zpomalení PC po použití CCleaner

[pettr]

Dobrý večer, mám XP, asi potřebuji stáhnout RSIT - 32bit?, děkuji

[Danstahr]

Dobrý večer ,

stažení 32bit verze je jistota, stáhněte tu.

[pettr]

Díky, takže k problému. Dělal jsem údžbu: Avasthome, CCleaner, Spyboot - vše OK, Malware Destroyer -ten nebyl dlouho apgrejdovaný a šíleně dlouho 2 -hodiny stahoval - něco. Přerušil jsem to. Začal padat Gooogle Earth -tma , samovolný restart PC a stále dokola. Odinstalace, instalace -OK. Potom jsem řešil nový tarif na internet a v té souvislosti instaloval Operu 11.11. Od té doby mám pocit že se jakýkoliv program otevírá pomalu, pomaleji než je zvyk. Jakmile je už jednou otevřený, shodí se a opět otevře, už je to rychlejší. díky
Logfile of random's system information tool 1.08 (written by random/random)
Run by Petr at 2011-06-15 21:29:34
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (27%) free of 10 GB
Total RAM: 1023 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:30:44, on 15.6.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
D:\_Downloaded files\RSIT1_08\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... &gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 5946 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-15 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-06-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2001-10-27 270336]
"HydarVisionDesktopManager"= []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"DiskeeperSystray"=C:\Program Files\Executive Software\Diskeeper\DkIcon.exe [2004-12-22 180312]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-05-10 3459712]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"ATI Launchpad"= []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
C:\PROGRA~1\Magentic\bin\Magentic.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2007-05-15 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Software Kodak EasyShare.lnk]
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.exe.lnk -
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Documents and Settings\Petr\Data aplikací\Opera\Opera\profile\cache4\temporary_download\incredimail_install.exe"="C:\Documents and Settings\Petr\Data aplikací\Opera\Opera\profile\cache4\temporary_download\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare"
"C:\Program Files\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare"
"C:\Program Files\Magentic\bin\MgImp.exe"="C:\Program Files\Magentic\bin\MgImp.exe:*:Disabled:Magentic"
"C:\Program Files\Magentic\bin\MgApp.exe"="C:\Program Files\Magentic\bin\MgApp.exe:*:Disabled:Magentic"
"C:\Program Files\Magentic\bin\Magentic.exe"="C:\Program Files\Magentic\bin\Magentic.exe:*:Disabled:Magentic"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2011-06-15 19:27:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2011-06-15 19:27:19 ----D---- C:\Program Files\Common Files\Java
2011-06-15 19:26:52 ----A---- C:\WINDOWS\system32\javaws.exe
2011-06-15 19:26:52 ----A---- C:\WINDOWS\system32\javaw.exe
2011-06-15 19:26:52 ----A---- C:\WINDOWS\system32\java.exe
2011-06-15 19:26:52 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-06-15 19:26:25 ----D---- C:\Program Files\Java
2011-06-15 19:25:29 ----D---- C:\Documents and Settings\Petr\Data aplikací\Sun
2011-06-11 06:45:50 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-05-29 17:59:16 ----D---- C:\WINDOWS\WBEM
2011-05-29 17:57:55 ----HDC---- C:\WINDOWS\ie8
2011-05-29 17:57:55 ----D---- C:\WINDOWS\system32\cs-CZ

======List of files/folders modified in the last 1 months======

2011-06-15 21:30:03 ----D---- C:\Program Files\trend micro
2011-06-15 21:29:41 ----D---- C:\WINDOWS\Prefetch
2011-06-15 21:05:53 ----A---- C:\WINDOWS\wincmd.ini
2011-06-15 19:44:40 ----D---- C:\WINDOWS\Temp
2011-06-15 19:28:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-06-15 19:27:20 ----SHD---- C:\WINDOWS\Installer
2011-06-15 19:27:19 ----D---- C:\Program Files\Common Files
2011-06-15 19:26:52 ----D---- C:\WINDOWS\system32
2011-06-15 19:26:25 ----D---- C:\Program Files
2011-06-15 19:01:38 ----D---- C:\Documents and Settings\Petr\Data aplikací\Skype
2011-06-15 16:01:46 ----D---- C:\Documents and Settings\Petr\Data aplikací\skypePM
2011-06-12 20:25:05 ----D---- C:\WINDOWS
2011-06-11 22:32:19 ----D---- C:\WINDOWS\system32\CatRoot2
2011-06-11 06:45:50 ----D---- C:\WINDOWS\system32\drivers
2011-06-08 20:01:12 ----D---- C:\Documents and Settings\Petr\Data aplikací\dvdcss
2011-06-04 16:07:13 ----D---- C:\Program Files\Google
2011-06-04 16:06:12 ----SD---- C:\WINDOWS\Tasks
2011-06-03 21:29:35 ----D---- C:\Program Files\Opera
2011-06-03 21:29:28 ----SD---- C:\Documents and Settings\Petr\Data aplikací\Microsoft
2011-05-29 18:01:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-05-29 18:01:02 ----HD---- C:\WINDOWS\inf
2011-05-29 18:01:02 ----D---- C:\WINDOWS\Help
2011-05-29 18:01:02 ----D---- C:\Program Files\Internet Explorer
2011-05-29 17:59:07 ----D---- C:\WINDOWS\Media
2011-05-26 16:55:06 ----D---- C:\WINDOWS\system32\config
2011-05-26 16:54:50 ----D---- C:\WINDOWS\system32\wbem
2011-05-26 16:54:49 ----D---- C:\WINDOWS\Registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-04 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-29 43528]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-05-10 30808]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-05-10 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-05-10 49240]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-05-10 102616]
R2 ATITUNEP;ATI WDM TV Tuner; C:\WINDOWS\system32\DRIVERS\atintuxx.sys [2001-10-27 35952]
R2 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\WINDOWS\system32\DRIVERS\atinxsxx.sys [2001-10-27 32752]
R2 CINEMSUP;Software Cinemaster NT4.0 Driver; C:\WINDOWS\SYSTEM32\DRIVERS\CINEMSUP.SYS [2001-10-01 6144]
R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2001-10-27 11280]
R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 SpeakerPhone;SpeakerPhone; C:\WINDOWS\system32\DRIVERS\HSF_SPKP.sys [2001-08-17 73279]
R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 TTDec;ATI WDM Teletext Decoder; C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [2001-10-27 20960]
R2 V124;V124; C:\WINDOWS\system32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2001-10-27 349184]
R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2001-10-27 65024]
R3 ativraxx;ATI WDM Rage Theater Audio; C:\WINDOWS\system32\DRIVERS\atinraxx.sys [2001-10-27 32848]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 basic2;basic2; C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 hsf_msft;hsf_msft; C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-05-10 42184]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\Diskeeper\DkService.exe [2004-12-22 602220]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-06-15 153376]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-04 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

-----------------EOF-----------------

[Danstahr]

Odinstalujte Ask toolbar a další toolbary, které nepoužíváte.

