes JMP 71A90F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] kernel32.dll!LoadLibraryA 75CC2884 6 Bytes JMP 71760F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] kernel32.dll!LoadLibraryW 75CC28D2 6 Bytes JMP 71730F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] user32.dll!RegisterRawInputDevices 77765C2F 3 Bytes [FF, 25, 1E]
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] user32.dll!RegisterRawInputDevices + 4 77765C33 2 Bytes [8A, 71]
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] user32.dll!RegisterHotKey 7776C8F9 3 Bytes [FF, 25, 1E]
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] user32.dll!RegisterHotKey + 4 7776C8FD 2 Bytes [8D, 71]
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] user32.dll!ExitWindowsEx 777B06EF 6 Bytes JMP 71A30F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] user32.dll!DdeClientTransaction 777C329C 6 Bytes JMP 71910F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] GDI32.dll!DeleteDC 75AA6A2C 6 Bytes JMP 71820F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] GDI32.dll!BitBlt 75AA7180 6 Bytes JMP 717F0F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] GDI32.dll!CreateDCA 75AA9975 6 Bytes JMP 71880F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] GDI32.dll!CreateDCW 75AABD21 6 Bytes JMP 71850F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] advapi32.dll!CreateServiceW 7614DBC1 6 Bytes JMP 71940F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] advapi32.dll!CreateServiceA 76162120 6 Bytes JMP 71970F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] WS2_32.dll!ioctlsocket 75A53131 6 Bytes JMP 715E0F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] WS2_32.dll!sendto 75A53AED 6 Bytes JMP 71640F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] WS2_32.dll!closesocket 75A53BED 6 Bytes JMP 71700F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] WS2_32.dll!socket 75A53F00 6 Bytes JMP 71AF0F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] WS2_32.dll!recv 75A547DF 6 Bytes JMP 71560F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] WS2_32.dll!connect 75A548BE 6 Bytes JMP 716D0F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] WS2_32.dll!select 75A54981 6 Bytes JMP 71610F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] WS2_32.dll!WSASend 75A568A7 6 Bytes JMP 714F0F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] WS2_32.dll!WSARecv 75A5C29F 6 Bytes JMP 71520F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] WS2_32.dll!send 75A5C4C8 6 Bytes JMP 71670F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] WS2_32.dll!WSAAsyncSelect 75A6AACC 6 Bytes JMP 715B0F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] IPHLPAPI.DLL!IcmpSendEcho2Ex 737E561D 6 Bytes JMP 719A0F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] IPHLPAPI.DLL!IcmpSendEcho 737E67C3 6 Bytes JMP 71A00F5A
.text D:\Program Files\PeerGuardian2\pg2.exe[3124] IPHLPAPI.DLL!IcmpSendEcho2 737E67F3 6 Bytes JMP 719D0F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] ntdll.dll!NtCreateSymbolicLinkObject 77644B70 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Online Armor\OAhlp.exe[3164] ntdll.dll!NtCreateSymbolicLinkObject + 4 77644B74 2 Bytes [75, 71] {JNZ 0x73}
.text D:\Program Files\Online Armor\OAhlp.exe[3164] ntdll.dll!NtOpenFile 77645140 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Online Armor\OAhlp.exe[3164] ntdll.dll!NtOpenFile + 4 77645144 2 Bytes [72, 71] {JB 0x73}
