VIRY.CZ

Logfile of random's system information tool 1.09 (written by random/random)
Run by oem at 2011-08-08 18:13:47
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 29 GB (12%) free of 238 GB
Total RAM: 2047 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:14:04, on 8.8.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\WTClient.exe
C:\windows\system32\resent.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\rsit\RSIT.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\oem.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [ReSent] c:\windows\system32\resent.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/sh ... Loader.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB2A7072-CF60-43F1-BED4-EC1D5BCF930C}: NameServer = 81.0.255.140,84.19.64.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Update Service (gupdate1c98c7ef0a18a3a) (gupdate1c98c7ef0a18a3a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
O23 - Service: SMART Display Controller - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe
O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 9102 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\oem\Data aplikací\Mozilla\Firefox\Profiles\vvabtshw.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{097d3191-e6fa-4728-9826-b533d755359d}:0.7.13, {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1, udelatko@shabbi.cz:2.8.5, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"
prefs.js - "keyword.URL" - "http://search.qip.ru/search?from=FF&query="

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1]
"Description"=Rhapsody Control
"Path"=C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@unity3d.com/UnityPlayer]
"Description"=Unity Player 2.0.2f2
"Path"=C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt
nsRLCT4Player.xpt

C:\Program Files\Mozilla Firefox\plugins\
CrazyTalk4Native.dll
ctdomemhelper.dll
ctframeplayerobject.dll
ctplayerobject.dll
imagickrt.dll
np-mswmp.dll
npdeploytk.dll
npmusicn.dll
NPOFFICE.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
npRLCT4Player.dll
nprpjplug.dll
QuickTimePlugin.class
rlcontentclass.dll
RLMusicPacker.dll
RLMusicUnpacker.dll
RLVoicePacker.dll
RLVoiceUnpacker.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\oem\Data aplikací\Mozilla\Firefox\Profiles\vvabtshw.default\extensions\
udelatko@shabbi.cz

C:\Documents and Settings\oem\Data aplikací\Mozilla\Firefox\Profiles\vvabtshw.default\searchplugins\
askcom.xml
qipsearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67BCF957-85FC-4036-8DC4-D4D80E00A77B}]
CIEDownload Object - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll [2010-07-16 247184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-02 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-12-19 16062464]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
""= []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"WTClient"=C:\WINDOWS\system32\WTClient.exe [2009-08-19 32768]
"ReSent"=c:\windows\system32\resent.exe [2008-10-28 432128]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Rychlé spuštění aplikace HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

C:\Documents and Settings\oem\Nabídka Start\Programy\Po spuštění
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Codemasters\DiRT\DiRT.exe"="C:\Program Files\Codemasters\DiRT\DiRT.exe:*:Enabled:DiRT Executable"
"C:\Program Files\Microsoft Games\Rise of Nations\rise.exe"="C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations"
"D:\BitLord\BitLord.exe"="D:\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Microsoft Games\Rise of Nations\nations.exe"="C:\Program Files\Microsoft Games\Rise of Nations\nations.exe:*:Enabled:Rise of Nations"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Ubisoft\Heroes of Might and Magic V\bin\H5_Game.exe"="C:\Program Files\Ubisoft\Heroes of Might and Magic V\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"C:\Program Files\Take2\Hidden and Dangerous Deluxe\bin\hde.exe"="C:\Program Files\Take2\Hidden and Dangerous Deluxe\bin\hde.exe:*:Enabled:hde"
"I:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="I:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"I:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="I:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"I:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="I:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"E:\EasySetupAssistant\TD-8840_8841\fscommand\EasySetupAssistant.exe"="E:\EasySetupAssistant\TD-8840_8841\fscommand\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\SMART Technologies\SMART Product Drivers\UCGui.exe"="C:\Program Files\SMART Technologies\SMART Product Drivers\UCGui.exe:*:Enabled:SMART Universal Controller Interface"
"C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe"="C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe:*:Enabled:SMART SNMPAgent"
"C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe"="C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe:*:Enabled:SMART Universal Controller Service"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Microsoft Research\Microsoft WorldWide Telescope\WWTExplorer.exe"="C:\Program Files\Microsoft Research\Microsoft WorldWide Telescope\WWTExplorer.exe:*:Enabled:WorldWide Telescope"
"C:\Program Files\Xi\NetXfer\NetTransport.exe"="C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=Ir32_32.dll
"vidc.iv32"=Ir32_32.dll
"vidc.iv41"=Ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.i263"=i263_32.drv
"msacm.imc"=imc32.acm
"VIDC.wmv3"=wmv9vcm.dll
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"msacm.l3fhg"=mp3fhg.acm
"msacm.divxa32"=divxa32.acm
"msacm.vorbis"=vorbis.acm
"VIDC.X264"=x264vfw.dll
"VIDC.DIVX"=divx.dll
"VIDC.VP60"=vp6vfw.dll
"VIDC.VP61"=vp6vfw.dll
"VIDC.VP62"=vp6vfw.dll
"VIDC.VP70"=vp7vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.HFYU"=huffyuv.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave5"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux2"=wdmaud.drv
"vidc.mjpg"=pvmjpg30.dll
"VIDC.CSCD"=camcodec.dll
"vidc.tscc"=tsccvid.dll