Prozatím odisntalujte Spybota, IncrediMail a Diskeeper

Stáhněte a spusťte TFC, stiskněte tlačítko Start. Po použití smažte.

Stáhněte OTL.

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  netsvcs
  drivers32
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  c:\windows\*.* /U
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  /md5start
  adp3132.sys
  AGP440.sys
  ahcix86.sys
  ahcix86s.sys
  atapi.sys
  autochk.exe
  cdrom.sys
  cngaudit.dll
  cryptsvc.dll
  eNetHook.dll
  eventlog.dll
  explorer.exe
  hal.dll
  Changer.sys
  iaStor.sys
  iastorv.sys
  IdeChnDr.sys
  isapnp.sys
  JakNDis.sys
  KR10N.sys
  logevent.dll
  lsass.exe
  mv61xx.sys
  ndis.sys
  netlogon.dll
  ntelogon.dll
  nvata.sys
  nvatabus.sys
  nvgts.sys
  nvraid.sys
  nvrd32.sys
  nvstor.sys
  nvstor32.sys
  scecli.dll
  sceclt.dll
  smss.exe
  svchost.exe
  symmpi.sys
  tcpip.sys
  userinit.exe
  vaxscsi.sys
  viamraid.sys
  viasraid.sys
  ViPrt.sys
  winlogon.exe
  ws2_32.dll
  /md5stop
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
  reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
  CREATERESTOREPOINT

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

[pettr]

googluji, ale odstranění tool barů - nevím jak, přes run appwiz.cpl to nejde, v IE sem je zakázal, v Opeře úplně mimo kontrolu - nevím, Řešit poštövního klienta, z toho mám bobky. Jinak by to nešlo? Díky

[Danstahr]

Tak tedy toolbary a programy nechte a proveďte jen ty dva poslední body. IncrediMail osobně nemám příliš v lásce a doporučuji místo něj jiné programy, ale pokud na něm trváte, přemlouvat Vás nebudu.

[pettr]

IncrediMail souhlkasím s váma, ale manželka bez něho nemůže být. Oba exače proběhly, na začátku řval Avast, když skončil TFC, asi jsem odklep restart, bylo tam okno, jen jsem ho odstřelil OKjem.
OTL logfile created on: 15.6.2011 23:32:29 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = D:\_Downloaded files\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1023,49 Mb Total Physical Memory | 525,91 Mb Available Physical Memory | 51,38% Memory free
1,28 Gb Paging File | 0,89 Gb Available in Paging File | 69,86% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 2,71 Gb Free Space | 27,76% Space Free | Partition Type: NTFS
Drive D: | 46,12 Gb Total Space | 39,44 Gb Free Space | 85,52% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 197,50 Gb Free Space | 42,40% Space Free | Partition Type: NTFS

Computer Name: PETR-87F50839C2 | User Name: Petr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.06.15 23:28:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\_Downloaded files\OTL\OTL.exe
PRC - [2011.06.03 21:29:29 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011.05.10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.12.22 00:28:58 | 000,602,220 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe
PRC - [2003.12.03 07:01:00 | 000,753,700 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2001.10.27 07:32:54 | 000,270,336 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\system32\atiptaxx.exe


========== Modules (SafeList) ==========

MOD - [2011.06.15 23:28:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\_Downloaded files\OTL\OTL.exe
MOD - [2011.05.10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2006.08.25 17:51:20 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2004.12.22 00:28:58 | 000,602,220 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - [2011.05.10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.05.10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.05.10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.05.10 14:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.05.10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.05.10 13:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.05.10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2004.08.04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.08.04 00:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001.10.27 07:47:14 | 000,349,184 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2001.10.27 05:50:02 | 000,032,752 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio)
DRV - [2001.10.27 05:49:46 | 000,020,960 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atinttxx.sys -- (TTDec)
DRV - [2001.10.27 05:49:30 | 000,011,280 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2001.10.27 05:49:22 | 000,032,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2001.10.27 05:47:30 | 000,065,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2001.10.27 05:46:22 | 000,035,952 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP)
DRV - [2001.10.01 15:29:22 | 000,006,144 | ---- | M] (Ravisent Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CINEMSUP.SYS -- (CINEMSUP)
DRV - [2001.08.18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 23:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001.08.17 23:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001.08.17 23:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001.08.17 23:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001.08.17 23:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001.08.17 23:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001.08.17 23:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001.08.17 23:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001.08.17 23:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001.08.17 23:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2001.08.17 22:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-606747145-1202660629-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-606747145-1202660629-854245398-1003\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKU\S-1-5-21-606747145-1202660629-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009.09.06 18:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\extensions
[2009.09.06 18:31:36 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2009.07.01 20:41:42 | 000,316,788 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10870 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-606747145-1202660629-854245398-1003\..\Toolbar\ShellBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-606747145-1202660629-854245398-1003\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Executive Software\Diskeeper\DkIcon.exe (Executive Software International, Inc.)
O4 - HKLM..\Run: [HydarVisionDesktopManager] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKU\S-1-5-21-606747145-1202660629-854245398-1003..\Run: [ATI Launchpad] File not found
O4 - HKU\S-1-5-21-606747145-1202660629-854245398-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.exe.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-1202660629-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.240.0.214 83.240.0.215
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.03.03 22:34:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DRAW - DVIDEO.DLL File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VCR1 - ATIVCR1.DLL File not found
Drivers32: VIDC.VCR2 - ATIVCR2.DLL File not found
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\atiyuv12.dll ()
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 7 Days ==========

[2011.06.15 19:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2011.06.15 19:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.06.15 19:26:52 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.06.15 19:26:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.06.15 19:26:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.06.15 19:26:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.06.15 19:26:52 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.06.15 19:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.06.15 19:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petr\Data aplikací\Sun
[2011.06.11 06:45:50 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

========== Files - Modified Within 7 Days ==========

[2011.06.15 23:26:24 | 000,004,621 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2011.06.15 23:26:00 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.15 23:25:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.06.15 23:25:09 | 1073,274,880 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.15 23:21:44 | 000,397,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.06.15 23:21:44 | 000,395,062 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.06.15 23:21:44 | 000,070,556 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.06.15 23:21:44 | 000,059,916 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.06.15 23:11:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.15 22:32:27 | 000,002,701 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2011.06.15 19:26:32 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.06.15 19:26:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.06.15 19:26:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.06.15 19:26:32 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.06.15 19:26:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.06.15 14:40:52 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2011.06.14 14:52:00 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Petr\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.14 14:41:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.06.12 20:37:22 | 000,023,148 | -H-- | M] () -- C:\WINDOWS\System32\Atmcsyxx.GID
[2011.06.11 22:31:13 | 000,000,031 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2011.06.11 06:45:50 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

