VIRY.CZ

Zdravím, mám následující problém s počítačem - většinou při zapnutí, ale někdy i během práce mi zčerná monitor a objeví se okno, kde je napsáno, že došlo k neutorizovaná změně systému a že systém omezil některé funkce. Pro více informací a odstranění chyby klikně na tlačítko. Když na ně kliknu, otevře se internetový prohlížeč, na vteřinku se objeví něco v tom smyslu, že testování, zda je můj systém legální bude trvat několik desítek minut. Tato zpráva ihned zmizí a objeví se stránky společnosti microsoft. Druhou možností je kliknou na zavřít. Když to udělám, objeví se mi úvodní modrá obrazovka s jedn. uživateli. Děkuji za jakoukoliv radu

Logfile of random's system information tool 1.08 (written by random/random)
Run by Makyna at 2011-04-30 17:52:41
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 56 GB (55%) free of 101 GB
Total RAM: 2037 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:52:54, on 30.4.2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18602)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Makyna\Downloads\RSIT.exe
C:\Program Files\trend micro\Makyna.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: YouTubeUploaderLib.YouTubeUploaderLib - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Device Detection] C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe
O4 - HKCU\..\Run: [ICQ] ~"C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8608 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2010-06-13 1438520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-21 1018680]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2010-06-13 1438520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-15 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-15 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-15 133656]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-13 405504]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2007-12-08 3444736]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-05-10 36864]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-07-24 174616]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2011-04-18 3460784]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-08-15 149280]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2010-08-30 111928]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"Device Detection"=C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe [2010-12-01 401592]
"ICQ"=~C:\Program Files\ICQ7.2\ICQ.exe silent loginmode=4 []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-02 200704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2011-04-30 17:45:48 ----D---- C:\Program Files\trend micro
2011-04-30 17:45:47 ----D---- C:\rsit
2011-04-30 10:28:25 ----D---- C:\Users\Makyna\AppData\Roaming\Malwarebytes
2011-04-30 10:28:09 ----D---- C:\ProgramData\Malwarebytes
2011-04-30 10:28:09 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-04-30 10:28:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-04-30 10:28:05 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-04-29 16:15:48 ----D---- C:\Program Files\ESET
2011-04-28 09:03:23 ----A---- C:\Windows\system32\Apphlpdm.dll
2011-04-28 09:03:21 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2011-04-14 08:40:22 ----A---- C:\Windows\system32\atmfd.dll
2011-04-14 08:40:21 ----A---- C:\Windows\system32\atmlib.dll
2011-04-14 08:40:19 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-04-14 08:40:19 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-04-14 08:40:19 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-04-14 08:40:19 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-04-14 08:40:15 ----A---- C:\Windows\system32\mfc42.dll
2011-04-14 08:40:14 ----A---- C:\Windows\system32\mfc42u.dll
2011-04-14 08:40:12 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-04-14 08:40:12 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-04-14 08:40:12 ----A---- C:\Windows\system32\drivers\srv.sys
2011-04-14 08:40:10 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-04-14 08:40:10 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-04-14 08:40:10 ----A---- C:\Windows\system32\dnsapi.dll
2011-04-14 08:40:05 ----A---- C:\Windows\system32\mshtml.dll
2011-04-14 08:40:04 ----A---- C:\Windows\system32\urlmon.dll
2011-04-14 08:40:04 ----A---- C:\Windows\system32\ieapfltr.dll
2011-04-14 08:40:02 ----A---- C:\Windows\system32\mshtmled.dll
2011-04-14 08:40:01 ----A---- C:\Windows\system32\ieframe.dll
2011-04-14 08:40:00 ----A---- C:\Windows\system32\wininet.dll
2011-04-14 08:40:00 ----A---- C:\Windows\system32\mstime.dll
2011-04-14 08:40:00 ----A---- C:\Windows\system32\ieaksie.dll
2011-04-14 08:39:59 ----A---- C:\Windows\system32\iepeers.dll
2011-04-14 08:39:59 ----A---- C:\Windows\system32\iedkcs32.dll
2011-04-14 08:39:58 ----A---- C:\Windows\system32\occache.dll
2011-04-14 08:39:58 ----A---- C:\Windows\system32\msfeeds.dll
2011-04-14 08:39:58 ----A---- C:\Windows\system32\iertutil.dll
2011-04-14 08:39:57 ----A---- C:\Windows\system32\jsproxy.dll
2011-04-14 08:39:57 ----A---- C:\Windows\system32\ieencode.dll
2011-04-14 08:39:55 ----A---- C:\Windows\system32\win32k.sys
2011-04-14 08:39:53 ----A---- C:\Windows\system32\vbscript.dll
2011-04-14 08:39:53 ----A---- C:\Windows\system32\jscript.dll
2011-04-14 08:39:51 ----A---- C:\Windows\system32\inetcomm.dll

======List of files/folders modified in the last 1 months======

2011-04-30 17:52:50 ----D---- C:\Users\Makyna\AppData\Roaming\ICQ
2011-04-30 17:52:46 ----D---- C:\Windows\Temp
2011-04-30 17:52:14 ----D---- C:\Windows\Prefetch
2011-04-30 17:45:48 ----RD---- C:\Program Files
2011-04-30 12:53:55 ----SHD---- C:\System Volume Information
2011-04-30 11:49:48 ----SD---- C:\ProgramData\Microsoft
2011-04-30 10:28:09 ----HD---- C:\ProgramData
2011-04-30 10:28:09 ----D---- C:\Windows\system32\drivers
2011-04-29 08:55:36 ----D---- C:\Windows\winsxs
2011-04-29 08:55:34 ----D---- C:\Windows\System32
2011-04-29 08:55:33 ----D---- C:\Windows\AppPatch
2011-04-28 08:40:51 ----D---- C:\Windows\system32\catroot2
2011-04-28 08:40:51 ----D---- C:\Windows\system32\catroot
2011-04-27 11:13:44 ----D---- C:\Windows\inf
2011-04-27 11:13:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-22 10:56:05 ----D---- C:\Windows
2011-04-22 10:53:11 ----D---- C:\Windows\Minidump
2011-04-21 21:26:08 ----SD---- C:\Users\Makyna\AppData\Roaming\Microsoft
2011-04-18 19:25:10 ----A---- C:\Windows\system32\aswBoot.exe
2011-04-17 22:09:44 ----D---- C:\Windows\Microsoft.NET
2011-04-17 22:08:33 ----RSD---- C:\Windows\assembly
2011-04-15 12:14:38 ----D---- C:\Program Files\Internet Explorer
2011-04-15 08:59:49 ----SHD---- C:\Windows\Installer
2011-04-15 08:51:22 ----D---- C:\Program Files\Windows Mail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-04-25 277784]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-15 717296]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-04-18 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-04-18 441176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-04-18 307288]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-04-18 49240]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-04-18 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-12-06 1044984]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-02 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-02 206848]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-11 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-13 330240]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-02 659968]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-17 278528]
S3 ag745zbl;ag745zbl; C:\Windows\system32\drivers\ag745zbl.sys []
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-09-20 73728]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-04-18 42184]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-07-24 354840]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-13 102400]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-12-08 24064]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

Hezké odpoledne

systém máte legální?
Vidím že máte mbam, našel něco?

Zdravím
1. Systém mám legální
2. Nenašel

Zazálohujte si důležitá data, pro jistotu

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

ComboFix 11-04-29.04 - Makyna 30.04.2011 19:07:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2037.1071 [GMT 2:00]
Spuštěný z: c:\users\Makyna\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-28 do 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-30 17:19 . 2011-04-30 17:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-30 15:45 . 2011-04-30 15:52 -------- d-----w- c:\program files\trend micro
2011-04-30 15:45 . 2011-04-30 15:46 -------- d-----w- C:\rsit
2011-04-30 08:28 . 2011-04-30 08:28 -------- d-----w- c:\users\Makyna\AppData\Roaming\Malwarebytes
2011-04-30 08:28 . 2011-04-30 08:28 -------- d-----w- c:\programdata\Malwarebytes
2011-04-30 08:28 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-30 08:28 . 2011-04-30 08:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-30 08:28 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-29 14:15 . 2011-04-29 14:15 -------- d-----w- c:\program files\ESET
2011-04-29 06:57 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8173E8E0-A28A-4E1B-AC87-7222CB5AC539}\mpengine.dll
2011-04-28 07:03 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 07:03 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 17:25 . 2010-07-28 06:03 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2010-07-28 06:03 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-18 17:17 . 2011-03-16 12:57 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-18 17:17 . 2010-07-28 06:04 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2010-07-28 06:04 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:13 . 2010-07-28 06:04 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2010-07-28 06:04 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-18 17:12 . 2010-07-28 06:04 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-13 17:32 . 2010-10-14 08:53 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2011-03-03 14:56 . 2011-04-28 07:03 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-28 07:03 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-28 07:03 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 14:56 . 2011-04-28 07:03 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-02-02 16:11 . 2010-07-28 11:17 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 138552]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-06-13 15:25 1438520 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Device Detection"="c:\program files\FUJIFILM\MyFinePix Studio\dd.exe" [2010-12-01 401592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 174616]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-08-15 149280]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-08-30 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-15 717296]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]
.
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com
mStart Page = hxxp://home.sweetim.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
FF - ProfilePath - c:\users\Makyna\AppData\Roaming\Mozilla\Firefox\Profiles\xmnkxqrs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Brothersoft Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Brothersoft Community Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - %profile%\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-ICQ - ~c:\program files\ICQ7.2\ICQ.exe
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-30 19:22
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
ÍšfdÍ ¦dÍŁ} [-36895644] 0x00650053
ÍšfdÍ ¦dÍŁ} [-36895644] 0x00730069
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-04-30 19:26:13
ComboFix-quarantined-files.txt 2011-04-30 17:26
.
Před spuštěním: Volných bajtů: 58 327 187 456
Po spuštění: Volných bajtů: 58 475 143 168
.
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 3AA0C5C8BF404DEA70A3866B1340C621