======List of files/folders created in the last 1 month======

2011-07-23 11:54:40 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-23 11:54:40 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-23 11:54:38 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-23 11:54:38 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-23 11:54:38 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-23 11:54:38 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-23 11:54:38 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-23 11:54:38 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-23 11:54:28 ----A---- C:\WINDOWS\avastSS.scr
2011-07-23 11:54:27 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-23 11:54:19 ----D---- C:\Program Files\AVAST Software
2011-07-23 11:54:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-07-17 10:46:27 ----D---- C:\Documents and Settings\oem\Data aplikací\Dexpot

======List of files/folders modified in the last 1 month======

2011-08-08 18:13:53 ----D---- C:\Program Files\trend micro
2011-08-08 18:13:47 ----D---- C:\rsit
2011-08-08 18:11:10 ----D---- C:\WINDOWS\temp
2011-08-08 18:10:11 ----D---- C:\WINDOWS
2011-08-08 18:07:42 ----D---- C:\WINDOWS\Prefetch
2011-08-08 17:59:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-07 11:21:17 ----SHD---- C:\WINDOWS\Installer
2011-08-04 16:41:08 ----D---- C:\WINDOWS\system32
2011-08-04 16:41:08 ----D---- C:\Program Files\Opera
2011-07-26 19:19:50 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-26 09:42:38 ----A---- C:\Diagnostics.txt
2011-07-23 13:55:23 ----D---- C:\Program Files\ESET
2011-07-23 12:29:01 ----A---- C:\WINDOWS\wincmd.ini
2011-07-23 11:56:46 ----D---- C:\Program Files\Google
2011-07-23 11:54:40 ----D---- C:\WINDOWS\system32\drivers
2011-07-23 11:54:35 ----D---- C:\WINDOWS\WinSxS
2011-07-23 11:54:35 ----D---- C:\Config.Msi
2011-07-23 11:54:19 ----D---- C:\Program Files
2011-07-21 07:40:32 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-08-21 105344]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc); C:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc); C:\WINDOWS\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\Drivers\PxHelp20.sys [2006-11-02 36624]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-01-15 685816]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-01-15 278984]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-26 15440]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-01-15 25416]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-12-21 4405248]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-24 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-09-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-09-11 19968]
R3 PTSimBus;PenTablet Bus Enumerator; C:\WINDOWS\system32\DRIVERS\PTSimBus.sys [2009-06-22 23208]
R3 PTSimHid;PenTablet Simulated HID MiniDriver; C:\WINDOWS\system32\DRIVERS\PTSimHid.sys [2009-06-22 14504]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio; C:\WINDOWS\system32\DRIVERS\RLVrtAuCbl.sys [2007-03-19 31616]
R3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2009-06-22 23208]
R3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2009-06-22 19624]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys []
S0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys []
S1 glaide32;glaide32; \??\C:\WINDOWS\system32\drivers\glaide32.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 an3rom2w;an3rom2w; C:\WINDOWS\system32\drivers\an3rom2w.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\oem\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-07-05 25280]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-02 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 SMART Board Service;Služba SMART Board; C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe [2010-07-15 5350288]
R2 SMART Display Controller;SMART Display Controller; C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe [2010-07-15 844688]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 WinTabService;WinTab Service; C:\WINDOWS\System32\Drivers\WTSRV.EXE [2009-09-23 73728]
S2 gupdate1c98c7ef0a18a3a;Google Update Service (gupdate1c98c7ef0a18a3a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc); C:\WINDOWS\system32\pr2ah4nc.exe [2007-05-18 407152]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service; C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [2010-07-15 1662352]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------

