VIRY.CZ

Logfile of random's system information tool 1.08 (written by random/random)
Run by tata1 at 2011-05-15 19:20:56
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 2 GB (20%) free of 10 GB
Total RAM: 3319 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:21:09, on 15.5.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\MyWebSearch\bar\4.bin\mwsoemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TridiaVNC\win32\WinVNC.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVG\AVG8\avgui.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
E:\odvirovani\RSIT.exe
C:\Program Files\trend micro\tata1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\4.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\4.bin\MWSSRCAS.DLL
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
O3 - Toolbar: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
O3 - Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWebSearch\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MyWebSearch\bar\4.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWebSearch\bar\4.bin\mwsoemon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Launch WinVNC Server.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... 2010042913
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MyWebSearch\bar\4.bin\mwssvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) - Unknown owner - C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe (file missing)
O23 - Service: TridiaVNC Server (winvnc) - Tridia Corporation - C:\Program Files\TridiaVNC\win32\WinVNC.exe

--
End of file - 9370 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-842925246-839522115-1004Core1cb70f773c772b8.job
C:\WINDOWS\tasks\Install.job
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{027E10DB-AF4D-4AD2-A8B2-D31388F5FF5E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\bar\4.bin\MWSSRCAS.DLL [2011-03-31 54704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-22 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL [2011-03-31 800272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2011-03-18 2471240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-11-03 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-29 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}
{EE5D279F-081B-4404-994D-C6B60AAEBA6D}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-11-03 2403392]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2011-03-18 2471240]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL [2011-03-31 800272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-07-09 2048352]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MyWebSearch\bar\4.bin\mwsoemon.exe [2011-03-31 32849]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MyWebSearch\bar\4.bin\m3SrchMn.exe [2011-03-31 34336]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MyWebSearch\bar\4.bin\mwsoemon.exe [2011-03-31 32849]

C:\Documents and Settings\tata1\Nabídka Start\Programy\Po spuštění
Launch WinVNC Server.lnk - C:\Program Files\TridiaVNC\win32\WinVNC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-30 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"HideClock"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=1
"NoViewContextMenu"=0
"NoFileAssociate"=0
"NoFind"=0
"NoRun"=0
"NoClose"=0
"StartMenuLogoff"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe"="C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe:*:Disabled:ZyXEL G-202 Wireless Adapter Utility"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"E:\Program Files\Mozilla Firefox\firefox.exe"="E:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Program Files\TridiaVNC\win32\WinVNC.exe"="C:\Program Files\TridiaVNC\win32\WinVNC.exe:*:Enabled:VNC Server for Win32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-05-15 19:20:57 ----D---- C:\Program Files\trend micro
2011-05-15 19:20:56 ----D---- C:\rsit
2011-05-14 14:23:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\ERS G-Studio
2011-05-14 14:23:17 ----D---- C:\Program Files\Serif Standa
2011-05-14 14:20:58 ----D---- C:\Documents and Settings\tata1\Data aplikací\Špidla Data Processing, s.r.o
2011-05-14 14:20:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Špidla Data Processing, s.r.o
2011-05-14 14:20:22 ----D---- C:\Program Files\Serif Standa 2 - Pripad ztracene veci
2011-05-11 20:05:21 ----A---- C:\WINDOWS\system32\igfxres.dll
2011-05-11 20:02:36 ----A---- C:\WINDOWS\system32\igxprd32.dll
2011-05-11 20:02:35 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2011-05-11 20:02:35 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2011-05-11 20:02:35 ----A---- C:\WINDOWS\system32\drivers\igxpmp32.sys
2011-05-11 20:02:34 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2011-05-11 20:02:34 ----A---- C:\WINDOWS\system32\igfxCoIn_v4926.dll
2011-05-11 20:02:32 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-05-11 20:02:31 ----A---- C:\WINDOWS\system32\igxpun.exe
2011-05-11 20:02:31 ----A---- C:\WINDOWS\system32\difxapi.dll
2011-05-11 20:02:25 ----D---- C:\Intel
2011-04-21 20:58:34 ----D---- C:\OkiDriver
2011-04-21 18:53:28 ----A---- C:\WINDOWS\system32\opnetext.dll
2011-04-21 18:53:27 ----D---- C:\Program Files\Okidata
2011-04-21 18:50:20 ----A---- C:\WINDOWS\Winchat.ini
2011-04-21 18:36:31 ----D---- C:\Documents and Settings\tata1\Data aplikací\WinRAR
2011-04-21 18:35:50 ----D---- C:\Program Files\WinRAR