něco se mi tam nelíbí .
Jinak změnilo se něco?

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Bohužel nemůžu říct, jetsli se něco změnilo. Někdy mě to zlobí třikrát po sobě při zapnutí (někdy stačil restart, někdy vytáhnout baterku), pak 2 dny nic. A dneska se mi to poprvé stalo ikdyž byl ntb zapnutý.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6479

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

30.4.2011 20:55:26
mbam-log-2011-04-30 (20-55-26).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 285640
Uplynulý čas: 1 hodin, 17 minut, 13 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

GMER 1.0.15.15572 - http://www.gmer.net
Rootkit quick scan 2011-04-30 21:45:53
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST912082 rev.3.CD
Running: gmer.exe; Driver: C:\Users\Makyna\AppData\Local\Temp\awdiypob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E697762]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8560A1F8
Device \Driver\iaStor \Device\Ide\iaStor0 [884C9D80] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 8560A1F8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [884C9D80] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\ag745zbl \Device\Scsi\ag745zbl1Port3Path0Target0Lun0 870BB1F8
Device \Driver\ag745zbl \Device\Scsi\ag745zbl1 870BB1F8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 8560C1F8
Device \FileSystem\fastfat \Fat AE4B3500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-04-30 22:24:41
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0 ST912082 rev.3.CD
Running: gmer.exe; Driver: C:\Users\Makyna\AppData\Local\Temp\awdiypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D05B202]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D05D7F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D05D848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D05D95E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D05D746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8D05D898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D05D79A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D05D90C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D05B226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8D05AFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D05B24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D05DD56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D05BCDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D05D820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D05D870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D05D988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D05D772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D05D8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D05D7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D05D936]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D05BBA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D05B26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D05B292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D05B04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D05B186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D05B162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D05B1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D05B2B6]

INT 0x62 ? 86FF2BF8
INT 0x72 ? 86FF2BF8
INT 0x72 ? 86FF2BF8
INT 0x72 ? 86FF2BF8
INT 0x82 ? 86FF2BF8
INT 0x82 ? 86FF2BF8
INT 0x82 ? 86FF2BF8
INT 0x82 ? 86FF2BF8
INT 0xA2 ? 84C79BF8
INT 0xB2 ? 85609BF8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E697762]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 340 82B07964 4 Bytes [02, B2, 05, 8D]
.text ntkrnlpa.exe!KeSetTimerEx + 404 82B07A28 8 Bytes [F0, D7, 05, 8D, 48, D8, 05, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 411 82B07A35 3 Bytes [D9, 05, 8D]
.text ntkrnlpa.exe!KeSetTimerEx + 428 82B07A4C 4 Bytes [46, D7, 05, 8D]
.text ntkrnlpa.exe!KeSetTimerEx + 448 82B07A6C 8 Bytes [98, D8, 05, 8D, 9A, D7, 05, ...]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C2ED5E 5 Bytes JMP 8E69311E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82C6B666 4 Bytes CALL 8D05C34B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82C7AFC9 4 Bytes CALL 8D05C361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82C97872 5 Bytes JMP 8E694BBC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82CE3776 7 Bytes JMP 8E697766 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? System32\Drivers\spki.sys Systém nemůže nalézt uvedenou cestu. !
.text USBPORT.SYS!DllUnload 8C93F46F 5 Bytes JMP 86FF21D8
.text ag745zbl.SYS 8C9B5000 22 Bytes [26, 32, A2, 82, 10, 31, A2, ...]
.text ag745zbl.SYS 8C9B5017 145 Bytes [00, 32, C7, 79, 80, 3D, C5, ...]
.text ag745zbl.SYS 8C9B50A9 35 Bytes [20, AA, 82, 60, 17, AA, 82, ...]
.text ag745zbl.SYS 8C9B50CE 10 Bytes [00, 00, 00, 00, 00, 00, 66, ...]
.text ag745zbl.SYS 8C9B50DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...
.text win32k.sys!EngCreateRectRgn + 51BE 96294101 5 Bytes JMP 8D05E440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 2098 962A73F7 5 Bytes JMP 8D05DE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + B50 962BADDC 5 Bytes JMP 8D05DD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F27 962BB1B3 5 Bytes JMP 8D05EBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCombineRgn + 316B 962BFAEB 5 Bytes JMP 8D05E03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetRectRgn + 192F 962C27B7 5 Bytes JMP 8D05DF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 65CF 962CC969 5 Bytes JMP 8D05E316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8742 962CEADC 5 Bytes JMP 8D05EF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + C760 962EC153 5 Bytes JMP 8D05E180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + C833 962EC226 5 Bytes JMP 8D05E326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 3FBB 9630E21A 5 Bytes JMP 8D05EB64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 7DEA 96312049 5 Bytes JMP 8D05DFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 442A 96324554 5 Bytes JMP 8D05DE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 9061 9632918B 5 Bytes JMP 8D05ED54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 92BD 963293E7 5 Bytes JMP 8D05EE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 3838 9633D738 5 Bytes JMP 8D05F014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 4D22 96345E86 5 Bytes JMP 8D05EBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 17BC 9634F9FE 5 Bytes JMP 8D05ECA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 478A 9635648D 5 Bytes JMP 8D05DEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 40E 96372CB1 5 Bytes JMP 8D05E0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + CC9 9637CB70 5 Bytes JMP 8D05E008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 963806A8 5 Bytes JMP 8D05EECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 30AE 9639B641 5 Bytes JMP 8D05E0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\Windows\system32\Drivers\PROCEXP113.SYS Systém nemůže nalézt uvedený soubor. !
? C:\Users\Makyna\AppData\Local\Temp\catchme.sys Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\igfxpers.exe[12] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxpers.exe[12] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxpers.exe[12] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[12] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00170804
.text C:\Windows\System32\igfxpers.exe[12] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 001701F8
.text C:\Windows\System32\igfxpers.exe[12] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 001703FC
.text C:\Windows\System32\igfxpers.exe[12] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00170600
.text C:\Windows\System32\igfxpers.exe[12] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00170A08
.text C:\Windows\System32\igfxpers.exe[12] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxpers.exe[12] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxpers.exe[12] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00181014
.text C:\Windows\System32\igfxpers.exe[12] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxpers.exe[12] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxpers.exe[12] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00180C0C
.text C:\Windows\System32\igfxpers.exe[12] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00180E10
.text C:\Windows\System32\igfxpers.exe[12] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 001801F8
.text C:\Program Files\Windows Defender\MSASCui.exe[424] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Defender\MSASCui.exe[424] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Defender\MSASCui.exe[424] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[424] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Defender\MSASCui.exe[424] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Program Files\Windows Defender\MSASCui.exe[424] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Defender\MSASCui.exe[424] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Defender\MSASCui.exe[424] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Defender\MSASCui.exe[424] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Defender\MSASCui.exe[424] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Defender\MSASCui.exe[424] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Defender\MSASCui.exe[424] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00080804
.text C:\Program Files\Windows Defender\MSASCui.exe[424] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Defender\MSASCui.exe[424] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Defender\MSASCui.exe[424] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00080600
.text C:\Program Files\Windows Defender\MSASCui.exe[424] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00080A08
.text C:\Windows\System32\igfxtray.exe[484] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxtray.exe[484] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxtray.exe[484] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[484] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxtray.exe[484] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 001801F8
.text C:\Windows\System32\igfxtray.exe[484] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxtray.exe[484] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxtray.exe[484] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxtray.exe[484] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 001903FC
.text C:\Windows\System32\igfxtray.exe[484] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00190600
.text C:\Windows\System32\igfxtray.exe[484] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00191014
.text C:\Windows\System32\igfxtray.exe[484] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00190804
.text C:\Windows\System32\igfxtray.exe[484] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00190A08
.text C:\Windows\System32\igfxtray.exe[484] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00190C0C
.text C:\Windows\System32\igfxtray.exe[484] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00190E10
.text C:\Windows\System32\igfxtray.exe[484] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 001901F8
.text C:\Windows\System32\hkcmd.exe[588] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001501F8
.text C:\Windows\System32\hkcmd.exe[588] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001503FC
.text C:\Windows\System32\hkcmd.exe[588] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[588] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00280804
.text C:\Windows\System32\hkcmd.exe[588] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 002801F8
.text C:\Windows\System32\hkcmd.exe[588] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 002803FC
.text C:\Windows\System32\hkcmd.exe[588] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00280600
.text C:\Windows\System32\hkcmd.exe[588] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00280A08
.text C:\Windows\System32\hkcmd.exe[588] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 002903FC
.text C:\Windows\System32\hkcmd.exe[588] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00290600
.text C:\Windows\System32\hkcmd.exe[588] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00291014
.text C:\Windows\System32\hkcmd.exe[588] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00290804
.text C:\Windows\System32\hkcmd.exe[588] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00290A08
.text C:\Windows\System32\hkcmd.exe[588] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00290C0C
.text C:\Windows\System32\hkcmd.exe[588] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00290E10
.text C:\Windows\System32\hkcmd.exe[588] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 002901F8
.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\wininit.exe[672] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[672] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[672] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 000A0804
.text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 000A01F8
.text C:\Windows\system32\wininit.exe[672] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 000A03FC
.text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 000A0600
.text C:\Windows\system32\wininit.exe[672] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 000A0A08
.text C:\Windows\system32\csrss.exe[684] KERNEL32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\services.exe[716] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[716] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[716] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\services.exe[716] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[716] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[716] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[716] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[716] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[716] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 000803FC
.text C:\Windows\system32\services.exe[716] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[716] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[732] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[732] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[732] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[732] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[732] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[732] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[732] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsm.exe[740] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[740] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[740] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\winlogon.exe[816] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[816] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[816] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000603FC
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00060600
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00061014
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00060804
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00060A08
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00060C0C
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00060E10
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000601F8
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00070804
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 000701F8
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 000703FC
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00070600
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00070A08
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[844] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001501F8
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[844] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[844] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[844] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00170804
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[844] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 001701F8
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[844] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 001703FC
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[844] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00170600
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[844] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00170A08
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[844] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 001803FC
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[844] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00180600
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[844] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00181014
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[844] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00180804
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[844] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00180A08
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[844] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00180C0C
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[844] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00180E10
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[844] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[932] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 000F0804
.text C:\Windows\system32\svchost.exe[932] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 000F01F8
.text C:\Windows\system32\svchost.exe[932] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 000F03FC
.text C:\Windows\system32\svchost.exe[932] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 000F0600
.text C:\Windows\system32\svchost.exe[932] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 000F0A08
.text C:\Windows\System32\WLTRAY.EXE[940] KERNEL32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00150804
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 001501F8
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 001503FC
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00150600
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00150A08
.text C:\Windows\System32\svchost.exe[1060] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 000C0804
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 000C01F8
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 000C03FC
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 000C0600
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 000C0A08
.text C:\Windows\System32\svchost.exe[1136] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1136] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1136] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00B60804
.text C:\Windows\System32\svchost.exe[1136] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 00B601F8
.text C:\Windows\System32\svchost.exe[1136] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 00B603FC
.text C:\Windows\System32\svchost.exe[1136] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00B60600
.text C:\Windows\System32\svchost.exe[1136] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00B60A08
.text C:\Windows\System32\svchost.exe[1172] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1172] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1172] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00D60804
.text C:\Windows\System32\svchost.exe[1172] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 00D601F8
.text C:\Windows\System32\svchost.exe[1172] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 00D603FC
.text C:\Windows\System32\svchost.exe[1172] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00D60600
.text C:\Windows\System32\svchost.exe[1172] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00D60A08
.text C:\Windows\system32\svchost.exe[1216] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1216] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC

l32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00240804
.text C:\Windows\system32\svchost.exe[1216] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 002401F8
.text C:\Windows\system32\svchost.exe[1216] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 002403FC
.text C:\Windows\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00240600
.text C:\Windows\system32\svchost.exe[1216] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00240A08
.text C:\Windows\OEM02Mon.exe[1248] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001401F8
.text C:\Windows\OEM02Mon.exe[1248] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001403FC
.text C:\Windows\OEM02Mon.exe[1248] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\OEM02Mon.exe[1248] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00160804
.text C:\Windows\OEM02Mon.exe[1248] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 001601F8
.text C:\Windows\OEM02Mon.exe[1248] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 001603FC
.text C:\Windows\OEM02Mon.exe[1248] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00160600
.text C:\Windows\OEM02Mon.exe[1248] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00160A08
.text C:\Windows\OEM02Mon.exe[1248] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 001703FC
.text C:\Windows\OEM02Mon.exe[1248] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00170600
.text C:\Windows\OEM02Mon.exe[1248] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00171014
.text C:\Windows\OEM02Mon.exe[1248] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00170804
.text C:\Windows\OEM02Mon.exe[1248] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00170A08
.text C:\Windows\OEM02Mon.exe[1248] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00170C0C
.text C:\Windows\OEM02Mon.exe[1248] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00170E10
.text C:\Windows\OEM02Mon.exe[1248] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 001701F8
.text C:\Windows\system32\AUDIODG.EXE[1308] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\SLsvc.exe[1344] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00CF0804
.text C:\Windows\system32\svchost.exe[1396] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 00CF01F8
.text C:\Windows\system32\svchost.exe[1396] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 00CF03FC
.text C:\Windows\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00CF0600
.text C:\Windows\system32\svchost.exe[1396] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00CF0A08
.text C:\Windows\system32\igfxsrvc.exe[1536] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001501F8
.text C:\Windows\system32\igfxsrvc.exe[1536] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001503FC
.text C:\Windows\system32\igfxsrvc.exe[1536] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[1536] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00170804
.text C:\Windows\system32\igfxsrvc.exe[1536] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 001701F8
.text C:\Windows\system32\igfxsrvc.exe[1536] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 001703FC
.text C:\Windows\system32\igfxsrvc.exe[1536] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00170600
.text C:\Windows\system32\igfxsrvc.exe[1536] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00170A08
.text C:\Windows\system32\igfxsrvc.exe[1536] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 001803FC
.text C:\Windows\system32\igfxsrvc.exe[1536] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00180600
.text C:\Windows\system32\igfxsrvc.exe[1536] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00181014
.text C:\Windows\system32\igfxsrvc.exe[1536] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00180804
.text C:\Windows\system32\igfxsrvc.exe[1536] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00180A08
.text C:\Windows\system32\igfxsrvc.exe[1536] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00180C0C
.text C:\Windows\system32\igfxsrvc.exe[1536] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00180E10
.text C:\Windows\system32\igfxsrvc.exe[1536] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[1632] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1632] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1632] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1632] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[1632] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1632] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[1632] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1632] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1632] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[1632] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[1632] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1632] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 000F0804
.text C:\Windows\system32\svchost.exe[1632] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 000F01F8
.text C:\Windows\system32\svchost.exe[1632] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 000F03FC
.text C:\Windows\system32\svchost.exe[1632] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 000F0600
.text C:\Windows\system32\svchost.exe[1632] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 000F0A08
.text C:\Users\Makyna\Downloads\gmer.exe[1640] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001501F8
.text C:\Users\Makyna\Downloads\gmer.exe[1640] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001503FC
.text C:\Users\Makyna\Downloads\gmer.exe[1640] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Users\Makyna\Downloads\gmer.exe[1640] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 001903FC
.text C:\Users\Makyna\Downloads\gmer.exe[1640] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00190600
.text C:\Users\Makyna\Downloads\gmer.exe[1640] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00191014
.text C:\Users\Makyna\Downloads\gmer.exe[1640] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00190804
.text C:\Users\Makyna\Downloads\gmer.exe[1640] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00190A08
.text C:\Users\Makyna\Downloads\gmer.exe[1640] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00190C0C
.text C:\Users\Makyna\Downloads\gmer.exe[1640] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00190E10
.text C:\Users\Makyna\Downloads\gmer.exe[1640] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 001901F8
.text C:\Users\Makyna\Downloads\gmer.exe[1640] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 003C0804
.text C:\Users\Makyna\Downloads\gmer.exe[1640] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 003C01F8
.text C:\Users\Makyna\Downloads\gmer.exe[1640] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 003C03FC
.text C:\Users\Makyna\Downloads\gmer.exe[1640] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 003C0600
.text C:\Users\Makyna\Downloads\gmer.exe[1640] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 003C0A08
.text C:\Windows\system32\WLANExt.exe[1840] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\WLANExt.exe[1840] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\WLANExt.exe[1840] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1840] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\WLANExt.exe[1840] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\WLANExt.exe[1840] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Windows\system32\WLANExt.exe[1840] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Windows\system32\WLANExt.exe[1840] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Windows\system32\WLANExt.exe[1840] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\WLANExt.exe[1840] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\WLANExt.exe[1840] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\WLANExt.exe[1840] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00080804
.text C:\Windows\system32\WLANExt.exe[1840] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\WLANExt.exe[1840] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 000803FC
.text C:\Windows\system32\WLANExt.exe[1840] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\WLANExt.exe[1840] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00080A08
.text C:\Windows\System32\bcmwltry.exe[1856] KERNEL32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1864] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[1864] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[1864] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1864] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[1864] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[1864] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[1864] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[1864] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[1864] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[1864] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[1864] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[1864] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[1864] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[1864] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 000803FC
.text C:\Windows\system32\Dwm.exe[1864] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[1864] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00080A08
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1872] kernel32.dll!SetUnhandledExceptionFilter 77116E2D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1872] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2064] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2064] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2064] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2064] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00160804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2064] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2064] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2064] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00160600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2064] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00160A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2064] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 001703FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2064] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00170600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2064] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00171014
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2064] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00170804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2064] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00170A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2064] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2064] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2064] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 001701F8
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2084] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2192] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2192] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2192] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2192] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2192] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2192] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2192] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2192] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2192] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2192] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2192] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2192] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2192] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2192] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[2192] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2192] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00080A08
.text C:\Windows\System32\spoolsv.exe[2200] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[2200] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[2200] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[2200] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[2200] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[2200] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[2200] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 000D0804
.text C:\Windows\System32\spoolsv.exe[2200] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 000D01F8
.text C:\Windows\System32\spoolsv.exe[2200] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 000D03FC
.text C:\Windows\System32\spoolsv.exe[2200] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 000D0600
.text C:\Windows\System32\spoolsv.exe[2200] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 000D0A08
.text C:\Program Files\Java\jre6\bin\jusched.exe[2208] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001601F8
.text C:\Program Files\Java\jre6\bin\jusched.exe[2208] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001603FC
.text C:\Program Files\Java\jre6\bin\jusched.exe[2208] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2208] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 001703FC
.text C:\Program Files\Java\jre6\bin\jusched.exe[2208] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00170600
.text C:\Program Files\Java\jre6\bin\jusched.exe[2208] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00171014
.text C:\Program Files\Java\jre6\bin\jusched.exe[2208] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00170804
.text C:\Program Files\Java\jre6\bin\jusched.exe[2208] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00170A08
.text C:\Program Files\Java\jre6\bin\jusched.exe[2208] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Java\jre6\bin\jusched.exe[2208] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Java\jre6\bin\jusched.exe[2208] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 001701F8
.text C:\Program Files\Java\jre6\bin\jusched.exe[2208] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00180804
.text C:\Program Files\Java\jre6\bin\jusched.exe[2208] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 001801F8
.text C:\Program Files\Java\jre6\bin\jusched.exe[2208] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 001803FC
.text C:\Program Files\Java\jre6\bin\jusched.exe[2208] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00180600
.text C:\Program Files\Java\jre6\bin\jusched.exe[2208] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00180A08
.text C:\Windows\system32\svchost.exe[2308] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2308] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2308] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[2308] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[2308] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[2308] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[2308] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 000B0A08
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2332] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001501F8
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2332] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2332] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2332] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00170804
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2332] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 001701F8
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2332] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 001703FC
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2332] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00170600
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2332] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00170A08
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2332] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 001803FC
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2332] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00180600
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2332] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00181014
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2332] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00180804
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2332] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00180A08
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2332] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2332] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2332] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 001801F8
.text C:\Windows\system32\taskeng.exe[2368] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000901F8
.text C:\Windows\system32\taskeng.exe[2368] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000903FC
.text C:\Windows\system32\taskeng.exe[2368] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2368] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000B03FC
.text C:\Windows\system32\taskeng.exe[2368] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 000B0600
.text C:\Windows\system32\taskeng.exe[2368] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 000B1014
.text C:\Windows\system32\taskeng.exe[2368] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 000B0804
.text C:\Windows\system32\taskeng.exe[2368] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 000B0A08
.text C:\Windows\system32\taskeng.exe[2368] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\taskeng.exe[2368] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\taskeng.exe[2368] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000B01F8
.text C:\Windows\system32\taskeng.exe[2368] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 000C0804
.text C:\Windows\system32\taskeng.exe[2368] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 000C01F8
.text C:\Windows\system32\taskeng.exe[2368] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 000C03FC
.text C:\Windows\system32\taskeng.exe[2368] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 000C0600
.text C:\Windows\system32\taskeng.exe[2368] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 000C0A08
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2476] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001501F8
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2476] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2476] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2476] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00270804
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2476] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 002701F8
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2476] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 002703FC
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2476] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00270600
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2476] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00270A08
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2476] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 002803FC
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2476] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00280600
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2476] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00281014
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2476] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00280804
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2476] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00280A08
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2476] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00280C0C
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2476] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00280E10
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2476] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 002801F8
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2492] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001501F8
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2492] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2492] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2492] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00220804
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2492] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 002201F8
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2492] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 002203FC
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2492] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00220600
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2492] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00220A08
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2492] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 002303FC
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2492] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00230600
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2492] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00231014
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2492] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00230804
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2492] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00230A08
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2492] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00230C0C
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2492] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00230E10
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2492] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 002301F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2620] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2620] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2620] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2620] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2620] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2620] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2620] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2620] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2620] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2620] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2620] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2620] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2620] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2620] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2620] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2620] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[2704] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2704] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2704] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2704] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2704] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00080600
.text C:\Program Files\Windows Sidebar\sidebar.exe[2704] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00081014
.text C:\Program Files\Windows Sidebar\sidebar.exe[2704] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00080804
.text C:\Program Files\Windows Sidebar\sidebar.exe[2704] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[2704] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00080C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2704] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00080E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[2704] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2704] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00090804
.text C:\Program Files\Windows Sidebar\sidebar.exe[2704] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2704] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 000903FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2704] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00090600
.text C:\Program Files\Windows Sidebar\sidebar.exe[2704] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00090A08
.text C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe[2892] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001401F8
.text C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe[2892] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001403FC
.text C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe[2892] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe[2892] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00160804
.text C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe[2892] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 001601F8
.text C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe[2892] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 001603FC
.text C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe[2892] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00160600
.text C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe[2892] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00160A08
.text C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe[2892] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 001703FC
.text C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe[2892] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00170600
.text C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe[2892] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00171014
.text C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe[2892] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00170804
.text C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe[2892] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00170A08
.text C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe[2892] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00170C0C
.text C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe[2892] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00170E10
.text C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe[2892] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 001701F8
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3084] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3084] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3084] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3084] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00170804
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3084] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 001701F8
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3084] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 001703FC
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3084] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00170600
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3084] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00170A08
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3084] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 001803FC
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3084] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00180600
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3084] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00181014
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3084] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00180804
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3084] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00180A08
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3084] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00180C0C
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3084] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00180E10
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3084] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 001801F8
.text C:\Program Files\ICQ7.2\ICQ.exe[3108] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001501F8
.text C:\Program Files\ICQ7.2\ICQ.exe[3108] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\ICQ7.2\ICQ.exe[3108] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Program Files\ICQ7.2\ICQ.exe[3108] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 001E03FC
.text C:\Program Files\ICQ7.2\ICQ.exe[3108] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 001E0600
.text C:\Program Files\ICQ7.2\ICQ.exe[3108] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 001E1014
.text C:\Program Files\ICQ7.2\ICQ.exe[3108] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 001E0804
.text C:\Program Files\ICQ7.2\ICQ.exe[3108] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 001E0A08
.text C:\Program Files\ICQ7.2\ICQ.exe[3108] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 001E0C0C
.text C:\Program Files\ICQ7.2\ICQ.exe[3108] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 001E0E10
.text C:\Program Files\ICQ7.2\ICQ.exe[3108] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 001E01F8
.text C:\Program Files\ICQ7.2\ICQ.exe[3108] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 001F0804
.text C:\Program Files\ICQ7.2\ICQ.exe[3108] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 001F01F8
.text C:\Program Files\ICQ7.2\ICQ.exe[3108] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 001F03FC
.text C:\Program Files\ICQ7.2\ICQ.exe[3108] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 001F0600
.text C:\Program Files\ICQ7.2\ICQ.exe[3108] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 001F0A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[3188] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3188] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3188] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3188] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3188] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00080600
.text C:\Program Files\Windows Sidebar\sidebar.exe[3188] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00081014
.text C:\Program Files\Windows Sidebar\sidebar.exe[3188] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00080804
.text C:\Program Files\Windows Sidebar\sidebar.exe[3188] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[3188] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00080C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3188] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00080E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[3188] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3188] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00090804
.text C:\Program Files\Windows Sidebar\sidebar.exe[3188] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3188] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 000903FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3188] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00090600
.text C:\Program Files\Windows Sidebar\sidebar.exe[3188] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00090A08
.text C:\Windows\system32\aestsrv.exe[3300] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001501F8
.text C:\Windows\system32\aestsrv.exe[3300] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001503FC
.text C:\Windows\system32\aestsrv.exe[3300] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\aestsrv.exe[3300] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 001703FC
.text C:\Windows\system32\aestsrv.exe[3300] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00170600
.text C:\Windows\system32\aestsrv.exe[3300] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00171014
.text C:\Windows\system32\aestsrv.exe[3300] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00170804
.text C:\Windows\system32\aestsrv.exe[3300] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00170A08
.text C:\Windows\system32\aestsrv.exe[3300] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00170C0C
.text C:\Windows\system32\aestsrv.exe[3300] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00170E10
.text C:\Windows\system32\aestsrv.exe[3300] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 001701F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3360] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3360] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3360] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3360] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00160804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3360] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3360] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3360] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00160600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3360] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00160A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3360] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 001703FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3360] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00170600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3360] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00171014
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3360] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00170804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3360] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00170A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3360] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3360] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3360] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 001701F8
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[3492] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001601F8
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[3492] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001603FC