Dobrý večer
Aktualizace Service Pack 3 + IE 8
Odinstalovat Spybot - Search & Destroy

Spustíme si HijackThis (Pokud nenajdeme nebo nemáme,tak stáhneme ZDE )

• Dále klikneme na tlačítko Do a system scan only
• Najdeme a označíme následující položky:
  

  Kód: Vybrat vše

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
  R3 - URLSearchHook: (no name) - - (no file)
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
  O4 - HKLM\..\Run: [ReSent] c:\windows\system32\resent.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
  

• klikneme na položku Fix checked a potvrdíme tlačítkem Ano

Otevřeme si Služby

• Stiskněte klávesovou kombinaci WIN+R( nebo start-spustit ),čímž se vám otevře okno pro zadání příkazu pro spuštění. Zkopírujte a vložte sem následujíci text: services.msc a dejte enter
• Otevře se vám okno se službami vašeho pc,najděte následující služby,dvojklikem rozklikněte,klikneme na Zastavit a dále nastavte Typ spuštění:Zakázano
  

  Kód: Vybrat vše

  Java Quick Starter
  Google Update Service (gupdate1c98c7ef0a18a3a)
  Služba Google Update (gupdatem)
  

Malwarebytes' Anti-Malware

• Stáhneme,nainstalujeme a spustíme(pokud si nevíte rady jak,klikněte ZDE)
• Vybereme Úplná kontrola a klikneme na tlačítko Prohledat
• Program provede kontrolu počítače a na konci se vám objeví hláska,že bylo skenování dokončeno,tak potvrdíme tlačítkem OK
• Objeví se vám log,který mi sem vložte
• NIC NEMAZAT!!Program mívá občas falešné detekce,takže mazat budeme až po konzultaci

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

8.8.2011 21:42:46
mbam-log-2011-08-08 (21-42-41).txt

Typ: Úplná kontrola (C:\|D:\|)
Kontrolované objekty: 332395
Uplynulý čas: 1 hodin, 3 minut, 32 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\glaide32 (Rootkit.Rustock) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\oem\data aplikací\wiaserva.log (Malware.Trace) -> No action taken.

Nalazené položky smazat máme v pc asi rootkit,tak jdeme na něj

Existuje tento soubor? c:\windows\system32\resent.exe Pokud ano,tak..

Ověřte tento soubor na VIRUSTOTAL

• klikneme na "Procházet" a do zadávacího pole "Název souboru" jen zkopírujeme(pokud nepůjde tak najdeme tento soubor):

  Kód: Vybrat vše

  c:\windows\system32\resent.exe
  

• soubor odešleme tak,že klikneme na "Send file" (pokud byl již testován, nechte testovat znovu - Reanalyse)
• Trpělivě vyčkej dokončení scanu dokud se neobjeví konečný výsledek např.0/41
• Do fóra zkopíruj výsledný log. nebo odkaz z adresního řádku na stránku.

Stáhněte SPTD

• Vyberte si verzi svého operačního systému,jestli máte 32 bitů nebo 64 bitů
• Stáhněte si program na plochu a spuste
• Zvolte možnost Uninstall,poté restartujte PC (Kdyby nešlo na tlačítko Uninstall kliknou a bylo šedé,tak tento krok přeskočte

Stáhněte Defogger

• Stáhněte si program a uložte na plochu
• Spuste program
• Kliknete na tlačítko Disable,poté restartujte PC(Kdyby nešlo na tlačítko Disable kliknou a bylo šedé,tak tento krok přeskočte