.text D:\Program Files\Online Armor\OAhlp.exe[3164] kernel32.dll!CreateProcessW 75C7202D 6 Bytes JMP 71A60F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] kernel32.dll!CreateProcessA 75C72062 6 Bytes JMP 71A90F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] kernel32.dll!CloseHandle 75CC05D7 6 Bytes JMP 71940F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] kernel32.dll!CreateFileW 75CC0B7D 6 Bytes JMP 71970F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] kernel32.dll!LoadLibraryA 75CC2884 6 Bytes JMP 71700F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] kernel32.dll!LoadLibraryW 75CC28D2 6 Bytes JMP 716D0F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] user32.dll!RegisterRawInputDevices 77765C2F 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Online Armor\OAhlp.exe[3164] user32.dll!RegisterRawInputDevices + 4 77765C33 2 Bytes [84, 71]
.text D:\Program Files\Online Armor\OAhlp.exe[3164] user32.dll!LoadStringA 77766563 6 Bytes JMP 716A0F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] user32.dll!RegisterHotKey 7776C8F9 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Online Armor\OAhlp.exe[3164] user32.dll!RegisterHotKey + 4 7776C8FD 2 Bytes [87, 71]
.text D:\Program Files\Online Armor\OAhlp.exe[3164] user32.dll!LoadStringW 77775533 6 Bytes JMP 71660F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] user32.dll!ExitWindowsEx 777B06EF 6 Bytes JMP 71A30F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] user32.dll!DdeClientTransaction 777C329C 6 Bytes JMP 718B0F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] GDI32.dll!DeleteDC 75AA6A2C 6 Bytes JMP 717C0F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] GDI32.dll!BitBlt 75AA7180 6 Bytes JMP 71790F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] GDI32.dll!CreateDCA 75AA9975 6 Bytes JMP 71820F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] GDI32.dll!CreateDCW 75AABD21 6 Bytes JMP 717F0F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] advapi32.dll!CreateServiceW 7614DBC1 6 Bytes JMP 718E0F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] advapi32.dll!CreateServiceA 76162120 6 Bytes JMP 71910F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] WS2_32.dll!socket 75A53F00 6 Bytes JMP 71AF0F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] IPHLPAPI.DLL!IcmpSendEcho2Ex 737E561D 6 Bytes JMP 719A0F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] IPHLPAPI.DLL!IcmpSendEcho 737E67C3 6 Bytes JMP 71A00F5A
.text D:\Program Files\Online Armor\OAhlp.exe[3164] IPHLPAPI.DLL!IcmpSendEcho2 737E67F3 6 Bytes JMP 719D0F5A
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] ntdll.dll!NtCreateSymbolicLinkObject 77644B70 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] ntdll.dll!NtCreateSymbolicLinkObject + 4 77644B74 2 Bytes [75, 71] {JNZ 0x73}
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] ntdll.dll!NtOpenFile 77645140 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] ntdll.dll!NtOpenFile + 4 77645144 2 Bytes [72, 71] {JB 0x73}
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] KERNEL32.dll!CreateProcessW 75C7202D 6 Bytes JMP 71A60F5A
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] KERNEL32.dll!CreateProcessA 75C72062 6 Bytes JMP 71A90F5A
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] KERNEL32.dll!CloseHandle 75CC05D7 6 Bytes JMP 71940F5A
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] KERNEL32.dll!CreateFileW 75CC0B7D 6 Bytes JMP 71970F5A
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] KERNEL32.dll!LoadLibraryA 75CC2884 6 Bytes JMP 71700F5A
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] KERNEL32.dll!LoadLibraryW 75CC28D2 6 Bytes JMP 716D0F5A
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] user32.dll!RegisterRawInputDevices 77765C2F 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] user32.dll!RegisterRawInputDevices + 4 77765C33 2 Bytes [84, 71]
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] user32.dll!RegisterHotKey 7776C8F9 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] user32.dll!RegisterHotKey + 4 7776C8FD 2 Bytes [87, 71]