======List of files/folders modified in the last 1 months======

2011-05-15 19:21:03 ----D---- C:\WINDOWS\Prefetch
2011-05-15 19:20:57 ----RD---- C:\Program Files
2011-05-15 17:45:13 ----D---- C:\WINDOWS\system32\drivers\Avg
2011-05-15 17:10:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-05-15 13:47:20 ----D---- C:\WINDOWS\Temp
2011-05-15 12:46:49 ----D---- C:\WINDOWS
2011-05-11 20:05:21 ----D---- C:\WINDOWS\system32
2011-05-11 20:02:54 ----HD---- C:\WINDOWS\inf
2011-05-11 20:02:46 ----D---- C:\WINDOWS\system32\drivers
2011-05-11 20:02:33 ----D---- C:\WINDOWS\system32\CatRoot2
2011-05-11 19:04:32 ----SHD---- C:\WINDOWS\Installer
2011-05-11 19:03:55 ----D---- C:\WINDOWS\Debug
2011-05-11 19:03:39 ----AC---- C:\WINDOWS\system32\MRT.exe
2011-04-21 18:53:27 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-10-29 43840]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-30 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-30 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-19 108552]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-18 14848]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2003-07-29 40448]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-18 12416]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-18 31616]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-13 47360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDCNDIS5.SYS []
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2007-04-03 17664]
S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2007-12-17 57328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-30 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-30 297752]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-29 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MyWebSearch\bar\4.bin\mwssvc.exe [2011-03-31 28762]
S2 UserAccess;Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC; C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe [2011-03-18 947528]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-03 138168]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-12-02 74384]
S3 winvnc;TridiaVNC Server; C:\Program Files\TridiaVNC\win32\WinVNC.exe [2001-12-12 249856]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------

zdravím

stáhněte a uložte nejlépe na plochu ComboFix

spusťte aplikaci pod účtem s administrátorským oprávněním
po startu se zobrazí obrazovka s licenčními podmínkami, klikněte na tlačítko Ano:



může dojít k varování ohledně rezidentního štítu Vašeho antiviru a upozornění na nenainstalovanou konzoli pro zotavení; zatím jí neinstalujte

sken trvá cca 10 minut (může trvat i déle, podle množství souborů a rychlosti pc); během skenu nespouštějte žádné aplikace

během skenování může být Vaše pc restartováno, proto nepropadejte panice

upozornění: pokud používate antispyware s rezidentním štítem, deaktivujte jeho rezidentní štít, protože dochází při skenu a výmazu případného malware k nežádoucím kolizím Combofixu s rezidentem antispyware

po restartování vytvoří aplikace log, uložený na C:/Combofix.txt jeho obsah vložte sem

Mám problém s odinstalací AVG free 8.5... hlásí to jednu chybu a nemohu se ho zbavit.... A ComboFix hlásí, že se bez toho prostě nespustí..... tak doufám, že to není nějaká programová rivalita...

jakou chybu vám to hlásí?
odinstalaci jste prováděl v Přidat/Odebrat programy?

Xena promine

vyzkoušej http://download.avg.com/filedir/util/su ... 1_1184.exe

cernohous: uff... je to pryč.. díky..
xena: spouštím combofix a hurá do práce bohužel...