Udělejte logy z GMERu dle návodu: http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

http://www.virustotal.com/file-scan/rep ... 1312870520

MER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-09 08:36:42
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\0000007e ST3250410AS rev.3.AAC
Running: gmer.exe; Driver: C:\DOCUME~1\oem\LOCALS~1\Temp\kwndaaoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB6A70BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB6A70A5D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB6AF0398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-09 12:09:17
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\0000007e ST3250410AS rev.3.AAC
Running: gmer.exe; Driver: C:\DOCUME~1\oem\LOCALS~1\Temp\kwndaaoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB6A4C202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB6ADAD8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB6A706C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB6A4E7F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB6A4E848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB6A4E95E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB6A70075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB6A4E746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB6A4E898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB6A4E79A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB6A4E90C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB6A4C226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB6A70D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB6A7103D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB6A4EBE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB6A70BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB6A70A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB6ADAE3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB6A4BFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB6A4C24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB6A4ED56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB6A4CCDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB6A4E820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB6A4E870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB6A4E988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB6A703D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB6A4E772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB6A4EA1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB6A4E8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB6A4E7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB6A4EAFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB6A4E936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB6ADAED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB6A708D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB6A4CBA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB6A7072A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB6AE310E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB6A6F6E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB6A4C26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB6A4C292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB6A4C04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB6A4C186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB6A70E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB6A4C162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB6A4C1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB6A4C2B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB6AF0398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2BCC 805037CC 4 Bytes JMP BDE4EE75
.text ntkrnlpa.exe!ZwCallbackReturn + 2BFC 805037FC 8 Bytes [98, E8, A4, B6, 9A, E7, A4, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C0C 8050380C 4 Bytes JMP F932EEB5
.text ntkrnlpa.exe!ZwCallbackReturn + 2CFC 805038FC 8 Bytes [20, E8, A4, B6, 70, E8, A4, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D08 80503908 4 Bytes JMP BF6AEFB1
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A4ECC 4 Bytes CALL B6A4D335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAEDA 5 Bytes JMP B6AEBD4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C1810 5 Bytes JMP B6AED7F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CF966 7 Bytes JMP B6AF039C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.xreloc C:\WINDOWS\system32\drivers\ps6ah4nc.sys unknown last section [0xBA767000, 0x998, 0x40000040]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB94E3380, 0x346307, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF80BA4F 5 Bytes JMP B6A4FCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF810175 5 Bytes JMP B6A4FBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 92C BF827A40 5 Bytes JMP B6A4EF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + D80 BF83331E 5 Bytes JMP B6A4FE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 7717 BF839CB5 5 Bytes JMP B6A50014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 112EA BF843888 5 Bytes JMP B6A4EE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 5509 BF849B03 5 Bytes JMP B6A4F03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 1437 BF854BF4 5 Bytes JMP B6A4FB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1036 BF857AD0 5 Bytes JMP B6A4FD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 62A3 BF87FFC9 5 Bytes JMP B6A4F180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 632C BF880052 5 Bytes JMP B6A4F326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 70B0 BF880DD6 5 Bytes JMP B6A4EE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 245E BF884C65 5 Bytes JMP B6A4FF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_hGetColorTransform + AFDD BF89F83F 5 Bytes JMP B6A4F2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4E4C BF8CEEE3 5 Bytes JMP B6A4ED8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + A434 BF8DAA77 5 Bytes JMP B6A4FBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 77D BF8FAF04 5 Bytes JMP B6A4EFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 58C BF908B12 5 Bytes JMP B6A4F0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 80C BF908D92 5 Bytes JMP B6A4F0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1993 BF911AD9 5 Bytes JMP B6A4EEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2567 BF9126AD 5 Bytes JMP B6A4F008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EC1 BF915007 5 Bytes JMP B6A4F440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 191E BF94290C 5 Bytes JMP B6A4FECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB6194300, 0x3AE88, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBAC70300, 0x1B7E, 0xE8000020]
pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xB5F8CF00, 0x24000, 0x48000000]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[504] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[504] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[504] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[504] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[504] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\spoolsv.exe[504] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\spoolsv.exe[504] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\spoolsv.exe[504] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\spoolsv.exe[504] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\spoolsv.exe[504] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\spoolsv.exe[504] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\spoolsv.exe[504] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\spoolsv.exe[504] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[504] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[504] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[504] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[504] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[688] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[688] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[688] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[688] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[688] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[688] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[688] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[688] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[688] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[688] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[688] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[688] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[688] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[688] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[688] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[688] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[688] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[704] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000D01F8
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[704] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[704] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000D03FC
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[704] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[704] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00361014
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[704] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00360804