========== Files Created - No Company Name ==========

[2010.12.19 20:26:04 | 000,000,342 | ---- | C] () -- C:\WINDOWS\WTRDICT.INI
[2010.12.19 20:26:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\STXKBD.INI
[2009.03.11 21:22:21 | 000,000,178 | ---- | C] () -- C:\WINDOWS\arbasew.ini
[2009.01.05 21:57:18 | 000,004,251 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2008.11.23 20:08:05 | 000,003,487 | ---- | C] () -- C:\WINDOWS\MDVDP.Ini
[2008.05.04 17:57:39 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.04.02 21:12:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WEBTRANS.INI
[2008.04.02 21:07:30 | 000,000,134 | ---- | C] () -- C:\WINDOWS\WEBWTR.INI
[2008.02.21 20:26:44 | 000,002,383 | ---- | C] () -- C:\WINDOWS\WINTRAN.INI
[2007.06.25 18:42:20 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007.05.31 20:26:47 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Petr\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.05.25 21:52:37 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2007.05.08 14:27:37 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007.04.24 22:28:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2007.04.24 22:19:15 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2007.04.24 22:19:10 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2007.04.24 22:19:10 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2007.04.24 22:19:00 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2007.04.24 22:18:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HydraFra.dll
[2007.04.24 22:18:17 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\HydraEsp.dll
[2007.04.24 22:18:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\HydraPtb.dll
[2007.04.24 22:18:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\HydraNln.dll
[2007.04.24 22:18:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\HydraIta.dll
[2007.04.24 22:18:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraSvs.dll
[2007.04.24 22:18:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraNon.dll
[2007.04.24 22:18:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraFif.dll
[2007.04.24 22:18:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraDad.dll
[2007.04.24 22:18:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\HydraJan.dll
[2007.04.24 22:18:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\HydraKor.dll
[2007.04.24 22:18:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\HydraZht.dll
[2007.04.24 22:18:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\HydraZhs.dll
[2007.04.24 22:18:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ViewHook.dll
[2007.04.24 22:08:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.03.20 20:09:42 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Petr.ini
[2007.03.07 23:17:57 | 000,001,160 | ---- | C] () -- C:\WINDOWS\visualdirsize.ini
[2007.03.07 22:59:51 | 000,000,133 | ---- | C] () -- C:\WINDOWS\lsplugin.ini
[2007.03.04 18:15:36 | 000,002,701 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2007.03.03 23:53:45 | 000,000,031 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007.03.03 23:35:33 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.03.03 23:26:23 | 000,004,621 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.03.03 23:23:26 | 000,035,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2007.03.03 23:23:24 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2007.03.03 23:23:21 | 000,032,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2007.03.03 23:23:18 | 000,032,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2007.03.03 23:23:17 | 000,011,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2007.03.03 23:23:16 | 000,020,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2007.03.03 23:19:45 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.03.03 23:18:19 | 000,195,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.03.03 22:38:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007.03.03 22:29:07 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.17 16:58:58 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.10.27 05:49:38 | 000,011,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2001.10.27 05:48:52 | 000,060,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2001.10.25 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.25 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.10.25 14:00:00 | 000,397,696 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.10.25 14:00:00 | 000,395,062 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2001.10.25 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.10.25 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2001.10.25 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.10.25 14:00:00 | 000,070,556 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2001.10.25 14:00:00 | 000,059,916 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.10.25 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.10.25 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2001.10.25 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.10.25 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.10.25 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001.10.15 22:47:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010.04.17 22:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2008.10.28 18:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2008.10.28 18:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk(2)
[2009.06.10 19:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IM
[2009.06.10 19:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IncrediMail
[2008.10.28 18:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\n7-89-o9-3r-4t-r9
[2009.09.28 16:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2007.03.05 21:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Autodesk
[2009.12.02 22:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\f2fElementary
[2009.10.28 19:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\f2fStarter
[2009.09.06 18:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Foxit
[2007.11.02 18:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\GameHouse
[2009.02.24 22:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Leadertech
[2007.03.03 22:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Opera
[2007.05.11 20:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Zoner

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.17 16:49:24 | 000,015,360 | ---- | M] (Microsoft Corporation)
"ATI Launchpad" =
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -- [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2008.12.16 22:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.10.17 19:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Adobe
[2007.05.25 21:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Apple Computer
[2007.03.05 21:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Autodesk
[2007.04.24 22:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\CyberLink
[2011.06.08 20:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\dvdcss
[2009.12.02 22:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\f2fElementary
[2009.10.28 19:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\f2fStarter
[2009.09.06 18:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Foxit
[2007.11.02 18:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\GameHouse
[2007.10.01 20:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Google
[2007.05.16 18:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Help
[2007.03.03 22:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Identities
[2009.02.24 22:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Leadertech
[2007.03.05 19:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Macromedia
[2011.06.03 21:29:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Petr\Data aplikací\Microsoft
[2007.03.03 23:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Microsoft Web Folders
[2009.09.06 18:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Mozilla
[2007.03.03 22:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Opera
[2011.06.15 19:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Skype
[2011.06.15 16:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\skypePM
[2011.06.15 19:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Sun
[2008.06.13 21:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\vlc
[2009.09.01 21:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\WinRAR
[2007.05.11 20:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Zoner

< %APPDATA%\*.exe /s >


< MD5 for: AGP440.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2004.08.17 16:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 16:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004.08.03 23:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 16:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.17 16:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2004.08.17 16:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 16:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.03 23:59:08 | 000,081,280 | ---- | M] (Microsoft Corporation) MD5=4AF58CA3425F28FC5E3DB47DC122F722 -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 16:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 16:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 16:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.17 16:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 16:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.17 16:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 16:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.17 16:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2004.08.17 16:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.17 16:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004.08.17 16:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.17 16:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 16:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.17 16:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 16:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.17 16:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007.03.03 23:17:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.03.03 23:17:48 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.03.03 23:17:48 | 000,458,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.06.15 19:26:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\deployJava1.dll
[2011.06.15 19:26:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
[2011.06.15 19:26:32 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javacpl.cpl
[2011.06.15 19:26:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe
[2011.06.15 19:26:32 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaws.exe
[2011.06.15 23:21:44 | 000,070,556 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2011.06.15 23:21:44 | 000,059,916 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2011.06.15 23:21:44 | 000,395,062 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2011.06.15 23:21:44 | 000,397,696 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2011.06.15 23:21:44 | 000,934,374 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2011.06.14 14:41:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %fystemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %fystemRoot%\system32\svchost.exe -k netsvcs

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:798A3728
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:BB24555F