děkuju

ok, pustíme se do toho

ComboFix 11-05-19.02 - tata1 21.05.2011 6:56.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.3319.2802 [GMT 2:00]
Spuštěný z: c:\documents and settings\tata1\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\tata1\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\tata1\WINDOWS
c:\progra~1\MyWebSearch\bar\4.bin\mwsoemon.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\00052BF9.urr
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\temp.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\3.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\4.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\4.bin\F3CJpeg.dll
c:\program files\MyWebSearch\bar\4.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\4.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\4.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\4.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\4.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\4.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\4.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\4.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\4.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\4.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\4.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\4.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\4.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\4.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\4.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\4.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\4.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\4.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\4.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\4.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\4.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\4.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\4.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\4.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\4.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\4.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\4.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\4.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\4.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\4.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\4.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\4.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\4.bin\M3TPINST.DLL
c:\program files\MyWebSearch\bar\4.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\4.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\4.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\4.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\4.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\4.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\4.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\000511F9.bin
c:\program files\MyWebSearch\bar\Cache\000528EC.bin
c:\program files\MyWebSearch\bar\Cache\00070A3F.bin
c:\program files\MyWebSearch\bar\Cache\00070C61.bin
c:\program files\MyWebSearch\bar\Cache\00070E17.bin
c:\program files\MyWebSearch\bar\Cache\00070F7E.bin
c:\program files\MyWebSearch\bar\Cache\0075F582
c:\program files\MyWebSearch\bar\Cache\00813E2E
c:\program files\MyWebSearch\bar\Cache\00814581
c:\program files\MyWebSearch\bar\Cache\00814C28
c:\program files\MyWebSearch\bar\Cache\00D87C97.bmp
c:\program files\MyWebSearch\bar\Cache\0159A0C6
c:\program files\MyWebSearch\bar\Cache\0159A385.bin
c:\program files\MyWebSearch\bar\Cache\0159B279.bin
c:\program files\MyWebSearch\bar\Cache\0159B41F.bin
c:\program files\MyWebSearch\bar\Cache\0159B632.bin
c:\program files\MyWebSearch\bar\Cache\01FFFF0B.bin
c:\program files\MyWebSearch\bar\Cache\0200040C.bin
c:\program files\MyWebSearch\bar\Cache\05064D17.bmp
c:\program files\MyWebSearch\bar\Cache\050675DC
c:\program files\MyWebSearch\bar\Cache\0506783E
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\jestertb.dll
c:\windows\regedit.com
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\taskmgr.com
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-21 do 2011-05-21 )))))))))))))))))))))))))))))))
.
.
2011-05-19 04:42 . 2011-05-19 04:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\OPPU