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] user32.dll!ExitWindowsEx 777B06EF 6 Bytes JMP 71A30F5A
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] user32.dll!DdeClientTransaction 777C329C 6 Bytes JMP 718B0F5A
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] GDI32.dll!DeleteDC 75AA6A2C 6 Bytes JMP 717C0F5A
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] GDI32.dll!BitBlt 75AA7180 6 Bytes JMP 71790F5A
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] GDI32.dll!CreateDCA 75AA9975 6 Bytes JMP 71820F5A
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] GDI32.dll!CreateDCW 75AABD21 6 Bytes JMP 717F0F5A
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] advapi32.dll!CreateServiceW 7614DBC1 6 Bytes JMP 718E0F5A
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] advapi32.dll!CreateServiceA 76162120 6 Bytes JMP 71910F5A
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] WS2_32.dll!socket 75A53F00 6 Bytes JMP 71AF0F5A
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] IPHLPAPI.DLL!IcmpSendEcho2Ex 737E561D 6 Bytes JMP 719A0F5A
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] IPHLPAPI.DLL!IcmpSendEcho 737E67C3 6 Bytes JMP 71A00F5A
.text D:\Program Files\Nomad\Nomad_x86.exe[3224] IPHLPAPI.DLL!IcmpSendEcho2 737E67F3 6 Bytes JMP 719D0F5A
.text D:\Program Files\foobar2000\foobar2000.exe[3376] ntdll.dll!NtCreateSymbolicLinkObject 77644B70 3 Bytes [FF, 25, 1E]
.text D:\Program Files\foobar2000\foobar2000.exe[3376] ntdll.dll!NtCreateSymbolicLinkObject + 4 77644B74 2 Bytes [75, 71] {JNZ 0x73}
.text D:\Program Files\foobar2000\foobar2000.exe[3376] ntdll.dll!NtOpenFile 77645140 3 Bytes [FF, 25, 1E]
.text D:\Program Files\foobar2000\foobar2000.exe[3376] ntdll.dll!NtOpenFile + 4 77645144 2 Bytes [72, 71] {JB 0x73}
.text D:\Program Files\foobar2000\foobar2000.exe[3376] kernel32.dll!CreateProcessW 75C7202D 6 Bytes JMP 71A60F5A
.text D:\Program Files\foobar2000\foobar2000.exe[3376] kernel32.dll!CreateProcessA 75C72062 6 Bytes JMP 71A90F5A
.text D:\Program Files\foobar2000\foobar2000.exe[3376] kernel32.dll!CloseHandle 75CC05D7 6 Bytes JMP 71940F5A
.text D:\Program Files\foobar2000\foobar2000.exe[3376] kernel32.dll!CreateFileW 75CC0B7D 6 Bytes JMP 71970F5A
.text D:\Program Files\foobar2000\foobar2000.exe[3376] kernel32.dll!LoadLibraryA 75CC2884 6 Bytes JMP 71700F5A
.text D:\Program Files\foobar2000\foobar2000.exe[3376] kernel32.dll!LoadLibraryW 75CC28D2 6 Bytes JMP 716D0F5A
.text D:\Program Files\foobar2000\foobar2000.exe[3376] user32.dll!RegisterRawInputDevices 77765C2F 3 Bytes [FF, 25, 1E]
.text D:\Program Files\foobar2000\foobar2000.exe[3376] user32.dll!RegisterRawInputDevices + 4 77765C33 2 Bytes [84, 71]
.text D:\Program Files\foobar2000\foobar2000.exe[3376] user32.dll!RegisterHotKey 7776C8F9 3 Bytes [FF, 25, 1E]
.text D:\Program Files\foobar2000\foobar2000.exe[3376] user32.dll!RegisterHotKey + 4 7776C8FD 2 Bytes [87, 71]
.text D:\Program Files\foobar2000\foobar2000.exe[3376] user32.dll!ExitWindowsEx 777B06EF 6 Bytes JMP 71A30F5A
.text D:\Program Files\foobar2000\foobar2000.exe[3376] user32.dll!DdeClientTransaction 777C329C 6 Bytes JMP 718B0F5A
.text D:\Program Files\foobar2000\foobar2000.exe[3376] GDI32.dll!DeleteDC 75AA6A2C 6 Bytes JMP 717C0F5A
.text D:\Program Files\foobar2000\foobar2000.exe[3376] GDI32.dll!BitBlt 75AA7180 6 Bytes JMP 71790F5A
.text D:\Program Files\foobar2000\foobar2000.exe[3376] GDI32.dll!CreateDCA 75AA9975 6 Bytes JMP 71820F5A
.text D:\Program Files\foobar2000\foobar2000.exe[3376] GDI32.dll!CreateDCW 75AABD21 6 Bytes JMP 717F0F5A
.text D:\Program Files\foobar2000\foobar2000.exe[3376] advapi32.dll!CreateServiceW 7614DBC1 6 Bytes JMP 718E0F5A
.text D:\Program Files\foobar2000\foobar2000.exe[3376] advapi32.dll!CreateServiceA 76162120 6 Bytes JMP 71910F5A
.text D:\Program Files\foobar2000\foobar2000.exe[3376] WS2_32.dll!socket 75A53F00 6 Bytes JMP 71AF0F5A