< End of report >
OTL Extras logfile created on: 15.6.2011 23:32:29 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = D:\_Downloaded files\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1023,49 Mb Total Physical Memory | 525,91 Mb Available Physical Memory | 51,38% Memory free
1,28 Gb Paging File | 0,89 Gb Available in Paging File | 69,86% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 2,71 Gb Free Space | 27,76% Space Free | Partition Type: NTFS
Drive D: | 46,12 Gb Total Space | 39,44 Gb Free Space | 85,52% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 197,50 Gb Free Space | 42,40% Space Free | Partition Type: NTFS

Computer Name: PETR-87F50839C2 | User Name: Petr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-606747145-1202660629-854245398-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IMApp.exe" = C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Documents and Settings\Petr\Data aplikací\Opera\Opera\profile\cache4\temporary_download\incredimail_install.exe" = C:\Documents and Settings\Petr\Data aplikací\Opera\Opera\profile\cache4\temporary_download\incredimail_install.exe:*:Enabled:IncrediMail Installer
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare
"C:\Program Files\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare
"C:\Program Files\Magentic\bin\MgImp.exe" = C:\Program Files\Magentic\bin\MgImp.exe:*:Disabled:Magentic
"C:\Program Files\Magentic\bin\MgApp.exe" = C:\Program Files\Magentic\bin\MgApp.exe:*:Disabled:Magentic
"C:\Program Files\Magentic\bin\Magentic.exe" = C:\Program Files\Magentic\bin\Magentic.exe:*:Disabled:Magentic
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000405-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = DjVu Browser Plug-in 4.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = HydraVision
"{471F84BC-354F-4146-8BAD-883B9D7CD930}_is1" = Malware Destroyer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5783F2D7-0209-0409-0000-0060B0CE6BBA}" = AutoCAD LT 2004
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{76275358-C154-11D5-8D5A-00105A22D3D2}" = ATI Multimedia Center
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1" = Tetris
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B18CEC65-463D-49CA-9D5F-19B63E48015D}" = Diskeeper Professional Edition
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{FF895069-BD9A-11D5-986D-00500443CF9F}" = Moorhuhn 3 DL
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 6.0.1 CE" = Adobe Photoshop 6.0.1 CE
"Adobe SVG Viewer" = Adobe SVG Viewer
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Ask Toolbar_is1" = Foxit Toolbar
"ATI Display Driver" = ATI Display Driver
"ATI Teletext" = ATI Teletext
"Autodesk Express Viewer" = Autodesk Express Viewer
"avast" = avast! Free Antivirus
"Bejeweled Deluxe 1.6z" = Bejeweled Deluxe 1.6z
"CCleaner" = CCleaner (remove only)
"CDisplay_is1" = CDisplay 1.8
"Cradle of Rome" = Cradle of Rome
"DPacman" = Deluxe Pacman (remove only)
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Exact Audio Copy" = Exact Audio Copy 0.95b4
"Foxit Reader" = Foxit Reader
"hijackthis" = HijackThis 2.0.2
"Chainz" = Chainz
"ie8" = Windows Internet Explorer 8
"IncrediMail" = IncrediMail
"IrfanView" = IrfanView (remove only)
"Jewel Quest" = Jewel Quest
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Moorhuhn 2 V1.1" = Moorhuhn 2 V1.1
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Opera 11.11.2109" = Opera 11.11
"Rainbow Web_is1" = Rainbow Web 1.1
"ShockwaveFlash" = Macromedia Flash Player 8
"SpeedFan" = SpeedFan (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR
"Zoner Photo Studio 8_is1" = Zoner Photo Studio 8

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-606747145-1202660629-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SpeedMeter" = SpeedMeter

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 7.4.2008 8:45:25 | Computer Name = PETR-87F50839C2 | Source = avast! | ID = 33554522
Description =

Error - 2.1.2009 18:04:01 | Computer Name = PETR-87F50839C2 | Source = avast! | ID = 33554522
Description =

Error - 2.1.2009 18:04:11 | Computer Name = PETR-87F50839C2 | Source = avast! | ID = 33554522
Description =

Error - 8.6.2009 11:10:29 | Computer Name = PETR-87F50839C2 | Source = avast! | ID = 33554522
Description =

Error - 8.6.2009 13:23:19 | Computer Name = PETR-87F50839C2 | Source = avast! | ID = 33554522
Description =

Error - 8.6.2009 13:49:22 | Computer Name = PETR-87F50839C2 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 15.6.2011 17:26:07 | Computer Name = PETR-87F50839C2 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

[ System Events ]
Error - 15.6.2011 16:37:32 | Computer Name = PETR-87F50839C2 | Source = SideBySide | ID = 16842784
Description = Závislá symbolická adresa Microsoft.VC80.MFCLOC nebyla nalezena a
poslední chyba byla Sestavení určené odkazem není v systému nainstalováno. .

Error - 15.6.2011 16:37:32 | Computer Name = PETR-87F50839C2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly pro Microsoft.VC80.MFCLOC se nezdařila. Referenční
chybová zpráva: Sestavení určené odkazem není v systému nainstalováno. .

Error - 15.6.2011 16:37:32 | Computer Name = PETR-87F50839C2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context pro C:\Program Files\IncrediMail\bin\MFC80U.DLL
se nezdařila. Referenční chybová zpráva: Operace byla dokončena úspěšně. .

Error - 15.6.2011 16:47:33 | Computer Name = PETR-87F50839C2 | Source = SideBySide | ID = 16842784
Description = Závislá symbolická adresa Microsoft.VC80.MFCLOC nebyla nalezena a
poslední chyba byla Sestavení určené odkazem není v systému nainstalováno. .

Error - 15.6.2011 16:47:33 | Computer Name = PETR-87F50839C2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly pro Microsoft.VC80.MFCLOC se nezdařila. Referenční
chybová zpráva: Sestavení určené odkazem není v systému nainstalováno. .

Error - 15.6.2011 16:47:33 | Computer Name = PETR-87F50839C2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context pro C:\Program Files\IncrediMail\bin\MFC80U.DLL
se nezdařila. Referenční chybová zpráva: Operace byla dokončena úspěšně. .

Error - 15.6.2011 16:47:33 | Computer Name = PETR-87F50839C2 | Source = SideBySide | ID = 16842784
Description = Závislá symbolická adresa Microsoft.VC80.MFCLOC nebyla nalezena a
poslední chyba byla Sestavení určené odkazem není v systému nainstalováno. .

Error - 15.6.2011 16:47:33 | Computer Name = PETR-87F50839C2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly pro Microsoft.VC80.MFCLOC se nezdařila. Referenční
chybová zpráva: Sestavení určené odkazem není v systému nainstalováno. .