2011-05-17 20:44 . 2011-05-19 19:06 -------- d-----w- c:\windows\SxsCaPendDel
2011-05-15 17:38 . 2011-05-15 17:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype
2011-05-15 17:28 . 2004-08-03 21:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-05-15 17:28 . 2004-08-03 21:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-05-15 17:20 . 2011-05-15 17:21 -------- d-----w- c:\program files\trend micro
2011-05-15 17:20 . 2011-05-15 17:21 -------- d-----w- C:\rsit
2011-05-14 12:23 . 2011-05-14 12:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ERS G-Studio
2011-05-14 12:23 . 2011-05-14 12:23 -------- d-----w- c:\program files\Serif Standa
2011-05-14 12:20 . 2011-05-14 12:20 -------- d-----w- c:\documents and settings\tata1\Data aplikací\Špidla Data Processing, s.r.o
2011-05-14 12:20 . 2011-05-14 12:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Špidla Data Processing, s.r.o
2011-05-14 12:20 . 2011-05-14 12:20 -------- d-----w- c:\program files\Serif Standa 2 - Pripad ztracene veci
2011-05-11 18:05 . 2008-02-15 10:49 176128 ----a-w- c:\windows\system32\igfxres.dll
2011-05-11 18:02 . 2008-02-15 11:12 57344 ----a-w- c:\windows\system32\igxprd32.dll
2011-05-11 18:02 . 2008-02-15 11:12 1670144 ----a-w- c:\windows\system32\igxpdv32.dll
2011-05-11 18:02 . 2008-02-15 11:12 5854752 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2011-05-11 18:02 . 2008-02-15 11:12 151040 ----a-w- c:\windows\system32\igxpgd32.dll
2011-05-11 18:02 . 2008-02-15 11:21 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll
2011-05-11 18:02 . 2008-02-15 11:12 2643968 ----a-w- c:\windows\system32\igxpdx32.dll
2011-05-11 18:02 . 2008-02-15 10:49 176128 ----a-w- c:\windows\system32\igfxrsky.lrc
2011-05-11 18:02 . 2008-02-15 10:49 172032 ----a-w- c:\windows\system32\igfxrslv.lrc
2011-05-11 18:02 . 2011-05-11 18:02 -------- dc----w- c:\windows\system32\DRVSTORE
2011-05-11 18:02 . 2008-03-07 10:56 920088 ----a-w- c:\windows\system32\igxpun.exe
2011-05-11 18:02 . 2006-11-10 06:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-05-11 18:02 . 2011-05-11 18:02 -------- d-----w- C:\Intel
2011-04-21 18:58 . 2011-04-21 18:58 -------- d-----w- C:\OkiDriver
2011-04-21 16:53 . 2009-04-12 23:19 102400 ----a-w- c:\windows\system32\opnetext.dll
2011-04-21 16:53 . 2011-04-21 16:53 -------- d-----w- c:\program files\Okidata
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-08-18 12:00 94784 -csh--w- c:\windows\twain.dll
2004-08-18 12:00 50688 -csh--w- c:\windows\twain_32.dll
2004-08-18 12:00 1028096 -csh--w- c:\windows\system32\mfc42.dll
2004-08-18 12:00 54784 -csh--w- c:\windows\system32\msvcirt.dll
2004-08-18 12:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2004-08-18 12:00 343040 --sh--w- c:\windows\system32\msvcrt.dll
2007-12-04 18:41 550912 --sh--w- c:\windows\system32\oleaut32.dll
2004-08-18 12:00 83456 -csh--w- c:\windows\system32\olepro32.dll
2004-08-18 12:00 12288 -csh--w- c:\windows\system32\regsvr32.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
c:\documents and settings\tata1\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Launch WinVNC Server.lnk - c:\program files\TridiaVNC\win32\WinVNC.exe [2011-3-31 249856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Program Files\\TridiaVNC\\win32\\WinVNC.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19.5.2011 6:38 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.5.2011 6:38 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.5.2011 6:38 19544]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-21 c:\windows\Tasks\User_Feed_Synchronization-{027E10DB-AF4D-4AD2-A8B2-D31388F5FF5E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 01:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
Toolbar-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Notify-avgrsstarter - avgrsstx.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-21 07:05
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•6~*]
"A462EA97AED7FA94FAFAA7D2F807F615"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1552)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\sessmgr.exe
c:\windows\system32\rsvp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-05-21 07:07:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-21 05:07
.
Před spuštěním: 2 842 238 976
Po spuštění: 2 764 505 088
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9A92F51270B75C6D6D6837CB91D5863D