.text D:\Program Files\foobar2000\foobar2000.exe[3376] IPHLPAPI.DLL!IcmpSendEcho2Ex 737E561D 6 Bytes JMP 719A0F5A
.text D:\Program Files\foobar2000\foobar2000.exe[3376] IPHLPAPI.DLL!IcmpSendEcho 737E67C3 6 Bytes JMP 71A00F5A
.text D:\Program Files\foobar2000\foobar2000.exe[3376] IPHLPAPI.DLL!IcmpSendEcho2 737E67F3 6 Bytes JMP 719D0F5A

---- Devices - GMER 1.0.15 ----

Device \Driver\tdx \Device\Tcp OAmon.sys

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\tdx \Device\RawIp6 OAmon.sys

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\tdx \Device\Tcp6 OAmon.sys
Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\tdx \Device\Tdx OAmon.sys
Device \Driver\tdx \Device\Udp OAmon.sys
Device \Driver\tdx \Device\RawIp OAmon.sys
Device \Driver\tdx \Device\Udp6 OAmon.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x12a18ac1 size 0x1b7

---- EOF - GMER 1.0.15 ----

====================================================
RSIT:
====================================================
Logfile of random's system information tool 1.08 (written by random/random)
Run by drb at 2011-02-03 14:42:15
Microsoft Windows 7 Professional
System drive C: has 12 GB (56%) free of 21 GB
Total RAM: 3325 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:42:24, on 3.2.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
D:\Program Files\Online Armor\OAcat.exe
D:\Program Files\Online Armor\oasrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
D:\Program Files\Online Armor\oaui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
D:\Program Files\ASUS\Turbo Key\TurboKey.exe
D:\Program Files\SmartClock\SmartClock.exe
D:\Program Files\PeerGuardian2\pg2.exe
D:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
D:\Program Files\foobar2000\foobar2000.exe
D:\Program Files\Verdict Free\Verdict.exe
D:\Program Files\Nomad\Nomad_x86.exe
D:\drb\Dnl\zwqo93os.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe
D:\drb\Dnl\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\drb.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "D:\Program Files\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Turbo Key] "D:\Program Files\ASUS\Turbo Key\TurboKey.exe"
O4 - HKCU\..\Run: [SmartClock] D:\Program Files\SmartClock\SmartClock.exe /boot
O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3896690-2F68-4A4C-9350-0D61B3268E1C}: NameServer = 192.168.1.1
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - D:\Program Files\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - D:\Program Files\Online Armor\oasrv.exe

--
End of file - 4642 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 136216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 170520]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"@OnlineArmor GUI"=D:\Program Files\Online Armor\oaui.exe [2010-10-26 2345000]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-08-18 7711264]
"Turbo Key"=D:\Program Files\ASUS\Turbo Key\TurboKey.exe [2009-06-02 1769472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartClock"=D:\Program Files\SmartClock\SmartClock.exe [2003-04-26 880128]
"PeerGuardian"=D:\Program Files\PeerGuardian2\pg2.exe [2007-06-02 1457152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=D:\PROGRA~1\ONLINE~1\oaevent.dll [2010-10-26 353992]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-02-03 14:42:16 ----D---- C:\Program Files\trend micro
2011-02-03 14:42:15 ----D---- C:\rsit
2011-02-03 02:46:54 ----D---- C:\ProgramData\ASUS OC Profiles
2011-02-03 02:41:40 ----RA---- C:\Windows\system32\drivers\RtTeam60.sys
2011-02-03 02:41:22 ----RA---- C:\Windows\system32\drivers\RtVlan60.sys
2011-02-03 02:41:06 ----RA---- C:\Windows\system32\drivers\RtNdPt60.sys
2011-02-03 01:51:01 ----RA---- C:\Windows\system32\drivers\AsIO.sys
2011-02-03 01:51:01 ----RA---- C:\Windows\system32\AsIO.dll