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[704] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00360A08
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[704] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00360C0C
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[704] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00360E10
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[704] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003601F8
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[704] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003603FC
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[704] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00360600
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[704] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003701F8
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[704] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003703FC
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[704] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00370804
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[704] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00370A08
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[704] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\nvsvc32.exe[864] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\nvsvc32.exe[864] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[864] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\nvsvc32.exe[864] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[864] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\WINDOWS\system32\nvsvc32.exe[864] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\WINDOWS\system32\nvsvc32.exe[864] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\WINDOWS\system32\nvsvc32.exe[864] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\WINDOWS\system32\nvsvc32.exe[864] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\WINDOWS\system32\nvsvc32.exe[864] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\WINDOWS\system32\nvsvc32.exe[864] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\nvsvc32.exe[864] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\nvsvc32.exe[864] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\system32\nvsvc32.exe[864] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\WINDOWS\system32\nvsvc32.exe[864] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\nvsvc32.exe[864] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\nvsvc32.exe[864] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\WINDOWS\System32\smss.exe[952] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1012] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1012] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1036] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1036] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1036] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\winlogon.exe[1036] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[1036] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[1036] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[1036] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[1036] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[1092] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1092] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1092] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1092] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\services.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\services.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\services.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\services.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\services.exe[1092] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\services.exe[1092] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\services.exe[1092] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\services.exe[1092] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[1092] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[1092] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[1092] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[1092] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[1104] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1104] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1104] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1104] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\lsass.exe[1104] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\lsass.exe[1104] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[1104] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[1104] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[1104] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[1104] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe[1384] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe[1384] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe[1384] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 01471014
.text C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 01470804
.text C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 01470A08
.text C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 01470C0C
.text C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 01470E10
.text C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe[1384] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 014701F8
.text C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe[1384] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 014703FC
.text C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe[1384] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 01470600
.text C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe[1384] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 014801F8
.text C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe[1384] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 014803FC
.text C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe[1384] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 01480804
.text C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe[1384] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 01480A08
.text C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe[1384] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 01480600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00731014
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00730804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00730A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00730C0C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00730E10
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 007301F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 007303FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00730600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] USER32.dll!SetWindowLongA 77D3DED3 5 Bytes JMP 1068EDA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] USER32.dll!SetWindowLongW 77D3DEF1 5 Bytes JMP 1068ED38 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] USER32.dll!GetWindowInfo 77D3F122 5 Bytes JMP 104A5451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 007401F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 007403FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00740804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00740A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00740600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1428] USER32.dll!TrackPopupMenu 77D84F16 5 Bytes JMP 104A5A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\System32\svchost.exe[1464] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1464] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1464] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[1464] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[1464] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1464] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[1464] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[1464] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe[1528] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe[1528] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe[1528] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe[1528] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe[1528] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 005001F8
.text C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe[1528] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 005003FC
.text C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe[1528] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00500804
.text C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe[1528] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00500A08
.text C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe[1528] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00500600
.text C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe[1528] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00511014
.text C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe[1528] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00510804
.text C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe[1528] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00510A08
.text