...takže viz výše... Jen možná ještě:
1) nově je na tomto počítači VNC (krátce) - vypnuto...
2) nedávno to házelo chybu qtime. "" (snažil jsem se ho odinstalovat a přerušoval jsem proces ve správci úloh)
3) COMBOFIX - start...
Děkuju-..

stáhněte GMER , rozbalte a spusťte

proběhne sken, po jehož ukončení se zobrazí výsledky

poté klikněte na Save a uložíte tak log, jeho obsah sem vložte

pak dle tohoto návodu absolvujte druhý sken a opět obsah logu sem

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit quick scan 2011-05-22 09:00:51
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800AAJS-00PSA0 rev.05.06H05
Running: gmer.exe; Driver: C:\DOCUME~1\tata1\LOCALS~1\Temp\ffkyypod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA7654BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA7654A5D]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

Musel jsem to rozdělit do dvou kvůli 106ti tisícům znaků...
...tvrdá práce... děkuji...

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-22 11:00:25
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800AAJS-00PSA0 rev.05.06H05
Running: gmer.exe; Driver: C:\DOCUME~1\tata1\LOCALS~1\Temp\ffkyypod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA7630202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA7696CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA76546C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA763281C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA7632874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA763298A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA7654075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA7632772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA76328C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA76327C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA7632938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA7630226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA7654D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA765503D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA7632C0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA7654BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA7654A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA7696D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA762FFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA763024A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA7632D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA7630CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA763284C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA763289C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA76329B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA76543D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA763279E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA7632A46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA7632904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA76327F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA7632B2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA7632962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA7696DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA76548D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA7630BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA765472A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA769FE48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA76536E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA763026E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA7630292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA763004A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA7630186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA7654E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA7630162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA76301AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA76302B6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2664 80501554 4 Bytes CALL 94F77A8F
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059A640 4 Bytes CALL A7631335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF809B45 5 Bytes JMP A7633CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF80FBC0 5 Bytes JMP A7633BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 4EF BF8255ED 5 Bytes JMP A7632F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 1E5F BF8341A1 5 Bytes JMP A7633E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 237D BF8346BF 5 Bytes JMP A7633B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 4564 BF8368A6 5 Bytes JMP A7634040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + EE3F BF841181 5 Bytes JMP A7632FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + DE42 BF85AD4E 5 Bytes JMP A7632E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3474 BF87111B 5 Bytes JMP A76331AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 34FF BF8711A6 5 Bytes JMP A7633352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 35C1 BF87593B 5 Bytes JMP A7633C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF894CB8 5 Bytes JMP A763332A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 3AA1 BF8B6854 5 Bytes JMP A7633D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 34B7 BF8BA260 5 Bytes JMP A7632E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 8A22 BF8BF7CB 5 Bytes JMP A7633F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 3E8 BF8C333C 5 Bytes JMP A763306A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8EB97D 5 Bytes JMP A76330DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8EBBFD 5 Bytes JMP A7633114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F9A43 5 Bytes JMP A7632DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19C1 BF913245 4 Bytes JMP A7632F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2595 BF913E19 5 Bytes JMP A7633034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EF4 BF916778 5 Bytes JMP A763346C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18EC BF94468A 5 Bytes JMP A7633EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\ComboFix\catchme.sys Systém nemůže nalézt uvedenou cestu. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[208] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[208] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[208] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[208] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[208] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[208] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[208] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[208] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[208] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[208] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[208] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[208] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[208] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[208] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[208] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[208] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[208] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[472] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[564] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[564] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[564] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[564] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[564] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[564] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[564] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[564] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\smss.exe[720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[744] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[744] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[744] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[744] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[744] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[744] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[744] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[744] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[744] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[744] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[744] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[744] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[744] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[744] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[744] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[744] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[744] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\csrss.exe[768] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[768] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[836] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[836] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[848] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[848] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[848] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[848] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1228] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1228] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1228] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1228] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1228] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1268] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1268] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1268] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1268] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1268] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003D1014
.text C:\Program Files\Java\jre6\bin\jqs.exe[1268] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003D0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1268] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003D0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1268] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003D0C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1268] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003D0E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[1268] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003D01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1268] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003D03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1268] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003D0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1268] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 003E0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1268] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 003E0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1268] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 003E0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1268] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003E01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1268] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1368] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1368] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1368] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1368] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1368] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\RTHDCPL.EXE[1428] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\WINDOWS\RTHDCPL.EXE[1428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[1428] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\WINDOWS\RTHDCPL.EXE[1428] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[1428] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 003C0A08
.text C:\WINDOWS\RTHDCPL.EXE[1428] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 003C0804
.text C:\WINDOWS\RTHDCPL.EXE[1428] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 003C0600
.text C:\WINDOWS\RTHDCPL.EXE[1428] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003C01F8
.text C:\WINDOWS\RTHDCPL.EXE[1428] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003C03FC
.text C:\WINDOWS\RTHDCPL.EXE[1428] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003D1014
.text C:\WINDOWS\RTHDCPL.EXE[1428] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003D0804
.text C:\WINDOWS\RTHDCPL.EXE[1428] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003D0A08
.text C:\WINDOWS\RTHDCPL.EXE[1428] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\RTHDCPL.EXE[1428] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003D0E10
.text C:\WINDOWS\RTHDCPL.EXE[1428] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003D01F8
.text C:\WINDOWS\RTHDCPL.EXE[1428] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003D03FC
.text C:\WINDOWS\RTHDCPL.EXE[1428] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003D0600