2011-02-03 01:51:01 ----D---- C:\Program Files\ASUS
2011-02-03 01:50:37 ----A---- C:\Windows\system32\drivers\AsInsHelp64.sys
2011-02-03 01:50:37 ----A---- C:\Windows\system32\drivers\AsInsHelp32.sys
2011-02-03 01:38:51 ----A---- C:\Windows\system32\RtNicProp32.dll
2011-02-03 01:38:39 ----A---- C:\Windows\system32\drivers\Rt86win7.sys
2011-02-03 01:30:02 ----D---- C:\Windows\system32\RTCOM
2011-02-03 01:29:49 ----A---- C:\Windows\system32\WavesLib.dll
2011-02-03 01:29:47 ----A---- C:\Windows\system32\SRSWOW.dll
2011-02-03 01:29:47 ----A---- C:\Windows\system32\SRSTSXT.dll
2011-02-03 01:29:47 ----A---- C:\Windows\system32\SRSTSHD.dll
2011-02-03 01:29:47 ----A---- C:\Windows\system32\SRSHP360.dll
2011-02-03 01:29:46 ----A---- C:\Windows\system32\RtkPgExt.dll
2011-02-03 01:29:46 ----A---- C:\Windows\system32\RtkCoInst.dll
2011-02-03 01:29:45 ----A---- C:\Windows\system32\RtkApoApi.dll
2011-02-03 01:29:44 ----A---- C:\Windows\system32\RtkAPO.dll
2011-02-03 01:29:36 ----A---- C:\Windows\system32\RP3DHT32.dll
2011-02-03 01:29:36 ----A---- C:\Windows\system32\RP3DAA32.dll
2011-02-03 01:29:36 ----A---- C:\Windows\system32\drivers\RTKVHDA.sys
2011-02-03 01:29:35 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2011-02-03 01:29:35 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2011-02-03 01:29:35 ----A---- C:\Windows\system32\MaxxAudioAPO.dll
2011-02-03 01:29:33 ----D---- C:\Program Files\Realtek
2011-02-03 01:29:33 ----A---- C:\Windows\system32\FMAPO.dll
2011-02-03 01:29:33 ----A---- C:\Windows\system32\AERTARen.dll
2011-02-03 01:29:33 ----A---- C:\Windows\system32\AERTACap.dll
2011-02-03 01:29:32 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-03 01:29:24 ----HD---- C:\Program Files\Temp
2011-02-03 01:29:22 ----R---- C:\Windows\RtlExUpd.dll
2011-02-03 01:29:18 ----D---- C:\Program Files\Common Files\InstallShield
2011-02-03 01:24:30 ----RA---- C:\Windows\system32\CSVer.dll
2011-02-02 23:32:22 ----AD---- C:\ProgramData\TEMP
2011-02-02 20:44:07 ----A---- C:\Windows\mbr.exe
2011-02-02 19:05:08 ----D---- C:\Program Files\CCleaner
2011-02-02 14:47:32 ----D---- C:\Windows\system32\Macromed
2011-02-02 12:12:49 ----D---- C:\Users\drb\AppData\Roaming\OnlineArmor
2011-02-02 12:12:49 ----D---- C:\ProgramData\OnlineArmor
2011-02-02 12:12:06 ----A---- C:\Windows\system32\drivers\OAnet.sys
2011-02-02 12:12:06 ----A---- C:\Windows\system32\drivers\OAmon.sys
2011-02-02 12:12:06 ----A---- C:\Windows\system32\drivers\oahlp32.sys
2011-02-02 12:12:06 ----A---- C:\Windows\system32\drivers\OADriver.sys
2011-02-02 12:01:10 ----D---- C:\Users\drb\AppData\Roaming\Macromedia
2011-02-02 12:01:10 ----D---- C:\Users\drb\AppData\Roaming\Adobe
2011-02-02 12:00:56 ----D---- C:\ProgramData\Adobe
2011-02-02 12:00:55 ----D---- C:\Program Files\Common Files\Adobe
2011-02-02 11:51:04 ----A---- C:\Windows\Language_trs.ini
2011-02-02 11:50:53 ----A---- C:\Windows\Ascd_tmp.ini
2011-02-02 11:38:50 ----A---- C:\Windows\system32\psisdecd.dll
2011-02-02 11:38:50 ----A---- C:\Windows\system32\CPFilters.dll
2011-02-02 11:38:40 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2011-02-02 11:38:40 ----A---- C:\Windows\system32\secproc_ssp.dll
2011-02-02 11:38:40 ----A---- C:\Windows\system32\secproc_isv.dll
2011-02-02 11:38:40 ----A---- C:\Windows\system32\secproc.dll
2011-02-02 11:38:40 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2011-02-02 11:38:40 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2011-02-02 11:38:40 ----A---- C:\Windows\system32\RMActivate_isv.exe
2011-02-02 11:38:40 ----A---- C:\Windows\system32\RMActivate.exe
2011-02-02 06:52:34 ----D---- C:\Users\drb\AppData\Roaming\vlc
2011-02-02 04:43:48 ----D---- C:\Users\drb\AppData\Roaming\Win7codecs
2011-02-02 04:42:10 ----D---- C:\ProgramData\Win7codecs
2011-02-02 04:30:32 ----D---- C:\OpenSSL-Win32