e[3492] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[3492] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00170804
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[3492] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 001701F8
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[3492] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 001703FC
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[3492] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00170600
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[3492] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00170A08
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[3492] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 001803FC
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[3492] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00180600
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[3492] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00181014
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[3492] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00180804
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[3492] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00180A08
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[3492] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00180C0C
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[3492] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00180E10
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[3492] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[3672] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3672] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3672] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[3672] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00150804
.text C:\Windows\system32\svchost.exe[3672] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 001501F8
.text C:\Windows\system32\svchost.exe[3672] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 001503FC
.text C:\Windows\system32\svchost.exe[3672] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00150600
.text C:\Windows\system32\svchost.exe[3672] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00150A08
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3684] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001401F8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3684] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001403FC
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3684] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3684] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 001603FC
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3684] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00160600
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3684] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00161014
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3684] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00160804
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3684] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00160A08
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3684] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00160C0C
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3684] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00160E10
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3684] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 001601F8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3684] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00170804
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3684] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 001701F8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3684] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 001703FC
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3684] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00170600
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3684] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00170A08
.text C:\Windows\system32\STacSV.exe[3720] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001401F8
.text C:\Windows\system32\STacSV.exe[3720] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001403FC
.text C:\Windows\system32\STacSV.exe[3720] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\STacSV.exe[3720] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 002603FC
.text C:\Windows\system32\STacSV.exe[3720] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00260600
.text C:\Windows\system32\STacSV.exe[3720] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00261014
.text C:\Windows\system32\STacSV.exe[3720] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00260804
.text C:\Windows\system32\STacSV.exe[3720] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00260A08
.text C:\Windows\system32\STacSV.exe[3720] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00260C0C
.text C:\Windows\system32\STacSV.exe[3720] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00260E10
.text C:\Windows\system32\STacSV.exe[3720] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 002601F8
.text C:\Windows\system32\STacSV.exe[3720] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00270804
.text C:\Windows\system32\STacSV.exe[3720] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 002701F8
.text C:\Windows\system32\STacSV.exe[3720] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 002703FC
.text C:\Windows\system32\STacSV.exe[3720] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00270600
.text C:\Windows\system32\STacSV.exe[3720] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00270A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00080804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 000801F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 000803FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00080600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3764] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[3912] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3912] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3912] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3912] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3912] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3912] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3912] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3912] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3912] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3912] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3912] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[3944] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[3944] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[3944] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3944] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[3944] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[3944] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[3944] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[3944] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[3944] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[3944] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[3944] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[3992] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[3992] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[3992] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3992] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[3992] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[3992] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[3992] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[3992] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[3992] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[3992] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[3992] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[3992] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[3992] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[3992] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 000803FC
.text C:\Windows\system32\SearchIndexer.exe[3992] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[3992] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\conime.exe[4716] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\Explorer.exe[4976] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[5512] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5968] ntdll.dll!LdrLoadDll 776079B3 5 Bytes JMP 001501F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5968] ntdll.dll!LdrUnloadDll 7761E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5968] kernel32.dll!GetBinaryTypeW + 70 77141AE8 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5968] ADVAPI32.dll!CreateServiceW 775038FF 5 Bytes JMP 001703FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5968] ADVAPI32.dll!DeleteService 77503BEE 5 Bytes JMP 00170600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5968] ADVAPI32.dll!SetServiceObjectSecurity 775466A9 5 Bytes JMP 00171014
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5968] ADVAPI32.dll!ChangeServiceConfigA 775467A9 5 Bytes JMP 00170804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5968] ADVAPI32.dll!ChangeServiceConfigW 77546951 5 Bytes JMP 00170A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5968] ADVAPI32.dll!ChangeServiceConfig2A 77546A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5968] ADVAPI32.dll!ChangeServiceConfig2W 77546BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5968] ADVAPI32.dll!CreateServiceA 77546C71 5 Bytes JMP 001701F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5968] USER32.dll!SetWindowsHookExW 762C7B69 5 Bytes JMP 00180804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5968] USER32.dll!SetWinEventHook 762C915C 5 Bytes JMP 001801F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5968] USER32.dll!UnhookWinEvent 762CB702 5 Bytes JMP 001803FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5968] USER32.dll!TrackPopupMenu 762E1417 5 Bytes JMP 6718C334 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5968] USER32.dll!SetWindowsHookExA 762EBB0E 5 Bytes JMP 00180600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5968] USER32.dll!UnhookWindowsHookEx 762F08BE 5 Bytes JMP 00180A08