...pokračování...
.text C:\Program Files\QuickTime\qttask.exe[1480] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\QuickTime\qttask.exe[1480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\QuickTime\qttask.exe[1480] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\QuickTime\qttask.exe[1480] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\QuickTime\qttask.exe[1480] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 003D0A08
.text C:\Program Files\QuickTime\qttask.exe[1480] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 003D0804
.text C:\Program Files\QuickTime\qttask.exe[1480] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 003D0600
.text C:\Program Files\QuickTime\qttask.exe[1480] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003D01F8
.text C:\Program Files\QuickTime\qttask.exe[1480] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003D03FC
.text C:\Program Files\QuickTime\qttask.exe[1480] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003E1014
.text C:\Program Files\QuickTime\qttask.exe[1480] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003E0804
.text C:\Program Files\QuickTime\qttask.exe[1480] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003E0A08
.text C:\Program Files\QuickTime\qttask.exe[1480] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003E0C0C
.text C:\Program Files\QuickTime\qttask.exe[1480] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003E0E10
.text C:\Program Files\QuickTime\qttask.exe[1480] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003E01F8
.text C:\Program Files\QuickTime\qttask.exe[1480] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003E03FC
.text C:\Program Files\QuickTime\qttask.exe[1480] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\hkcmd.exe[1536] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\hkcmd.exe[1536] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[1536] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\hkcmd.exe[1536] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[1536] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\hkcmd.exe[1536] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\hkcmd.exe[1536] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\hkcmd.exe[1536] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\hkcmd.exe[1536] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\hkcmd.exe[1536] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003F1014
.text C:\WINDOWS\system32\hkcmd.exe[1536] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\hkcmd.exe[1536] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\hkcmd.exe[1536] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003F0C0C
.text C:\WINDOWS\system32\hkcmd.exe[1536] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003F0E10
.text C:\WINDOWS\system32\hkcmd.exe[1536] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\hkcmd.exe[1536] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\hkcmd.exe[1536] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003F0600
.text C:\WINDOWS\explorer.exe[1552] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\explorer.exe[1552] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\explorer.exe[1552] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\explorer.exe[1552] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\explorer.exe[1552] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00371014
.text C:\WINDOWS\explorer.exe[1552] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00370804
.text C:\WINDOWS\explorer.exe[1552] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00370A08
.text C:\WINDOWS\explorer.exe[1552] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00370C0C
.text C:\WINDOWS\explorer.exe[1552] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00370E10
.text C:\WINDOWS\explorer.exe[1552] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003701F8
.text C:\WINDOWS\explorer.exe[1552] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003703FC
.text C:\WINDOWS\explorer.exe[1552] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00370600
.text C:\WINDOWS\explorer.exe[1552] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00380A08
.text C:\WINDOWS\explorer.exe[1552] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00380804
.text C:\WINDOWS\explorer.exe[1552] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00380600
.text C:\WINDOWS\explorer.exe[1552] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003801F8
.text C:\WINDOWS\explorer.exe[1552] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\igfxtray.exe[1556] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\igfxtray.exe[1556] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\igfxtray.exe[1556] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\igfxtray.exe[1556] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\igfxtray.exe[1556] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\igfxtray.exe[1556] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\igfxtray.exe[1556] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\igfxtray.exe[1556] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\igfxtray.exe[1556] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\igfxtray.exe[1556] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003F1014
.text C:\WINDOWS\system32\igfxtray.exe[1556] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\igfxtray.exe[1556] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\igfxtray.exe[1556] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003F0C0C
.text C:\WINDOWS\system32\igfxtray.exe[1556] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003F0E10
.text C:\WINDOWS\system32\igfxtray.exe[1556] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\igfxtray.exe[1556] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\igfxtray.exe[1556] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\igfxpers.exe[1588] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\igfxpers.exe[1588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[1588] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\igfxpers.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[1588] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\igfxpers.exe[1588] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\igfxpers.exe[1588] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\igfxpers.exe[1588] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\igfxpers.exe[1588] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\igfxpers.exe[1588] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003E1014
.text C:\WINDOWS\system32\igfxpers.exe[1588] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\igfxpers.exe[1588] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\igfxpers.exe[1588] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\system32\igfxpers.exe[1588] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003E0E10
.text C:\WINDOWS\system32\igfxpers.exe[1588] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\igfxpers.exe[1588] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\igfxpers.exe[1588] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003E0600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1596] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1596] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003F1014
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003F0804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003F0A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003F0C0C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003F0E10