Error - 15.6.2011 16:47:33 | Computer Name = PETR-87F50839C2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context pro C:\Program Files\IncrediMail\bin\MFC80U.DLL
se nezdařila. Referenční chybová zpráva: Operace byla dokončena úspěšně. .

Error - 15.6.2011 16:57:33 | Computer Name = PETR-87F50839C2 | Source = SideBySide | ID = 16842784
Description = Závislá symbolická adresa Microsoft.VC80.MFCLOC nebyla nalezena a
poslední chyba byla Sestavení určené odkazem není v systému nainstalováno. .


< End of report >

[Danstahr]

Nějaké breberky se na nás smějí, zatrhneme jim tipec.

Spusťte znovu OTL, do okna dole vložte následující skript a klikněte na tlačítko Opravit :

Kód: Vybrat vše

:otl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
IE - HKU\S-1-5-21-606747145-1202660629-854245398-1003\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
[2009.09.06 18:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\extensions
[2009.09.06 18:31:36 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-606747145-1202660629-854245398-1003\..\Toolbar\ShellBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-606747145-1202660629-854245398-1003\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKU\S-1-5-21-606747145-1202660629-854245398-1003..\Run: [ATI Launchpad] File not found
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.exe.lnk = File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
[2008.10.28 18:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\n7-89-o9-3r-4t-r9
[2009.02.24 22:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Leadertech
[2011.06.15 23:21:44 | 000,397,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.06.15 23:21:44 | 000,395,062 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.06.15 23:21:44 | 000,070,556 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.06.15 23:21:44 | 000,059,916 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.06.15 23:11:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.15 23:26:00 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:798A3728
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:BB24555F

:Files
C:\Program Files\AskBarDis

:Commands
[EmptyTemp]
[ResetHosts]

Soubor C:\WINDOWS\System32\serwvdrv.dll otestujte na Virustotalu, v případě potřeby zvolte rescan.

• Stáhněte SWReg, uložte jej přímo na disk C!
• Na stránce http://tinyurl.com/653f7oz vložte do okna následující skript, přepněte nahoře přepínač na .bat, pojmenování zvolte libovolné a stiskněte tlačítko OK. Stažený soubor spusťte, problikne černé okno.

  Kód: Vybrat vše

  @echo off
  c:\swreg.exe ACL "HKLM\SYSTEM\CurrentControlSet\Control\Services\wuauserv" /RESET /Q
  c:\swreg.exe ACL "HKLM\SYSTEM\CurrentControlSet\Control\Services\BITS" /RESET /Q

• Na stránce http://tinyurl.com/653f7oz vložte do okna následující skript, pojmenování zvolte libovolné a stiskněte tlačítko OK. Stažený soubor spusťte a přidání informací do registru potvrďte.

  Kód: Vybrat vše

  Windows Registry Editor Version 5.00
  
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS]
  "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
    72,00,6F,00,6F,00,74,00,25,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
    33,00,32,00,5C,00,73,00,76,00,63,00,68,00,6F,00,73,00,74,00,2E,00,65,00,\
    78,00,65,00,20,00,2D,00,6B,00,20,00,6E,00,65,00,74,00,73,00,76,00,63,00,\
    73,00,00,00
  "Type"=dword:00000020
  "Start"=dword:00000002
  "ErrorControl"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv]
  "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
    72,00,6F,00,6F,00,74,00,25,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
    33,00,32,00,5C,00,73,00,76,00,63,00,68,00,6F,00,73,00,74,00,2E,00,65,00,\
    78,00,65,00,20,00,2D,00,6B,00,20,00,6E,00,65,00,74,00,73,00,76,00,63,00,\
    73,00,00,00
  "Type"=dword:00000020
  "Start"=dword:00000002
  "ErrorControl"=dword:00000001

• Na stránce http://tinyurl.com/653f7oz vložte do okna následující skript, přepněte nahoře přepínač na .bat, pojmenování zvolte libovolné a stiskněte tlačítko OK. Stažený soubor spusťte, problikne černé okno a otevře se poznámkový blok s logem.

  Kód: Vybrat vše

  net stop wuauserv >> "%userprofile%\plocha\kontrola.txt"
  net STOP BITS >> "%userprofile%\plocha\kontrola.txt"
  
  net start wuauserv >> "%userprofile%\plocha\kontrola.txt"
  net start BITS >> "%userprofile%\plocha\kontrola.txt"
  
  start notepad "%userprofile%\plocha\kontrola.txt"

Vytvořte log z GMERu podle návodu zde : http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

Všechny logy sem vložte.

[pettr]

Dobrý den. Zde je druhé OTL, pokračuji v krasojízdě
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-606747145-1202660629-854245398-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{C94E154B-1459-4A47-966B-4B843BEFC7DB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C94E154B-1459-4A47-966B-4B843BEFC7DB}\ deleted successfully.
C:\Program Files\AskSearch\bin\DefaultSearch.dll moved successfully.
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\extensions folder moved successfully.
Folder C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Program Files\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-606747145-1202660629-854245398-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-606747145-1202660629-854245398-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_USERS\S-1-5-21-606747145-1202660629-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ATI Launchpad deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.exe.lnk moved successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
C:\Documents and Settings\All Users\Data aplikací\n7-89-o9-3r-4t-r9 folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\Leadertech\PowerRegister folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\Leadertech folder moved successfully.
C:\WINDOWS\system32\perfh009.dat moved successfully.
C:\WINDOWS\system32\perfh005.dat moved successfully.
C:\WINDOWS\system32\perfc005.dat moved successfully.
C:\WINDOWS\system32\perfc009.dat moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:798A3728 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:BB24555F deleted successfully.
========== FILES ==========
C:\Program Files\AskBarDis\PopSwatter\History folder moved successfully.
C:\Program Files\AskBarDis\PopSwatter folder moved successfully.
C:\Program Files\AskBarDis\bar\Settings folder moved successfully.
C:\Program Files\AskBarDis\bar\History folder moved successfully.
C:\Program Files\AskBarDis\bar\Cache folder moved successfully.
C:\Program Files\AskBarDis\bar\bin folder moved successfully.
C:\Program Files\AskBarDis\bar folder moved successfully.
C:\Program Files\AskBarDis folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Petr
->Temp folder emptied: 935318 bytes
->Temporary Internet Files folder emptied: 44010 bytes
->Java cache emptied: 370711 bytes
->Opera cache emptied: 21465323 bytes
->Flash cache emptied: 749 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 446464 bytes

Total Files Cleaned = 22,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.24.0 log created on 06162011_180732

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...