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806936D2] \SystemRoot\System32\Drivers\spki.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80693040] \SystemRoot\System32\Drivers\spki.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806937FC] \SystemRoot\System32\Drivers\spki.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806930BE] \SystemRoot\System32\Drivers\spki.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069313C] \SystemRoot\System32\Drivers\spki.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A3048] \SystemRoot\System32\Drivers\spki.sys
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortNotification] 24488B66
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortWritePortUchar] E84D8966
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortWritePortUlong] 83E84D8B
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 896602C1
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 488BEA4D
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortGetScatterGatherList] 8DC80320
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortReadPortUchar] 57500845
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortStallExecution] F0458D57
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortGetParentBusType] 00006850
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortRequestCallback] 458DB002
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 35FF50E8
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortGetUnCachedExtension] [8C9DAFBC] \SystemRoot\System32\Drivers\ag745zbl.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortCompleteRequest] 57EC4D89
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortMoveMemory] 01F045C7
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] E8000000
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0001E4E4
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 4675C73B
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortReadPortUshort] 9DAFC8A1
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 8D526A8C
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortInitialize] 00009A88
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortGetDeviceBase] 48C08300
IAT \SystemRoot\System32\Drivers\ag745zbl.SYS[ataport.SYS!AtaPortDeviceStateChange] [8D076A50] \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[716] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000B0002
IAT C:\Windows\system32\services.exe[716] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 000B0000
IAT C:\Windows\Explorer.exe[4976] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [74578864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4976] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [745B9855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4976] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7457B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4976] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7456FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4976] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [74577A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4976] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7456EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4976] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [745AB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4976] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7457BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4976] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [74570756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4976] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [745706BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4976] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [745671B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4976] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [745FD9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4976] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [74597329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4976] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7456E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4976] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [7456697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4976] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [745669A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4976] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74572475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 8560C1F8
Device \FileSystem\fastfat \FatCdrom AE4B3500
Device \Driver\volmgr \Device\VolMgrControl 84C7B1F8
Device \Driver\usbuhci \Device\USBPDO-0 870091F8
Device \Driver\usbuhci \Device\USBPDO-1 870091F8
Device \Driver\usbehci \Device\USBPDO-2 8702C3E8
Device \Driver\usbuhci \Device\USBPDO-3 870091F8
Device \Driver\usbuhci \Device\USBPDO-4 870091F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBPDO-5 870091F8
Device \Driver\usbehci \Device\USBPDO-6 8702C3E8
Device \Driver\volmgr \Device\HarddiskVolume1 84C7B1F8
Device \Driver\volmgr \Device\HarddiskVolume2 84C7B1F8
Device \Driver\cdrom \Device\CdRom0 870BC1F8
Device \Driver\volmgr \Device\HarddiskVolume3 84C7B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8560A1F8
Device \Driver\iaStor \Device\Ide\iaStor0 [884C9D80] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 8560A1F8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [884C9D80] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\cdrom \Device\CdRom1 870BC1F8
Device \Driver\volmgr \Device\HarddiskVolume4 84C7B1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 876C3500
Device \Driver\PCI_PNP3159 \Device\0000004b spki.sys
Device \Driver\Smb \Device\NetbiosSmb 876C11F8
Device \Driver\netbt \Device\NetBT_Tcpip_{A1B7E8D9-1463-44FF-8960-37894AD3CCCC} 876C3500
Device \Driver\iScsiPrt \Device\RaidPort0 8710D1F8
Device \Driver\sptd \Device\3845669175 spki.sys