C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe[1528] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00510C0C
.text C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe[1528] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00510E10
.text C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe[1528] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 005101F8
.text C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe[1528] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 005103FC
.text C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe[1528] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00510600
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1564] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000D01F8
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1564] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1564] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000D03FC
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1564] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1564] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00351014
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1564] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00350804
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1564] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00350A08
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1564] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00350C0C
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1564] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00350E10
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1564] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003501F8
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1564] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003503FC
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1564] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00350600
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1564] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003601F8
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1564] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003603FC
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1564] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00360804
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1564] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00360A08
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1564] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00360600
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1576] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1576] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1576] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1576] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1576] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1628] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1628] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1628] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1628] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1628] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1628] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1628] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1628] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1628] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1628] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1628] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1628] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1628] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1628] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1628] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1628] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1628] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1812] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1812] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\WTClient.exe[2456] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\WTClient.exe[2456] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\WTClient.exe[2456] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\WTClient.exe[2456] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\WTClient.exe[2456] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\WINDOWS\system32\WTClient.exe[2456] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\WINDOWS\system32\WTClient.exe[2456] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\WINDOWS\system32\WTClient.exe[2456] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\WINDOWS\system32\WTClient.exe[2456] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\WINDOWS\system32\WTClient.exe[2456] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\WINDOWS\system32\WTClient.exe[2456] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\WTClient.exe[2456] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\WTClient.exe[2456] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\system32\WTClient.exe[2456] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\WINDOWS\system32\WTClient.exe[2456] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\WTClient.exe[2456] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\WTClient.exe[2456] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\WINDOWS\Explorer.EXE[2484] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[2484] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2484] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[2484] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2484] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00371014
.text C:\WINDOWS\Explorer.EXE[2484] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00370804
.text C:\WINDOWS\Explorer.EXE[2484] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00370A08
.text C:\WINDOWS\Explorer.EXE[2484] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00370C0C
.text C:\WINDOWS\Explorer.EXE[2484] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00370E10
.text C:\WINDOWS\Explorer.EXE[2484] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003701F8
.text C:\WINDOWS\Explorer.EXE[2484] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003703FC
.text C:\WINDOWS\Explorer.EXE[2484] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00370600
.text C:\WINDOWS\Explorer.EXE[2484] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003801F8
.text C:\WINDOWS\Explorer.EXE[2484] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003803FC
.text C:\WINDOWS\Explorer.EXE[2484] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00380804
.text C:\WINDOWS\Explorer.EXE[2484] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00380A08
.text C:\WINDOWS\Explorer.EXE[2484] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\alg.exe[2540] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2540] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2540] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2540] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2540] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\alg.exe[2540] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\alg.exe[2540] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\alg.exe[2540] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\alg.exe[2540] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\alg.exe[2540] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\alg.exe[2540] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\alg.exe[2540] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\alg.exe[2540] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\alg.exe[2540] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\alg.exe[2540] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\alg.exe[2540] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\alg.exe[2540] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600
.text C:\Documents and Settings\oem\Plocha\gmer.exe[2632] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Documents and Settings\oem\Plocha\gmer.exe[2632] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\oem\Plocha\gmer.exe[2632] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Documents and Settings\oem\Plocha\gmer.exe[2632] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Documents and Settings\oem\Plocha\gmer.exe[2632] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 3 Bytes JMP 009B1014
.text C:\Documents and Settings\oem\Plocha\gmer.exe[2632] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E26BE5 1 Byte [88]
.text C:\Documents and Settings\oem\Plocha\gmer.exe[2632] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 009B0804
.text C:\Documents and Settings\oem\Plocha\gmer.exe[2632] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 009B0A08
.text C:\Documents and Settings\oem\Plocha\gmer.exe[2632] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 009B0C0C
.text C:\Documents and Settings\oem\Plocha\gmer.exe[2632] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 009B0E10
.text C:\Documents and Settings\oem\Plocha\gmer.exe[2632] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 009B01F8
.text C:\Documents and Settings\oem\Plocha\gmer.exe[2632] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 009B03FC
.text C:\Documents and Settings\oem\Plocha\gmer.exe[2632] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 009B0600
.text C:\Documents and Settings\oem\Plocha\gmer.exe[2632] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00AC01F8
.text C:\Documents and Settings\oem\Plocha\gmer.exe[2632] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 00AC03FC
.text C:\Documents and Settings\oem\Plocha\gmer.exe[2632] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00AC0804
.text C:\Documents and Settings\oem\Plocha\gmer.exe[2632] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00AC0A08
.text C:\Documents and Settings\oem\Plocha\gmer.exe[2632] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00AC0600
.text C:\WINDOWS\system32\wscntfy.exe[2716] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wscntfy.exe[2716] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2716] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wscntfy.exe[2716] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2716] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\wscntfy.exe[2716] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\wscntfy.exe[2716] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\wscntfy.exe[2716] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\wscntfy.exe[2716] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\wscntfy.exe[2716] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00321014
.text C:\WINDOWS\system32\wscntfy.exe[2716] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\wscntfy.exe[2716] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\wscntfy.exe[2716] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00320C0C
.text C:\WINDOWS\system32\wscntfy.exe[2716] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00320E10