2011-02-02 04:30:32 ----A---- C:\Windows\system32\ssleay32.dll
2011-02-02 04:30:32 ----A---- C:\Windows\system32\libssl32.dll
2011-02-02 04:30:32 ----A---- C:\Windows\system32\libeay32.dll
2011-02-02 04:01:16 ----D---- C:\SkyView
2011-02-02 03:46:52 ----D---- C:\Users\drb\AppData\Roaming\foobar2000
2011-02-02 02:49:38 ----D---- C:\Users\drb\AppData\Roaming\PSpad
2011-02-02 02:45:32 ----D---- C:\Users\drb\AppData\Roaming\BMG
2011-02-02 01:38:27 ----D---- C:\Windows\Panther
2011-02-02 00:22:45 ----D---- C:\Users\drb\AppData\Roaming\Mozilla
2011-02-02 00:22:44 ----D---- C:\Users\drb\AppData\Roaming\Thunderbird
2011-02-01 23:49:53 ----HD---- C:\Windows\PIF
2011-02-01 20:54:20 ----SHD---- C:\Windows\Installer
2011-02-01 20:29:34 ----A---- C:\Windows\system32\msv1_0.dll
2011-02-01 20:28:47 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2011-02-01 20:28:47 ----A---- C:\Windows\system32\PresentationHost.exe
2011-02-01 20:28:47 ----A---- C:\Windows\system32\netfxperf.dll
2011-02-01 20:28:47 ----A---- C:\Windows\system32\mscoree.dll
2011-02-01 20:28:47 ----A---- C:\Windows\system32\dfshim.dll
2011-02-01 20:27:05 ----D---- C:\Program Files\Intel
2011-02-01 20:27:05 ----D---- C:\Intel
2011-02-01 20:25:05 ----A---- C:\Windows\system32\drivers\sffp_sd.sys
2011-02-01 20:25:01 ----A---- C:\Windows\system32\drivers\ks.sys
2011-02-01 20:24:30 ----A---- C:\Windows\system32\winlogon.exe
2011-02-01 20:24:30 ----A---- C:\Windows\explorer.exe
2011-02-01 20:24:20 ----A---- C:\Windows\system32\schedsvc.dll
2011-02-01 20:24:19 ----A---- C:\Windows\system32\wmicmiplugin.dll
2011-02-01 20:24:19 ----A---- C:\Windows\system32\taskschd.dll
2011-02-01 20:24:19 ----A---- C:\Windows\system32\taskeng.exe
2011-02-01 20:24:19 ----A---- C:\Windows\system32\taskcomp.dll
2011-02-01 20:24:19 ----A---- C:\Windows\system32\schtasks.exe
2011-02-01 20:22:50 ----A---- C:\Windows\system32\ntdll.dll
2011-02-01 20:22:32 ----A---- C:\Windows\system32\tzres.dll
2011-02-01 20:22:31 ----A---- C:\Windows\system32\spoolsv.exe
2011-02-01 20:22:26 ----A---- C:\Windows\system32\ir32_32.dll
2011-02-01 20:22:26 ----A---- C:\Windows\system32\iccvid.dll
2011-02-01 20:22:25 ----A---- C:\Windows\system32\odbc32.dll
2011-02-01 20:22:25 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-01 20:22:25 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-02-01 20:22:24 ----A---- C:\Windows\system32\ole32.dll
2011-02-01 20:22:20 ----A---- C:\Windows\system32\win32k.sys
2011-02-01 20:22:20 ----A---- C:\Windows\system32\vbscript.dll
2011-02-01 20:22:20 ----A---- C:\Windows\system32\StructuredQuery.dll
2011-02-01 20:22:11 ----A---- C:\Windows\system32\oleaut32.dll
2011-02-01 20:21:51 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-02-01 20:21:51 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-02-01 20:21:51 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-02-01 20:21:45 ----A---- C:\Windows\system32\cabview.dll
2011-02-01 20:20:22 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-02-01 20:20:22 ----A---- C:\Windows\system32\CertEnroll.dll
2011-02-01 20:20:21 ----A---- C:\Windows\system32\winresume.exe
2011-02-01 20:20:21 ----A---- C:\Windows\system32\winload.exe
2011-02-01 20:19:57 ----A---- C:\Windows\system32\consent.exe
2011-02-01 20:19:47 ----A---- C:\Windows\system32\wmpmde.dll
2011-02-01 20:19:47 ----A---- C:\Windows\system32\tsbyuv.dll
2011-02-01 20:19:47 ----A---- C:\Windows\system32\quartz.dll
2011-02-01 20:19:47 ----A---- C:\Windows\system32\msyuv.dll
2011-02-01 20:19:47 ----A---- C:\Windows\system32\msvidc32.dll
2011-02-01 20:19:47 ----A---- C:\Windows\system32\msrle32.dll
2011-02-01 20:19:47 ----A---- C:\Windows\system32\mciavi32.dll
2011-02-01 20:19:47 ----A---- C:\Windows\system32\iyuv_32.dll
2011-02-01 20:19:47 ----A---- C:\Windows\system32\avifil32.dll