[pettr]

Pokračuji, virus total:
POPRVÉ:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis: MD5: 7b9fc31d1dc7f61811e114a34623fafa
Date first seen: 2010-03-11 19:16:21 (UTC)
Date last seen: 2010-05-25 15:32:11 (UTC)
Detection ratio: 0/41


What do you wish to do? Reanalyse View last report

RESCAN:
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
serwvdrv.dll
Submission date:
2011-06-16 16:32:59 (UTC)
Current status:
queued
VT Community

not reviewed
Safety score: -
Antivirus Version Last Update Result
Additional information
Show all
MD5 : 7b9fc31d1dc7f61811e114a34623fafa
SHA1 : 2be40eb1084e0ee73a709de56c2680ce513530ed
SHA256: d6596a48457f6e4a2aa191ef3a790f5fee004309addd94311d2b3b19d481e3d1


VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team
Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?

SWReg 1.kolo, *.bat proběhlo, 2.kolo *.reg odmítlo zapsat do registru

TEĎ NEVÍM ZDA POKRAČOVAT TŘETÍM KROKEM NA TINYURL.COM, KDYŽ DRUHÝ NEPROŠEL????
čekám na pokyny, díky

[Danstahr]

Dobrá, registry zatím nechte být a pokračujte GMERem.

[pettr]

Takže GMERlogy, skenoval velice dlouho

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-16 20:19:49
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD600BB-00CAA1 rev.17.07W17
Running: gmer.exe; Driver: C:\DOCUME~1\Petr\LOCALS~1\Temp\pxecrfow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF2986BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF2986A5D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF29DE902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-16 21:31:23
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD600BB-00CAA1 rev.17.07W17
Running: gmer.exe; Driver: C:\DOCUME~1\Petr\LOCALS~1\Temp\pxecrfow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF2962202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF29C8CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF29866C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF296481C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF2964874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF296498A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF2986075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF2964772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF29648C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF29647C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF2964938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF2962226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF2986D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF298703D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF2964C0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF2986BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF2986A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF29C8D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF2961FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF296224A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF2964D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF2962CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF296484C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF296489C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF29649B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF29863D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF296479E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF2964A46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF2964904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF29647F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF2964B2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF2964962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF29C8DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF29868D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF2962BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF298672A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF29D1E48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF29856E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF296226E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF2962292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF296204A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF2962186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF2986E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF2962162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF29621AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF29622B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF29DE902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 37C 804E29D8 4 Bytes CALL C540C233

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\ctfmon.exe[180] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[180] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[180] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[180] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[180] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00371014
.text C:\WINDOWS\system32\ctfmon.exe[180] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\ctfmon.exe[180] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\ctfmon.exe[180] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00370C0C
.text C:\WINDOWS\system32\ctfmon.exe[180] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00370E10
.text C:\WINDOWS\system32\ctfmon.exe[180] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\ctfmon.exe[180] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\ctfmon.exe[180] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\ctfmon.exe[180] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\ctfmon.exe[180] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\ctfmon.exe[180] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\ctfmon.exe[180] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\ctfmon.exe[180] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003803FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[200] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[200] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[200] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[200] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[200] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003E1014
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[200] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003E0804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[200] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003E0A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[200] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003E0C0C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[200] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003E0E10
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[200] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003E01F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[200] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003E03FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[200] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003E0600
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[200] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 003F0A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[200] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 003F0804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[200] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 003F0600
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[200] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003F01F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[200] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003F03FC
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[472] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[472] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[472] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[472] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[472] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003F1014
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[472] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003F0804
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[472] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003F0A08
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[472] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003F0C0C
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[472] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003F0E10
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[472] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003F01F8
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[472] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003F03FC
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[472] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003F0600
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[472] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 004C0A08
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[472] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 004C0804
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[472] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 004C0600
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[472] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 004C01F8
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[472] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 004C03FC
.text C:\WINDOWS\System32\smss.exe[516] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[580] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[584] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[584] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[584] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[584] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[584] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\Java\jre6\bin\jqs.exe[584] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[584] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[584] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[584] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[584] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[584] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[584] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[584] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 003E0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[584] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 003E0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[584] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 003E0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[584] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003E01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[584] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[648] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[648] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[648] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[648] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\services.exe[648] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[648] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[648] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[648] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[648] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[660] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[660] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[660] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[820] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[820] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[820] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[820] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[820] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[864] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[864] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[864] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[864] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[864] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[864] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[864] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[864] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text D:\_Downloaded files\GMER_2\gmer.exe[892] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text D:\_Downloaded files\GMER_2\gmer.exe[892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text D:\_Downloaded files\GMER_2\gmer.exe[892] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text D:\_Downloaded files\GMER_2\gmer.exe[892] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text D:\_Downloaded files\GMER_2\gmer.exe[892] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 3 Bytes JMP 009B1014
.text D:\_Downloaded files\GMER_2\gmer.exe[892] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E26BE5 1 Byte [88]
.text D:\_Downloaded files\GMER_2\gmer.exe[892] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 009B0804
.text D:\_Downloaded files\GMER_2\gmer.exe[892] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 009B0A08
.text D:\_Downloaded files\GMER_2\gmer.exe[892] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 009B0C0C
.text D:\_Downloaded files\GMER_2\gmer.exe[892] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 009B0E10
.text D:\_Downloaded files\GMER_2\gmer.exe[892] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 009B01F8
.text D:\_Downloaded files\GMER_2\gmer.exe[892] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 009B03FC
.text D:\_Downloaded files\GMER_2\gmer.exe[892] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 009B0600
.text D:\_Downloaded files\GMER_2\gmer.exe[892] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 009C0A08
.text D:\_Downloaded files\GMER_2\gmer.exe[892] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 009C0804
.text D:\_Downloaded files\GMER_2\gmer.exe[892] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 009C0600
.text D:\_Downloaded files\GMER_2\gmer.exe[892] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 009C01F8
.text D:\_Downloaded files\GMER_2\gmer.exe[892] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 009C03FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[904] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[904] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[904] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[904] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[904] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\Google\Update\GoogleUpdate.exe[904] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[904] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[904] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[904] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\Google\Update\GoogleUpdate.exe[904] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[904] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[904] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[904] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 003E0A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[904] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 003E0804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[904] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 003E0600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[904] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003E01F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[904] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003E03FC
.text C:\WINDOWS\System32\svchost.exe[932] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[932] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[932] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[932] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]

[pettr]