.text C:\WINDOWS\system32\wscntfy.exe[2716] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\wscntfy.exe[2716] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\wscntfy.exe[2716] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\WISPTIS.EXE[2808] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\WISPTIS.EXE[2808] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\WISPTIS.EXE[2808] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\WISPTIS.EXE[2808] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\WISPTIS.EXE[2808] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\WISPTIS.EXE[2808] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\WISPTIS.EXE[2808] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\WISPTIS.EXE[2808] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\WISPTIS.EXE[2808] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\WISPTIS.EXE[2808] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\WISPTIS.EXE[2808] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\WISPTIS.EXE[2808] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\WISPTIS.EXE[2808] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\WISPTIS.EXE[2808] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\WISPTIS.EXE[2808] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\WISPTIS.EXE[2808] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\WISPTIS.EXE[2808] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\NOTEPAD.EXE[2916] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\NOTEPAD.EXE[2916] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\NOTEPAD.EXE[2916] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\NOTEPAD.EXE[2916] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\NOTEPAD.EXE[2916] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\NOTEPAD.EXE[2916] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\NOTEPAD.EXE[2916] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\NOTEPAD.EXE[2916] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\NOTEPAD.EXE[2916] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\NOTEPAD.EXE[2916] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\NOTEPAD.EXE[2916] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\NOTEPAD.EXE[2916] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\NOTEPAD.EXE[2916] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\NOTEPAD.EXE[2916] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\NOTEPAD.EXE[2916] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\NOTEPAD.EXE[2916] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\NOTEPAD.EXE[2916] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00310600
.text C:\WINDOWS\RTHDCPL.EXE[3272] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\WINDOWS\RTHDCPL.EXE[3272] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[3272] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\WINDOWS\RTHDCPL.EXE[3272] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[3272] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\WINDOWS\RTHDCPL.EXE[3272] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\WINDOWS\RTHDCPL.EXE[3272] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\WINDOWS\RTHDCPL.EXE[3272] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\WINDOWS\RTHDCPL.EXE[3272] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\WINDOWS\RTHDCPL.EXE[3272] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\WINDOWS\RTHDCPL.EXE[3272] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\WINDOWS\RTHDCPL.EXE[3272] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\WINDOWS\RTHDCPL.EXE[3272] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\RTHDCPL.EXE[3272] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\WINDOWS\RTHDCPL.EXE[3272] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\WINDOWS\RTHDCPL.EXE[3272] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\WINDOWS\RTHDCPL.EXE[3272] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3344] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3344] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3420] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[3420] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3420] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[3420] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3420] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00371014
.text C:\WINDOWS\system32\ctfmon.exe[3420] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\ctfmon.exe[3420] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\ctfmon.exe[3420] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00370C0C
.text C:\WINDOWS\system32\ctfmon.exe[3420] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00370E10
.text C:\WINDOWS\system32\ctfmon.exe[3420] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\ctfmon.exe[3420] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\ctfmon.exe[3420] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\ctfmon.exe[3420] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\ctfmon.exe[3420] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\ctfmon.exe[3420] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\ctfmon.exe[3420] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\ctfmon.exe[3420] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00380600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3648] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3648] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3648] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3648] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3648] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3648] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3648] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3648] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3648] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3648] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3648] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3648] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3648] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3648] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3648] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3648] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3648] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[3684] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[3684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[3684] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[3684] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[3684] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[3684] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[3684] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[3684] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[3684] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[3684] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003E1014
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[3684] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003E0804
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[3684] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003E0A08
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[3684] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003E0C0C
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[3684] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003E0E10
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[3684] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003E01F8
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[3684] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003E03FC
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[3684] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003E0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3864] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3864] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3864] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3864] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3864] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00811014
.text C:\Program Files\Mozilla Firefox\firefox.exe[3864] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00810804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3864] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00810A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3864] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00810C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3864] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00810E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[3864] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 008101F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3864] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 008103FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3864] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00810600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3864] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 008201F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3864] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 008203FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3864] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00820804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3864] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00820A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3864] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00820600
.text C:\WINDOWS\system32\wuauclt.exe[3964] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[3964] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3964] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[3964] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3964] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\wuauclt.exe[3964] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\wuauclt.exe[3964] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\wuauclt.exe[3964] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\wuauclt.exe[3964] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\wuauclt.exe[3964] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\wuauclt.exe[3964] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\wuauclt.exe[3964] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\wuauclt.exe[3964] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\wuauclt.exe[3964] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\wuauclt.exe[3964] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\wuauclt.exe[3964] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\wuauclt.exe[3964] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00390600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1092] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00620002
IAT C:\WINDOWS\system32\services.exe[1092] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00620000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\nvata \Device\NvAta0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\NvAta1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\NvAta2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\0000007e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\0000007f sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x25 0x6F 0x76 0x11 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6B 0xFB 0x63 0xB5 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x61 0x16 0x2E 0x3B ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x22 0x7B 0x6A 0x01 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x46 0x49 0x77 0x45 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x66 0x09 0x55 0x61 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x25 0x6F 0x76 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD3 0x7C 0xD5 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x91 0x95 0x78 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x25 0xA4 0xA8 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x46 0x49 0x77 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xE1 0xD5 0x00 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x25 0x6F 0x76 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD3 0x7C 0xD5 0x9C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x10 0x73 0xE4 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x25 0xA4 0xA8 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x46 0x49 0x77 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xE1 0xD5 0x00 0x62 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x25 0x6F 0x76 0x11 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD3 0x7C 0xD5 0x9C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x10 0x73 0xE4 0x52 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x25 0xA4 0xA8 0x33 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x46 0x49 0x77 0x45 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xE1 0xD5 0x00 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