2011-02-01 20:19:46 ----A---- C:\Windows\system32\wmp.dll
2011-02-01 20:19:45 ----A---- C:\Windows\system32\wmploc.DLL
2011-02-01 20:19:44 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-02-01 20:19:42 ----A---- C:\Windows\system32\mshtml.dll
2011-02-01 20:19:42 ----A---- C:\Windows\system32\iertutil.dll
2011-02-01 20:19:41 ----A---- C:\Windows\system32\wininet.dll
2011-02-01 20:19:41 ----A---- C:\Windows\system32\urlmon.dll
2011-02-01 20:19:41 ----A---- C:\Windows\system32\mstime.dll
2011-02-01 20:19:41 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-01 20:19:41 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-01 20:19:41 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-01 20:19:41 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-01 20:19:41 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-01 20:19:41 ----A---- C:\Windows\system32\jsproxy.dll
2011-02-01 20:19:41 ----A---- C:\Windows\system32\ieui.dll
2011-02-01 20:19:41 ----A---- C:\Windows\system32\iepeers.dll
2011-02-01 20:19:41 ----A---- C:\Windows\system32\ieframe.dll
2011-02-01 20:19:41 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-01 20:19:40 ----A---- C:\Windows\system32\msasn1.dll
2011-02-01 20:19:39 ----A---- C:\Windows\system32\srvsvc.dll
2011-02-01 20:19:39 ----A---- C:\Windows\system32\lsasrv.dll
2011-02-01 20:19:39 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-02-01 20:19:39 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-02-01 20:19:39 ----A---- C:\Windows\system32\drivers\srv.sys
2011-02-01 20:19:39 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2011-02-01 20:19:38 ----A---- C:\Windows\system32\shell32.dll
2011-02-01 20:19:38 ----A---- C:\Windows\system32\rtutils.dll
2011-02-01 20:19:37 ----A---- C:\Windows\system32\mfc40u.dll
2011-02-01 20:19:37 ----A---- C:\Windows\system32\mfc40.dll
2011-02-01 20:19:34 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-02-01 20:19:33 ----A---- C:\Windows\system32\jscript.dll
2011-02-01 20:19:33 ----A---- C:\Windows\system32\fontsub.dll
2011-02-01 20:19:33 ----A---- C:\Windows\system32\atmlib.dll
2011-02-01 20:19:33 ----A---- C:\Windows\system32\atmfd.dll
2011-02-01 20:19:32 ----A---- C:\Windows\system32\inetcomm.dll
2011-02-01 20:19:30 ----A---- C:\Windows\system32\schannel.dll
2011-02-01 20:19:30 ----A---- C:\Windows\system32\msxml3.dll
2011-02-01 20:19:30 ----A---- C:\Windows\system32\asycfilt.dll
2011-02-01 20:19:29 ----A---- C:\Windows\system32\webio.dll
2011-02-01 20:19:15 ----A---- C:\Windows\system32\wintrust.dll
2011-02-01 20:19:08 ----A---- C:\Windows\system32\kernel32.dll
2011-02-01 20:19:08 ----A---- C:\Windows\system32\comctl32.dll
2011-02-01 20:19:08 ----A---- C:\Windows\system32\apphelp.dll
2011-02-01 20:19:03 ----A---- C:\Windows\system32\t2embed.dll
2011-02-01 20:19:03 ----A---- C:\Windows\system32\drivers\fvevol.sys
2011-02-01 17:17:54 ----N---- C:\Windows\system32\MpSigStub.exe
2011-02-01 17:03:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-01 17:02:25 ----D---- C:\Windows\SoftwareDistribution
2011-02-01 17:01:36 ----D---- C:\Users\drb\AppData\Roaming\Identities
2011-02-01 17:01:30 ----SD---- C:\Users\drb\AppData\Roaming\Microsoft
2011-02-01 17:01:30 ----D---- C:\Users\drb\AppData\Roaming\Media Center Programs
2011-02-01 17:01:21 ----SHD---- C:\Recovery
2011-02-01 16:39:46 ----D---- C:\Windows\Prefetch
2011-02-01 16:39:09 ----SHD---- C:\System Volume Information
2011-02-01 16:39:09 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 months======

2011-02-03 14:42:16 ----RD---- C:\Program Files
2011-02-03 14:37:16 ----D---- C:\Windows\System32
2011-02-03 14:37:16 ----D---- C:\Windows\inf
2011-02-03 10:31:14 ----SD---- C:\ProgramData\Microsoft
2011-02-03 02:46:54 ----HD---- C:\ProgramData
2011-02-03 02:44:20 ----D---- C:\Windows
2011-02-03 02:41:40 ----D---- C:\Windows\system32\drivers