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBFDO-0 870091F8
Device \Driver\usbuhci \Device\USBFDO-1 870091F8
Device \Driver\usbehci \Device\USBFDO-2 8702C3E8
Device \Driver\usbuhci \Device\USBFDO-3 870091F8
Device \Driver\usbuhci \Device\USBFDO-4 870091F8
Device \Driver\netbt \Device\NetBT_Tcpip_{D73BB3A0-9E4F-458D-A16C-EB92E6050158} 876C3500
Device \Driver\usbuhci \Device\USBFDO-5 870091F8
Device \Driver\usbehci \Device\USBFDO-6 8702C3E8
Device \Driver\ag745zbl \Device\Scsi\ag745zbl1Port3Path0Target0Lun0 870BB1F8
Device \Driver\ag745zbl \Device\Scsi\ag745zbl1 870BB1F8
Device \FileSystem\fastfat \Fat AE4B3500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)

Device \FileSystem\cdfs \Cdfs B1A081F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4F 0x94 0x5E 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0xBF 0xA5 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC5 0x20 0x10 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD7 0x67 0xB2 0xD7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4F 0x94 0x5E 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0xBF 0xA5 0x34 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC5 0x20 0x10 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD7 0x67 0xB2 0xD7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4F 0x94 0x5E 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0xBF 0xA5 0x34 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC5 0x20 0x10 0xD9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD7 0x67 0xB2 0xD7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4F 0x94 0x5E 0x4A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0xBF 0xA5 0x34 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC5 0x20 0x10 0xD9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD7 0x67 0xB2 0xD7 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4F 0x94 0x5E 0x4A ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0xBF 0xA5 0x34 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC5 0x20 0x10 0xD9 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD7 0x67 0xB2 0xD7 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4F 0x94 0x5E 0x4A ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0xBF 0xA5 0x34 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC5 0x20 0x10 0xD9 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD7 0x67 0xB2 0xD7 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4F 0x94 0x5E 0x4A ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0xBF 0xA5 0x34 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC5 0x20 0x10 0xD9 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD7 0x67 0xB2 0xD7 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4F 0x94 0x5E 0x4A ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0xBF 0xA5 0x34 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC5 0x20 0x10 0xD9 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD7 0x67 0xB2 0xD7 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4F 0x94 0x5E 0x4A ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0xBF 0xA5 0x34 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC5 0x20 0x10 0xD9 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD7 0x67 0xB2 0xD7 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4F 0x94 0x5E 0x4A ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0xBF 0xA5 0x34 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC5 0x20 0x10 0xD9 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD7 0x67 0xB2 0xD7 ...

---- EOF - GMER 1.0.15 ----

To je ok .

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript: - zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

OTL logfile created on: 30.4.2011 22:39:51 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Makyna\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 35,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,11 Gb Total Space | 54,51 Gb Free Space | 55,00% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 9,91 Gb Free Space | 99,11% Space Free | Partition Type: NTFS

Computer Name: MAKYNA-PC | User Name: Makyna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.04.30 22:37:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Makyna\Desktop\OTL.exe
PRC - [2011.04.30 19:34:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.04.18 19:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.04.18 19:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.2\ICQ.exe
PRC - [2010.12.01 10:00:34 | 000,401,592 | ---- | M] () -- C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe
PRC - [2010.08.30 11:44:20 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2010.06.21 17:47:04 | 000,246,584 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.09.20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.09.13 15:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007.07.24 18:02:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.07.24 18:02:42 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.05.10 01:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007.04.03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007.02.04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe


========== Modules (SafeList) ==========

MOD - [2011.04.30 22:37:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Makyna\Desktop\OTL.exe
MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.04.18 19:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.06.21 17:47:04 | 000,246,584 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.07.24 18:02:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV - [2011.04.18 19:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.04.18 19:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.04.18 19:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.04.18 19:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.04.18 19:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.04.18 19:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.08.15 11:07:06 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007.10.11 01:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007.09.13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.06.06 23:21:32 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2007.03.21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.05 18:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.08.04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1299226173-1182360905-828818968-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKU\S-1-5-21-1299226173-1182360905-828818968-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1299226173-1182360905-828818968-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1299226173-1182360905-828818968-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1299226173-1182360905-828818968-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-1299226173-1182360905-828818968-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Brothersoft Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... earchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Brothersoft Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {ea614400-e918-4741-9a97-7a972ff7c30b}:2.0.10
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {e8de9422-3b2c-4243-bf6f-235da84d8ef8}:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.as ... 2463487&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.seznam.cz/?sourceid=FF_5&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 19:34:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 19:34:12 | 000,000,000 | ---D | M]

[2010.08.15 17:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Makyna\AppData\Roaming\Mozilla\Extensions
[2011.04.30 16:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Makyna\AppData\Roaming\Mozilla\Firefox\Profiles\xmnkxqrs.default\extensions
[2010.08.16 19:10:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Makyna\AppData\Roaming\Mozilla\Firefox\Profiles\xmnkxqrs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.24 13:21:24 | 000,000,000 | ---D | M] (Brothersoft Community Toolbar) -- C:\Users\Makyna\AppData\Roaming\Mozilla\Firefox\Profiles\xmnkxqrs.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}
[2010.09.28 13:57:57 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Makyna\AppData\Roaming\Mozilla\Firefox\Profiles\xmnkxqrs.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.03.24 13:21:25 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Makyna\AppData\Roaming\Mozilla\Firefox\Profiles\xmnkxqrs.default\extensions\engine@conduit.com
[2010.11.02 16:51:08 | 000,000,925 | ---- | M] () -- C:\Users\Makyna\AppData\Roaming\Mozilla\Firefox\Profiles\xmnkxqrs.default\searchplugins\conduit.xml
[2010.09.28 13:57:55 | 000,003,915 | ---- | M] () -- C:\Users\Makyna\AppData\Roaming\Mozilla\Firefox\Profiles\xmnkxqrs.default\searchplugins\sweetim.xml
[2010.10.03 13:47:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.30 15:44:11 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.15 17:06:00 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Program Files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2010.04.13 21:24:08 | 000,002,046 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\firmycz.xml
[2011.03.06 15:06:22 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2011.03.06 15:06:22 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.13 21:24:30 | 000,002,041 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mapycz.xml
[2011.03.06 15:06:22 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2011.03.06 15:06:22 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2011.03.06 15:06:22 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
[2010.04.13 21:24:54 | 000,002,207 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zbocz.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-1299226173-1182360905-828818968-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-21-1299226173-1182360905-828818968-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1299226173-1182360905-828818968-1000..\Run: [Device Detection] C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1299226173-1182360905-828818968-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1299226173-1182360905-828818968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1299226173-1182360905-828818968-1000\..Trusted Domains: mojebanka.cz ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Makyna\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Makyna\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.04.30 22:37:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Makyna\Desktop\OTL.exe
[2011.04.30 19:26:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.04.30 19:24:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.04.30 19:05:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.04.30 19:05:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.04.30 19:05:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.04.30 19:05:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.04.30 19:04:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.04.30 19:03:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.30 19:03:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.04.30 17:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.04.30 17:45:47 | 000,000,000 | ---D | C] -- C:\rsit
[2011.04.30 10:28:25 | 000,000,000 | ---D | C] -- C:\Users\Makyna\AppData\Roaming\Malwarebytes
[2011.04.30 10:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.30 10:28:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.30 10:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.30 10:28:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.30 10:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.04.29 16:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.04.28 09:03:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.28 09:03:21 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.20 21:40:32 | 000,000,000 | ---D | C] -- C:\Users\Makyna\Desktop\stat3+poj+fimb
[2011.04.20 12:36:39 | 000,000,000 | ---D | C] -- C:\Users\Makyna\Desktop\vypracované otázky
[2011.04.18 09:39:55 | 000,000,000 | ---D | C] -- C:\Users\Makyna\Desktop\vinný sklípek
[2011.04.16 10:20:46 | 000,000,000 | ---D | C] -- C:\Users\Makyna\Desktop\Pink Floyd
[2011.04.14 08:40:22 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.14 08:40:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.14 08:40:15 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.14 08:40:14 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.14 08:40:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.14 08:40:04 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.14 08:40:00 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.14 08:40:00 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.14 08:39:59 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.14 08:39:59 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.14 08:39:59 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.14 08:39:58 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.14 08:39:57 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.14 08:39:57 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.14 08:39:57 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.14 08:39:55 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.14 08:39:53 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.14 08:39:53 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.10 12:28:37 | 000,000,000 | ---D | C] -- C:\Users\Makyna\Documents\sčítání