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003F01F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003F03FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003F0600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00410A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00410804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00410600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 004101F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 004103FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[1752] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\rundll32.exe[1752] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[1752] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\rundll32.exe[1752] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[1752] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\rundll32.exe[1752] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\rundll32.exe[1752] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\rundll32.exe[1752] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\rundll32.exe[1752] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\rundll32.exe[1752] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\rundll32.exe[1752] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\rundll32.exe[1752] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\rundll32.exe[1752] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\rundll32.exe[1752] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\rundll32.exe[1752] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\rundll32.exe[1752] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\rundll32.exe[1752] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\igfxsrvc.exe[1764] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\igfxsrvc.exe[1764] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[1764] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\igfxsrvc.exe[1764] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[1764] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\igfxsrvc.exe[1764] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\igfxsrvc.exe[1764] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\igfxsrvc.exe[1764] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\igfxsrvc.exe[1764] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\igfxsrvc.exe[1764] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003E1014
.text C:\WINDOWS\system32\igfxsrvc.exe[1764] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\igfxsrvc.exe[1764] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\igfxsrvc.exe[1764] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\system32\igfxsrvc.exe[1764] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003E0E10
.text C:\WINDOWS\system32\igfxsrvc.exe[1764] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\igfxsrvc.exe[1764] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\igfxsrvc.exe[1764] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003E0600
.text E:\Program Files\Mozilla Firefox\firefox.exe[1804] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text E:\Program Files\Mozilla Firefox\firefox.exe[1804] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text E:\Program Files\Mozilla Firefox\firefox.exe[1804] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text E:\Program Files\Mozilla Firefox\firefox.exe[1804] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text E:\Program Files\Mozilla Firefox\firefox.exe[1804] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00811014
.text E:\Program Files\Mozilla Firefox\firefox.exe[1804] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00810804
.text E:\Program Files\Mozilla Firefox\firefox.exe[1804] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00810A08
.text E:\Program Files\Mozilla Firefox\firefox.exe[1804] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00810C0C
.text E:\Program Files\Mozilla Firefox\firefox.exe[1804] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00810E10
.text E:\Program Files\Mozilla Firefox\firefox.exe[1804] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 008101F8
.text E:\Program Files\Mozilla Firefox\firefox.exe[1804] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 008103FC
.text E:\Program Files\Mozilla Firefox\firefox.exe[1804] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00810600
.text E:\Program Files\Mozilla Firefox\firefox.exe[1804] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00820A08
.text E:\Program Files\Mozilla Firefox\firefox.exe[1804] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00820804
.text E:\Program Files\Mozilla Firefox\firefox.exe[1804] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00820600
.text E:\Program Files\Mozilla Firefox\firefox.exe[1804] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 008201F8
.text E:\Program Files\Mozilla Firefox\firefox.exe[1804] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 008203FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1908] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1908] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1908] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1908] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003D1014
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1908] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003D0804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1908] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003D0A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1908] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003D0C0C
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1908] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003D0E10
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1908] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003D01F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1908] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003D03FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1908] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003D0600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1908] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 003E0A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1908] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 003E0804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1908] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 003E0600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1908] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003E01F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1908] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003E03FC
.text C:\Program Files\TridiaVNC\win32\WinVNC.exe[1936] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\TridiaVNC\win32\WinVNC.exe[1936] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\TridiaVNC\win32\WinVNC.exe[1936] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\TridiaVNC\win32\WinVNC.exe[1936] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\TridiaVNC\win32\WinVNC.exe[1936] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003F1014
.text C:\Program Files\TridiaVNC\win32\WinVNC.exe[1936] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003F0804
.text C:\Program Files\TridiaVNC\win32\WinVNC.exe[1936] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003F0A08
.text C:\Program Files\TridiaVNC\win32\WinVNC.exe[1936] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003F0C0C
.text C:\Program Files\TridiaVNC\win32\WinVNC.exe[1936] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003F0E10
.text C:\Program Files\TridiaVNC\win32\WinVNC.exe[1936] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003F01F8
.text C:\Program Files\TridiaVNC\win32\WinVNC.exe[1936] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003F03FC
.text C:\Program Files\TridiaVNC\win32\WinVNC.exe[1936] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003F0600
.text C:\Program Files\TridiaVNC\win32\WinVNC.exe[1936] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00440A08
.text C:\Program Files\TridiaVNC\win32\WinVNC.exe[1936] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00440804
.text C:\Program Files\TridiaVNC\win32\WinVNC.exe[1936] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00440600
.text C:\Program Files\TridiaVNC\win32\WinVNC.exe[1936] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 004401F8
.text C:\Program Files\TridiaVNC\win32\WinVNC.exe[1936] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 004403FC
.text C:\WINDOWS\system32\wuauclt.exe[2420] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[2420] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2420] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[2420] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2420] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00371014
.text C:\WINDOWS\system32\wuauclt.exe[2420] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\wuauclt.exe[2420] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\wuauclt.exe[2420] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00370C0C
.text C:\WINDOWS\system32\wuauclt.exe[2420] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00370E10