.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\Explorer.EXE[1300] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1300] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1300] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1300] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1300] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00371014
.text C:\WINDOWS\Explorer.EXE[1300] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00370804
.text C:\WINDOWS\Explorer.EXE[1300] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00370A08
.text C:\WINDOWS\Explorer.EXE[1300] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00370C0C
.text C:\WINDOWS\Explorer.EXE[1300] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00370E10
.text C:\WINDOWS\Explorer.EXE[1300] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003701F8
.text C:\WINDOWS\Explorer.EXE[1300] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003703FC
.text C:\WINDOWS\Explorer.EXE[1300] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00370600
.text C:\WINDOWS\Explorer.EXE[1300] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00380A08
.text C:\WINDOWS\Explorer.EXE[1300] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00380804
.text C:\WINDOWS\Explorer.EXE[1300] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00380600
.text C:\WINDOWS\Explorer.EXE[1300] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003801F8
.text C:\WINDOWS\Explorer.EXE[1300] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003803FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1380] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1380] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1380] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[1388] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\wdfmgr.exe[1388] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[1388] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\wdfmgr.exe[1388] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[1388] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\wdfmgr.exe[1388] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\wdfmgr.exe[1388] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\wdfmgr.exe[1388] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\wdfmgr.exe[1388] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\wdfmgr.exe[1388] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\wdfmgr.exe[1388] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\wdfmgr.exe[1388] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\wdfmgr.exe[1388] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\wdfmgr.exe[1388] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\wdfmgr.exe[1388] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\wdfmgr.exe[1388] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\wdfmgr.exe[1388] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\spoolsv.exe[1840] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1840] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1840] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1840] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1840] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\spoolsv.exe[1840] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\spoolsv.exe[1840] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\spoolsv.exe[1840] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1840] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\spoolsv.exe[1840] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\spoolsv.exe[1840] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\spoolsv.exe[1840] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\spoolsv.exe[1840] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[1840] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[1840] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\spoolsv.exe[1840] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[1840] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\atiptaxx.exe[2008] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\atiptaxx.exe[2008] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\atiptaxx.exe[2008] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\atiptaxx.exe[2008] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\WINDOWS\system32\atiptaxx.exe[2008] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003C1014
.text C:\WINDOWS\system32\atiptaxx.exe[2008] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003C0804
.text C:\WINDOWS\system32\atiptaxx.exe[2008] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003C0A08
.text C:\WINDOWS\system32\atiptaxx.exe[2008] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003C0C0C
.text C:\WINDOWS\system32\atiptaxx.exe[2008] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003C0E10
.text C:\WINDOWS\system32\atiptaxx.exe[2008] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003C01F8
.text C:\WINDOWS\system32\atiptaxx.exe[2008] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003C03FC
.text C:\WINDOWS\system32\atiptaxx.exe[2008] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003C0600
.text C:\WINDOWS\system32\atiptaxx.exe[2008] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\atiptaxx.exe[2008] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\atiptaxx.exe[2008] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\atiptaxx.exe[2008] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\atiptaxx.exe[2008] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003D03FC
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2036] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2036] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2044] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2044] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2044] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2044] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2044] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003E1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2044] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003E0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2044] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003E0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2044] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003E0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2044] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003E0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2044] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003E01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2044] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003E03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2044] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003E0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2044] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 003F0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2044] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 003F0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2044] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 003F0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2044] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003F01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2044] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003F03FC
.text C:\WINDOWS\System32\alg.exe[2404] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2404] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2404] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2404] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2404] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\alg.exe[2404] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\alg.exe[2404] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\alg.exe[2404] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\alg.exe[2404] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\alg.exe[2404] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\alg.exe[2404] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\alg.exe[2404] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\alg.exe[2404] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\alg.exe[2404] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\alg.exe[2404] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\alg.exe[2404] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\alg.exe[2404] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\wscntfy.exe[2428] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wscntfy.exe[2428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2428] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wscntfy.exe[2428] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2428] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\wscntfy.exe[2428] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\wscntfy.exe[2428] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\wscntfy.exe[2428] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\wscntfy.exe[2428] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\wscntfy.exe[2428] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00321014
.text C:\WINDOWS\system32\wscntfy.exe[2428] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\wscntfy.exe[2428] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\wscntfy.exe[2428] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00320C0C
.text C:\WINDOWS\system32\wscntfy.exe[2428] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00320E10
.text C:\WINDOWS\system32\wscntfy.exe[2428] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\wscntfy.exe[2428] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\wscntfy.exe[2428] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00320600
.text D:\_Downloaded files\TRANSLAT\WDICT32.EXE[2452] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000801F8
.text D:\_Downloaded files\TRANSLAT\WDICT32.EXE[2452] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text D:\_Downloaded files\TRANSLAT\WDICT32.EXE[2452] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000803FC
.text D:\_Downloaded files\TRANSLAT\WDICT32.EXE[2452] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text D:\_Downloaded files\TRANSLAT\WDICT32.EXE[2452] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00310A08
.text D:\_Downloaded files\TRANSLAT\WDICT32.EXE[2452] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00310804
.text D:\_Downloaded files\TRANSLAT\WDICT32.EXE[2452] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00310600
.text D:\_Downloaded files\TRANSLAT\WDICT32.EXE[2452] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003101F8
.text D:\_Downloaded files\TRANSLAT\WDICT32.EXE[2452] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003103FC
.text D:\_Downloaded files\TRANSLAT\WDICT32.EXE[2452] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00321014
.text D:\_Downloaded files\TRANSLAT\WDICT32.EXE[2452] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00320804
.text D:\_Downloaded files\TRANSLAT\WDICT32.EXE[2452] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00320A08
.text D:\_Downloaded files\TRANSLAT\WDICT32.EXE[2452] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00320C0C
.text D:\_Downloaded files\TRANSLAT\WDICT32.EXE[2452] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00320E10
.text D:\_Downloaded files\TRANSLAT\WDICT32.EXE[2452] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003201F8
.text D:\_Downloaded files\TRANSLAT\WDICT32.EXE[2452] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003203FC
.text D:\_Downloaded files\TRANSLAT\WDICT32.EXE[2452] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00320600
.text C:\totalcmd\TOTALCMD.EXE[2840] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\totalcmd\TOTALCMD.EXE[2840] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\totalcmd\TOTALCMD.EXE[2840] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\totalcmd\TOTALCMD.EXE[2840] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\totalcmd\TOTALCMD.EXE[2840] advapi32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00311014
.text C:\totalcmd\TOTALCMD.EXE[2840] advapi32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00310804
.text C:\totalcmd\TOTALCMD.EXE[2840] advapi32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00310A08
.text C:\totalcmd\TOTALCMD.EXE[2840] advapi32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00310C0C
.text C:\totalcmd\TOTALCMD.EXE[2840] advapi32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00310E10
.text C:\totalcmd\TOTALCMD.EXE[2840] advapi32.dll!CreateServiceA 77E27071 5 Bytes JMP 003101F8
.text C:\totalcmd\TOTALCMD.EXE[2840] advapi32.dll!CreateServiceW 77E27209 5 Bytes JMP 003103FC
.text C:\totalcmd\TOTALCMD.EXE[2840] advapi32.dll!DeleteService 77E27311 5 Bytes JMP 00310600
.text C:\totalcmd\TOTALCMD.EXE[2840] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00320A08
.text C:\totalcmd\TOTALCMD.EXE[2840] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00320804
.text C:\totalcmd\TOTALCMD.EXE[2840] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00320600
.text C:\totalcmd\TOTALCMD.EXE[2840] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003201F8
.text C:\totalcmd\TOTALCMD.EXE[2840] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003203FC
.text C:\Program Files\IncrediMail\bin\IMApp.exe[3028] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\IncrediMail\bin\IMApp.exe[3028] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\IncrediMail\bin\IMApp.exe[3028] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\IncrediMail\bin\IMApp.exe[3028] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\Program Files\IncrediMail\bin\IMApp.exe[3028] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00441014
.text C:\Program Files\IncrediMail\bin\IMApp.exe[3028] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00440804
.text C:\Program Files\IncrediMail\bin\IMApp.exe[3028] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00440A08
.text C:\Program Files\IncrediMail\bin\IMApp.exe[3028] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00440C0C
.text C:\Program Files\IncrediMail\bin\IMApp.exe[3028] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00440E10
.text C:\Program Files\IncrediMail\bin\IMApp.exe[3028] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 004401F8
.text C:\Program Files\IncrediMail\bin\IMApp.exe[3028] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 004403FC
.text C:\Program Files\IncrediMail\bin\IMApp.exe[3028] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00440600
.text C:\Program Files\IncrediMail\bin\IMApp.exe[3028] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00450A08
.text C:\Program Files\IncrediMail\bin\IMApp.exe[3028] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00450804
.text C:\Program Files\IncrediMail\bin\IMApp.exe[3028] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00450600
.text C:\Program Files\IncrediMail\bin\IMApp.exe[3028] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 004501F8
.text C:\Program Files\IncrediMail\bin\IMApp.exe[3028] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 004503FC
.text C:\Program Files\Opera\opera.exe[3080] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Opera\opera.exe[3080] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Opera\opera.exe[3080] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Opera\opera.exe[3080] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\Program Files\Opera\opera.exe[3080] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 003D0A08
.text C:\Program Files\Opera\opera.exe[3080] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 003D0804
.text C:\Program Files\Opera\opera.exe[3080] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 003D0600
.text C:\Program Files\Opera\opera.exe[3080] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003D01F8
.text C:\Program Files\Opera\opera.exe[3080] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003D03FC
.text C:\Program Files\Opera\opera.exe[3080] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003E1014
.text C:\Program Files\Opera\opera.exe[3080] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003E0804
.text C:\Program Files\Opera\opera.exe[3080] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003E0A08
.text C:\Program Files\Opera\opera.exe[3080] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003E0C0C
.text C:\Program Files\Opera\opera.exe[3080] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003E0E10
.text C:\Program Files\Opera\opera.exe[3080] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003E01F8
.text C:\Program Files\Opera\opera.exe[3080] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003E03FC
.text C:\Program Files\Opera\opera.exe[3080] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\NOTEPAD.EXE[3128] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\NOTEPAD.EXE[3128] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\NOTEPAD.EXE[3128] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\NOTEPAD.EXE[3128] kernel32.dll!GetBinaryTypeW + 80 7C867C1C 1 Byte [62]
.text C:\WINDOWS\system32\NOTEPAD.EXE[3128] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\NOTEPAD.EXE[3128] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\NOTEPAD.EXE[3128] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\NOTEPAD.EXE[3128] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\NOTEPAD.EXE[3128] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\NOTEPAD.EXE[3128] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\NOTEPAD.EXE[3128] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\NOTEPAD.EXE[3128] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\NOTEPAD.EXE[3128] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\NOTEPAD.EXE[3128] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\NOTEPAD.EXE[3128] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\NOTEPAD.EXE[3128] USER32.dll!SetWinEventHook 7E3817B7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\NOTEPAD.EXE[3128] USER32.dll!UnhookWinEvent 7E38186C 5 Bytes JMP 003103FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[648] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00620002
IAT C:\WINDOWS\system32\services.exe[648] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00620000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