2011-02-03 02:41:26 ----D---- C:\Windows\system32\catroot
2011-02-03 02:41:25 ----D---- C:\Windows\system32\DriverStore
2011-02-03 02:40:52 ----D---- C:\Windows\system32\catroot2
2011-02-03 01:52:19 ----D---- C:\Windows\system32\Tasks
2011-02-03 01:39:30 ----D---- C:\Windows\Temp
2011-02-03 01:29:18 ----D---- C:\Program Files\Common Files
2011-02-03 00:26:14 ----D---- C:\Windows\debug
2011-02-02 23:42:47 ----D---- C:\Windows\system32\config
2011-02-02 23:32:43 ----D---- C:\Windows\winsxs
2011-02-02 23:32:28 ----D---- C:\Program Files\Common Files\microsoft shared
2011-02-02 21:54:34 ----SHD---- C:\$Recycle.Bin
2011-02-02 21:54:29 ----RD---- C:\Users
2011-02-02 13:57:21 ----D---- C:\Windows\system32\wdi
2011-02-02 13:03:34 ----D---- C:\Windows\rescache
2011-02-02 11:38:52 ----D---- C:\Program Files\Internet Explorer
2011-02-02 06:38:09 ----RSD---- C:\Windows\assembly
2011-02-02 06:38:09 ----D---- C:\Windows\Microsoft.NET
2011-02-02 05:24:28 ----D---- C:\Program Files\DVD Maker
2011-02-02 05:24:27 ----D---- C:\Windows\system32\en-US
2011-02-02 05:24:27 ----D---- C:\Windows\PolicyDefinitions
2011-02-01 21:10:41 ----D---- C:\Windows\Logs
2011-02-01 20:35:55 ----D---- C:\Windows\system32\migration
2011-02-01 20:35:55 ----D---- C:\Windows\system32\Boot
2011-02-01 20:35:55 ----D---- C:\Program Files\Windows Mail
2011-02-01 20:35:54 ----D---- C:\Windows\AppPatch
2011-02-01 20:35:54 ----D---- C:\Program Files\Windows Media Player
2011-02-01 19:12:17 ----HD---- C:\Windows\system32\GroupPolicy
2011-02-01 17:17:47 ----D---- C:\Windows\system32\restore
2011-02-01 17:02:58 ----D---- C:\Windows\system32\wbem
2011-02-01 16:51:59 ----D---- C:\Windows\system32\CodeIntegrity
2011-02-01 16:41:00 ----D---- C:\Windows\system32\sysprep
2011-02-01 16:39:42 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2006-09-24 5248]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 AsUpIO;AsUpIO; C:\Windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 OADevice;OADriver; \??\C:\Windows\system32\drivers\OADriver.sys [2010-10-26 202064]
R1 oahlpXX;Online Armor helper driver; \??\C:\Windows\system32\drivers\oahlp32.sys [2010-10-26 38856]
R1 OAmon;OAmon; \??\C:\Windows\system32\drivers\OAmon.sys [2010-10-26 25000]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 RtNdPt60;Realtek NDIS Protocol Driver; C:\Windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 27648]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-08-25 9024512]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-18 2752352]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 13216]
R3 OAnet;OnlineArmor Service; C:\Windows\system32\DRIVERS\oanet.sys [2010-10-26 29120]
R3 pgfilter;pgfilter; \??\D:\Program Files\PeerGuardian2\pgfilter.sys [2007-06-02 8192]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
R3 ttBudget2;TechnoTrend BDA/DVB (BDA); C:\Windows\system32\drivers\ttBudget2.sys [2009-01-16 457472]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 pxldipow;pxldipow; \??\C:\Users\drb\AppData\Local\Temp\pxldipow.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0); C:\Windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 35328]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0); C:\Windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 19968]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0); C:\Windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 35328]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 OAcat;Online Armor Helper Service; D:\Program Files\Online Armor\OAcat.exe [2010-10-26 380784]
R2 SvcOnlineArmor;Online Armor; D:\Program Files\Online Armor\oasrv.exe [2010-10-26 3652696]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

Musím jít naplnit lednici.

Tak až ji naplníte (můžete se stavit i u nás, ), tak ještě ten combofix.