.text C:\WINDOWS\system32\wuauclt.exe[2420] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\wuauclt.exe[2420] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\wuauclt.exe[2420] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\wuauclt.exe[2420] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\wuauclt.exe[2420] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\wuauclt.exe[2420] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\wuauclt.exe[2420] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\wuauclt.exe[2420] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\alg.exe[2752] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2752] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2752] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2752] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2752] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\alg.exe[2752] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\alg.exe[2752] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\alg.exe[2752] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\alg.exe[2752] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\alg.exe[2752] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\alg.exe[2752] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\alg.exe[2752] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\alg.exe[2752] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\alg.exe[2752] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\alg.exe[2752] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\alg.exe[2752] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\alg.exe[2752] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00300600
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00731014
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00730804
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00730A08
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00730C0C
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00730E10
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 007301F8
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 007303FC
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00730600
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] USER32.dll!SetWindowLongA 7E36D60D 5 Bytes JMP 10698DD9 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] USER32.dll!SetWindowLongW 7E36D62B 5 Bytes JMP 10698D6B E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] USER32.dll!GetWindowInfo 7E36E77C 5 Bytes JMP 104C7187 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00740A08
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00740804
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00740600
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 007401F8
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 007403FC
.text E:\Program Files\Mozilla Firefox\plugin-container.exe[2796] USER32.dll!TrackPopupMenu 7E3B50EE 5 Bytes JMP 104C7781 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\system32\wscntfy.exe[2884] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wscntfy.exe[2884] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2884] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wscntfy.exe[2884] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2884] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\wscntfy.exe[2884] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\wscntfy.exe[2884] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\wscntfy.exe[2884] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\wscntfy.exe[2884] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\wscntfy.exe[2884] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00321014
.text C:\WINDOWS\system32\wscntfy.exe[2884] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\wscntfy.exe[2884] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\wscntfy.exe[2884] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00320C0C
.text C:\WINDOWS\system32\wscntfy.exe[2884] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00320E10
.text C:\WINDOWS\system32\wscntfy.exe[2884] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\wscntfy.exe[2884] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\wscntfy.exe[2884] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00320600
.text E:\odvirovani\gmer\gmer.exe[3624] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text E:\odvirovani\gmer\gmer.exe[3624] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text E:\odvirovani\gmer\gmer.exe[3624] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text E:\odvirovani\gmer\gmer.exe[3624] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text E:\odvirovani\gmer\gmer.exe[3624] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 009B1014
.text E:\odvirovani\gmer\gmer.exe[3624] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 009B0804
.text E:\odvirovani\gmer\gmer.exe[3624] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 009B0A08
.text E:\odvirovani\gmer\gmer.exe[3624] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 009B0C0C
.text E:\odvirovani\gmer\gmer.exe[3624] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 009B0E10
.text E:\odvirovani\gmer\gmer.exe[3624] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 009B01F8
.text E:\odvirovani\gmer\gmer.exe[3624] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 009B03FC
.text E:\odvirovani\gmer\gmer.exe[3624] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 009B0600
.text E:\odvirovani\gmer\gmer.exe[3624] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 009C0A08
.text E:\odvirovani\gmer\gmer.exe[3624] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 009C0804
.text E:\odvirovani\gmer\gmer.exe[3624] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 009C0600
.text E:\odvirovani\gmer\gmer.exe[3624] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 009C01F8
.text E:\odvirovani\gmer\gmer.exe[3624] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 009C03FC
.text C:\WINDOWS\System32\svchost.exe[3748] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[3748] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3748] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[3748] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3748] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\System32\svchost.exe[3748] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[3748] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[3748] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\System32\svchost.exe[3748] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\System32\svchost.exe[3748] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[3748] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[3748] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[3748] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[3748] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[3748] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[3748] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[3748] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\NOTEPAD.EXE[4004] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\NOTEPAD.EXE[4004] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\NOTEPAD.EXE[4004] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\NOTEPAD.EXE[4004] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\NOTEPAD.EXE[4004] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\NOTEPAD.EXE[4004] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\NOTEPAD.EXE[4004] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\NOTEPAD.EXE[4004] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\NOTEPAD.EXE[4004] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\NOTEPAD.EXE[4004] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\NOTEPAD.EXE[4004] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\NOTEPAD.EXE[4004] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\NOTEPAD.EXE[4004] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\NOTEPAD.EXE[4004] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\NOTEPAD.EXE[4004] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\NOTEPAD.EXE[4004] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\NOTEPAD.EXE[4004] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003103FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[836] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00620002
IAT C:\WINDOWS\system32\services.exe[836] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00620000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG 1024 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\image\WINDOWS 0 bytes
File C:\## aswSnx private storage\webStorage\image\WINDOWS\Prefetch 0 bytes
File C:\## aswSnx private storage\webStorage\image\WINDOWS\Prefetch\FIREFOX.EXE-0DB651BD.pf 18740 bytes
File C:\## aswSnx private storage\webStorage\snx_fs.dat 474 bytes

---- EOF - GMER 1.0.15 ----

mělo by to být vše čisté

ještě po sobě uklidím:
stáhněte T-Cleaner zde http://sweb.cz/Marinus/T-Cleaner.exe

text s dotazem, který se vám zobrazí jako první stiskněte klávesu A a potvrďte Enter
na další dva dotazy stiskněte klávesu N a potvrďte Enter

T-Cleaner smaže utility, které jsme použili

pokud nemáte nějaký další problém, je to ode mne vše

Omlouváme se, ale požadovaná stránka nebyla nalezena.... jdu hledat jinde T-Cleaner-...