[Danstahr]

Opakujte prosím tento krok :

• Stáhněte SWReg, uložte jej přímo na disk C!
• Na stránce http://tinyurl.com/653f7oz vložte do okna následující skript, přepněte nahoře přepínač na .bat, pojmenování zvolte libovolné a stiskněte tlačítko OK. Stažený soubor spusťte, zůstane zobrazené okno, jeho obsah (klidně screenshot) sem vložte.

  Kód: Vybrat vše

  c:\swreg.exe ACL "HKLM\SYSTEM\CurrentControlSet\Control\Services\wuauserv" /RESET /Q
  c:\swreg.exe ACL "HKLM\SYSTEM\CurrentControlSet\Control\Services\BITS" /RESET /Q

• Na stránce http://tinyurl.com/653f7oz vložte do okna následující skript, pojmenování zvolte libovolné a stiskněte tlačítko OK. Stažený soubor spusťte a přidání informací do registru potvrďte.

  Kód: Vybrat vše

  Windows Registry Editor Version 5.00
  
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS]
  "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
    72,00,6F,00,6F,00,74,00,25,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
    33,00,32,00,5C,00,73,00,76,00,63,00,68,00,6F,00,73,00,74,00,2E,00,65,00,\
    78,00,65,00,20,00,2D,00,6B,00,20,00,6E,00,65,00,74,00,73,00,76,00,63,00,\
    73,00,00,00
  "Type"=dword:00000020
  "Start"=dword:00000002
  "ErrorControl"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv]
  "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
    72,00,6F,00,6F,00,74,00,25,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
    33,00,32,00,5C,00,73,00,76,00,63,00,68,00,6F,00,73,00,74,00,2E,00,65,00,\
    78,00,65,00,20,00,2D,00,6B,00,20,00,6E,00,65,00,74,00,73,00,76,00,63,00,\
    73,00,00,00
  "Type"=dword:00000020
  "Start"=dword:00000002
  "ErrorControl"=dword:00000001

• Na stránce http://tinyurl.com/653f7oz vložte do okna následující skript, přepněte nahoře přepínač na .bat, pojmenování zvolte libovolné a stiskněte tlačítko OK. Stažený soubor spusťte, problikne černé okno a otevře se poznámkový blok s logem.

  Kód: Vybrat vše

  net stop wuauserv >> "%userprofile%\plocha\kontrola.txt"
  net STOP BITS >> "%userprofile%\plocha\kontrola.txt"
  
  net start wuauserv >> "%userprofile%\plocha\kontrola.txt"
  net start BITS >> "%userprofile%\plocha\kontrola.txt"
  
  start notepad "%userprofile%\plocha\kontrola.txt"

Poté sem prosím vložte oba požadované výstupy.

[pettr]

1.kolo- okno proběhlo, zmizelo
2.kolo nejde zapsat do registů, hláška v přiloze printscr.jpg