========== Files - Modified Within 30 Days ==========

[2011.04.30 22:37:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Makyna\Desktop\OTL.exe
[2011.04.30 22:10:49 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.30 22:10:49 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.30 19:37:13 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.30 19:04:20 | 004,333,869 | R--- | M] () -- C:\Users\Makyna\Desktop\ComboFix.exe
[2011.04.30 18:44:38 | 000,607,464 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011.04.30 18:44:38 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.30 18:44:38 | 000,118,096 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011.04.30 18:44:38 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.30 16:10:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.30 10:09:34 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.22 10:53:07 | 220,817,774 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.20 12:59:32 | 003,125,151 | ---- | M] () -- C:\Users\Makyna\Desktop\DSCF0303.JPG
[2011.04.19 08:01:40 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.04.18 21:11:23 | 000,092,672 | ---- | M] () -- C:\Users\Makyna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.18 19:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.04.18 19:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.04.18 19:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.04.18 19:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.04.18 19:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.04.18 19:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.04.18 19:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.04.18 19:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.04.16 10:17:02 | 000,374,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.13 19:45:26 | 000,011,274 | ---- | M] () -- C:\Users\Makyna\gsview32.ini
[2011.04.13 19:32:53 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011.04.08 17:25:54 | 001,122,517 | ---- | M] () -- C:\Users\Makyna\Desktop\20136_a.jpg

========== Files Created - No Company Name ==========

[2011.04.30 19:05:10 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.04.30 19:05:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.04.30 19:05:10 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.04.30 19:05:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.04.30 19:05:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.04.30 18:59:51 | 004,333,869 | R--- | C] () -- C:\Users\Makyna\Desktop\ComboFix.exe
[2011.04.30 10:28:10 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.20 11:55:04 | 003,125,151 | ---- | C] () -- C:\Users\Makyna\Desktop\DSCF0303.JPG
[2011.04.08 17:25:53 | 001,122,517 | ---- | C] () -- C:\Users\Makyna\Desktop\20136_a.jpg
[2010.10.14 10:53:06 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.10.14 10:53:06 | 000,000,008 | RHS- | C] () -- C:\ProgramData\533794F9C4.sys
[2010.08.30 15:46:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.18 09:48:49 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010.08.15 11:59:21 | 000,092,672 | ---- | C] () -- C:\Users\Makyna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.05 12:44:57 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.08.05 12:44:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.07.28 08:17:20 | 000,607,464 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2010.07.28 08:17:20 | 000,286,912 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2010.07.28 08:17:20 | 000,118,096 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2010.07.28 08:17:20 | 000,034,724 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2010.07.27 23:02:37 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2010.07.27 22:44:28 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2010.07.27 22:44:26 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2010.07.27 22:36:07 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2010.07.27 22:36:05 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2010.07.27 22:36:05 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2010.07.27 22:36:05 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2010.07.27 22:36:05 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2010.07.27 22:31:04 | 000,001,356 | ---- | C] () -- C:\Users\Makyna\AppData\Local\d3d9caps.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,374,816 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010.08.18 09:52:00 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\Canon
[2010.08.15 11:06:55 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\DAEMON Tools
[2011.04.30 21:35:45 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\ICQ
[2010.08.18 09:48:24 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\ScanSoft
[2010.07.27 22:42:48 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\TMP
[2011.04.29 23:18:23 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun -- [2008.08.08 14:11:12 | 000,490,952 | ---- | M] (DT Soft Ltd)
"Device Detection" = C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe -- [2010.12.01 10:00:34 | 000,401,592 | ---- | M] ()

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.08.15 12:59:08 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\Adobe
[2010.08.18 09:52:00 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\Canon
[2010.10.14 10:53:07 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\Corel
[2010.08.15 11:06:55 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\DAEMON Tools
[2010.08.17 11:05:03 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\GRETECH
[2011.04.30 21:35:45 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\ICQ
[2010.07.27 22:31:12 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\Identities
[2010.07.27 22:44:14 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\InstallShield
[2010.07.28 09:28:33 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\Macromedia
[2011.04.30 10:28:25 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\Media Center Programs
[2011.04.21 21:26:08 | 000,000,000 | --SD | M] -- C:\Users\Makyna\AppData\Roaming\Microsoft
[2010.08.15 17:07:03 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\Mozilla
[2010.08.18 09:48:24 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\ScanSoft
[2010.11.16 18:18:46 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\Skype
[2010.11.16 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\skypePM
[2010.07.27 22:42:48 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\TMP
[2010.08.19 19:10:30 | 000,000,000 | ---D | M] -- C:\Users\Makyna\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2007.03.22 12:46:40 | 000,126,976 | ---- | M] () -- C:\Users\Makyna\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
[2011.04.10 15:44:42 | 000,112,640 | ---- | M] (Gretech Corporation) -- C:\Users\Makyna\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe
[2010.07.27 22:34:44 | 000,010,134 | R--- | M] () -- C:\Users\Makyna\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
[2010.07.27 22:34:44 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\Makyna\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
[2007.09.18 10:22:00 | 016,195,072 | ---- | M] (Marvell ) -- C:\Users\Makyna\AppData\Roaming\TMP\SetupYukonWin_5X6N.exe


< MD5 for: AGP440.SYS >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CDROM.SYS >
[2008.01.21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\drivers\cdrom.sys
[2008.01.21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008.01.21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009.04.11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006.11.02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2008.01.21 04:24:35 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\ERDNT\cache\cryptsvc.dll
[2008.01.21 04:24:35 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\System32\cryptsvc.dll
[2008.01.21 04:24:35 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2008.01.21 04:23:01 | 000,177,208 | ---- | M] (Microsoft Corporation) MD5=A00B0EDD048786E30EBB2DA65D9A8F74 -- C:\Windows\System32\hal.dll

< MD5 for: IASTOR.SYS >
[2007.04.25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\dell\drivers\R166201\Winall\Driver\iaStor.sys
[2007.04.25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iaStor.sys
[2007.04.25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\drivers\iaStor.sys
[2007.04.25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_b92fa6ec\iaStor.sys
[2007.04.25 12:18:12 | 000,537,368 | ---- | M] (Intel Corporation) MD5=6E9BEDAEFA5A3F86CECF40F4963F3021 -- C:\dell\drivers\R166201\Winall\Driver64\IaStor.sys
[2007.04.25 12:18:12 | 000,537,368 | ---- | M] (Intel Corporation) MD5=6E9BEDAEFA5A3F86CECF40F4963F3021 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008.01.21 04:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\drivers\isapnp.sys
[2008.01.21 04:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\isapnp.sys
[2008.01.21 04:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys
[2008.01.21 04:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.06.15 14:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009.09.10 16:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009.02.13 09:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2009.06.15 15:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009.06.15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\ERDNT\cache\lsass.exe
[2009.06.15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\System32\lsass.exe
[2009.06.15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009.02.13 06:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009.06.15 14:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009.06.15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009.09.09 13:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009.09.10 16:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008.01.21 04:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008.01.21 04:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008.01.21 04:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2009.02.13 10:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NDIS.SYS >
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2008.01.21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\ERDNT\cache\ndis.sys
[2008.01.21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\System32\drivers\ndis.sys
[2008.01.21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SMSS.EXE >
[2008.01.21 04:23:50 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\System32\smss.exe
[2008.01.21 04:23:50 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2009.04.11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.01.21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008.01.21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.26 10:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009.04.11 08:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2009.08.15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009.08.14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2010.02.18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010.02.18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009.08.14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2010.02.18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010.02.18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2010.06.16 17:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009.08.14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010.06.16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010.06.16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\ERDNT\cache\tcpip.sys
[2010.06.16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\System32\drivers\tcpip.sys
[2010.06.16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2008.04.26 10:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009.08.14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.02.18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010.06.16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2010.02.18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2008.01.21 04:25:03 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009.08.14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\ERDNT\cache\ws2_32.dll
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007.12.08 14:34:10 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2011.02.16 17:35:41 | 000,430,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\vbscript.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.08.15 11:07:06 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >
[2007.12.08 14:34:10 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.04.30 22:10:49 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.30 22:10:49 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.30 18:44:38 | 000,118,096 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011.04.30 18:44:38 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.30 18:44:38 | 000,607,464 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011.04.30 18:44:38 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.30 18:44:38 | 001,418,230 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011.04.29 15:38:28 | 000,000,552 | ---- | M] () -- C:\Windows\System32\spsys.log

< End of report >

OTL Extras logfile created on: 30.4.2011 22:39:51 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Makyna\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 35,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,11 Gb Total Space | 54,51 Gb Free Space | 55,00% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 9,91 Gb Free Space | 99,11% Space Free | Partition Type: NTFS

Computer Name: MAKYNA-PC | User Name: Makyna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1299226173-1182360905-828818968-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0368FB21-8D52-415F-8851-80776D4D7EF9}" = lport=137 | protocol=17 | dir=in | app=system |
"{1D2E1AD5-0C9A-4982-B899-871FFF3C81BD}" = rport=137 | protocol=17 | dir=out | app=system |
"{2492DC07-16F5-44C9-8C46-8CAE19E3E7C1}" = lport=139 | protocol=6 | dir=in | app=system |
"{419EEC0D-3947-440D-8EF9-AEB5A93634A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{787293C6-1A19-4032-AC8A-770DEC02FCFD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{78A8076B-F723-4B47-AD6A-C431CA1A08BD}" = rport=138 | protocol=17 | dir=out | app=system |
"{8A61C22B-853D-49B9-A475-3C368EAFE605}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B375953-82C3-4BE4-A8DA-6BAC620CFB01}" = rport=139 | protocol=6 | dir=out | app=system |
"{8F974359-8293-4C30-A0AE-584365DBF9B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9945AADA-A2B2-4E30-AABF-2754FA2F9248}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{99A6C618-ACA1-4F78-B72B-87F083D37E41}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B0088ED-1268-408A-9542-9FF0DDB71619}" = lport=138 | protocol=17 | dir=in | app=system |
"{A421E50C-166C-4650-9018-9FE5D0A26B85}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AEE34F63-831D-48DF-A721-4228E9849441}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B389E4E4-27D2-4C10-9128-C16FD8B17710}" = lport=445 | protocol=6 | dir=in | app=system |
"{BBFA3E12-88B2-4201-B0B1-BDA30398A852}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E0D3FD94-89F4-4409-859E-4AF255320616}" = rport=445 | protocol=6 | dir=out | app=system |
"{F3265449-E1F6-47D8-8858-80E35374EC5A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C8D1D9-F83A-4285-8C92-CCAC18DB42EC}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{250EAA00-F446-4D7F-A5CB-2B95A5970EF7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{25A8EA4D-A054-404C-88AD-326A68F1B2A8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{27579B3C-A185-4869-ACFB-E691B2094984}" = protocol=6 | dir=in | app=c:\users\makyna\downloads\sweetimsetup.exe |
"{2873F23B-603C-43A5-B007-E6FC79522280}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{2BEF608F-7C50-4437-AE09-BF50CF368C61}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{45EAD366-B0F8-40F1-A3C0-FE96AE390343}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{4C445696-984D-4A72-9401-E96309E34483}" = protocol=17 | dir=in | app=c:\users\makyna\downloads\sweetimsetup.exe |
"{5BAA2AFE-4108-4237-A692-F2F95C4109A7}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{5E2CE564-41CE-4E2F-9C76-EA6EE0A7F5D4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A348E721-E9E9-4DB1-A2E7-3F8290602EAF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B150F29B-C44E-4B34-93BB-6CC357EF7196}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C210C2E0-B07D-44B0-906E-DA9F0F336C57}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{CA166D84-CAAC-4C5C-BF5D-17A3CE5EA67B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{CEDAB3D7-A00D-4252-97FF-899100897559}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D15BE023-8ADD-4C52-AF75-FFF3DBA91648}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D514922E-CA9B-4304-A4D4-19AD46E27A0D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{D534110B-3DCC-423F-8F31-56FEE149BB63}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E44CB1BA-A296-45B5-B5FB-B59B884C8952}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EBB8CE37-B67C-4895-B8FF-8AEAB88B5D31}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F4A7C69C-84CF-4E9E-9786-F3CF7860A580}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE94796E-6726-477C-9449-E499616C7088}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{795288DC-2652-44A5-99FD-2ECDF3C633BF}" = SweetIM for Messenger 3.3
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.3 - Czech
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C551FA4D-4F3F-469E-934A-B262742A7AED}_is1" = Easy MP3 Recorder 2.0
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{F93D2591-8201-4692-BD8D-67A0BFAC9C14}" = SweetIM Toolbar for Internet Explorer 3.9
"{FFFE7261-2318-4227-B827-E9E05E16DFE5}" = CorelDRAW Graphics Suite X4 - Lang CZ
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Bezdrátová karta WLAN Dell
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 1.0
"GOM Player" = GOM Player
"GPL Ghostscript 8.54" = GPL Ghostscript 8.54
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GSview 4.9" = GSview 4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Registrace uživatele zařízení Canon MP520 series" = Registrace uživatele zařízení Canon MP520 series
"WinEdt_is1" = WinEdt
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29.4.2011 14:24:53 | Computer Name = Makyna-PC | Source = WinMgmt | ID = 10
Description =

Error - 29.4.2011 16:04:34 | Computer Name = Makyna-PC | Source = WinMgmt | ID = 10
Description =

Error - 29.4.2011 17:08:27 | Computer Name = Makyna-PC | Source = WinMgmt | ID = 10
Description =

Error - 29.4.2011 17:18:18 | Computer Name = Makyna-PC | Source = EventSystem | ID = 4621
Description =

Error - 30.4.2011 4:11:15 | Computer Name = Makyna-PC | Source = WinMgmt | ID = 10
Description =

Error - 30.4.2011 11:52:23 | Computer Name = Makyna-PC | Source = Application Hang | ID = 1002
Description = Program RSIT.exe verze 3.3.2.0 přestal spolupracovat se systémem Windows
a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému,
vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů. ID procesu:
b90 Čas zahájení: 01cc074daaaed310 Čas ukončení: 12

Error - 30.4.2011 12:45:29 | Computer Name = Makyna-PC | Source = Application Hang | ID = 1002
Description = Program MyFinePixStudio.exe verze 4.1.1.2 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení
problémů. ID procesu: dbc Čas zahájení: 01cc0755bdb3de30 Čas ukončení: 31

Error - 30.4.2011 14:26:24 | Computer Name = Makyna-PC | Source = Application Hang | ID = 1002
Description = Program WINWORD.EXE verze 12.0.4518.1014 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení
problémů. ID procesu: 1390 Čas zahájení: 01cc0763e3e97b60 Čas ukončení: 94

Error - 30.4.2011 15:52:53 | Computer Name = Makyna-PC | Source = Perflib | ID = 1008
Description =

Error - 30.4.2011 15:52:53 | Computer Name = Makyna-PC | Source = Perflib | ID = 1010
Description =

[ Broadcom Wireless LAN Events ]
Error - 19.9.2010 10:31:07 | Computer Name = Makyna-PC | Source = WLAN-Tray | ID = 0
Description = 16:30:58, Sun, Sep 19, 10 Error - Unable to gain access to user store


Error - 19.12.2010 4:59:02 | Computer Name = Makyna-PC | Source = WLAN-Tray | ID = 0
Description = 09:58:55, Sun, Dec 19, 10 Error - Unable to gain access to user store


[ OSession Events ]
Error - 23.10.2010 11:49:32 | Computer Name = Makyna-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 24.10.2010 12:21:51 | Computer Name = Makyna-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24.10.2010 14:54:04 | Computer Name = Makyna-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24.10.2010 14:54:04 | Computer Name = Makyna-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24.10.2010 14:54:05 | Computer Name = Makyna-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24.10.2010 14:54:05 | Computer Name = Makyna-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24.10.2010 14:54:06 | Computer Name = Makyna-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24.10.2010 14:54:07 | Computer Name = Makyna-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24.10.2010 14:54:08 | Computer Name = Makyna-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24.10.2010 14:58:08 | Computer Name = Makyna-PC | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.1.5 pro síťovou kartu s adresou 001644F33FF9
byla serverem DHCP 0.0.0.0 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 25.10.2010 8:12:08 | Computer Name = Makyna-PC | Source = HTTP | ID = 15016
Description =


< End of report >