Stáhneme si na Plochu program OTM

• Spustíme soubor OTM.exe (pokud máte Windows Vista nebo Windows 7,tak na soubor klikněte pravým tlačítkem myši a dejte ,,Spustit jako správce,,)
• Spustí se nám program OTM a do levého okna ,,Paste Instructions for Items to be Moved,, vložíme následující skript a stiskneme tlačítko MoveIt
  

  Kód: Vybrat vše

  
  :Services
  glaide32
  
  :Files
  C:\WINDOWS\system32\drivers\glaide32.sys
  
  :Commands
  [ClearAllRestorePoints]
  [EmptyFlash]
  [EmptyTemp]
  [ResetHosts]
  
  
  

• Po restartu pc se vám objeví log z OTM,ten mi sem prosím vložte..

Stáhněte si TDSSKiller

• Spuste program a klikněte na Start Scan
• Pokud program najde infikekci,tak ji bude lecit (Cure), povolte léčení kliknutím na tlačítko Continue
• Pokud program najde podezrely soubor (suspicious),bude ho chtít přeskočit (Skip), povolte přeskočení kliknutim na tlačítko Continue
• Po dokončení skenování bude možná potřeba restartovat počítač,ten povolíte programu kliknutím na tlačítko Reboot now
• Po restartování počítače na vás vyskočí log(pokud se tak nestane,tak ho najdete na disku,kde máte nainstalovaná systém s názvem TDSSKiller.xxxx_log.txt) a vložte mi sem jeho obsah
• Pokud nebude program požadovat restartování počítače,klikněte na tlačítko Close a následně na Report , čímž se Vám vytvoří log a jeho obsah mu sem vložte

All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named glaide32 was found to stop!
Service\Driver key glaide32 not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\drivers\glaide32.sys not found.
========== COMMANDS ==========

Restore points cleared and new OTM Restore Point set!

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 84 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 196608 bytes
->Temporary Internet Files folder emptied: 656040 bytes

User: oem
->Temp folder emptied: 6867920795 bytes
->Temporary Internet Files folder emptied: 1032266 bytes
->Java cache emptied: 9285949 bytes
->FireFox cache emptied: 54453231 bytes
->Google Chrome cache emptied: 6142276 bytes
->Apple Safari cache emptied: 6411264 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1441 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114584 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 94335832 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 94810646 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 158277779 bytes

Total Files Cleaned = 6 958,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.18.0 log created on 08092011_204443

Files moved on Reboot...
File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_4cc.dat not found!
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

2011/08/09 20:50:55.0968 2440 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/09 20:50:56.0125 2440 ================================================================================
2011/08/09 20:50:56.0125 2440 SystemInfo:
2011/08/09 20:50:56.0125 2440
2011/08/09 20:50:56.0125 2440 OS Version: 5.1.2600 ServicePack: 2.0
2011/08/09 20:50:56.0125 2440 Product type: Workstation
2011/08/09 20:50:56.0125 2440 ComputerName: OEM-B32AC27CA1E
2011/08/09 20:50:56.0125 2440 UserName: oem
2011/08/09 20:50:56.0125 2440 Windows directory: C:\WINDOWS
2011/08/09 20:50:56.0125 2440 System windows directory: C:\WINDOWS
2011/08/09 20:50:56.0125 2440 Processor architecture: Intel x86
2011/08/09 20:50:56.0125 2440 Number of processors: 2
2011/08/09 20:50:56.0125 2440 Page size: 0x1000
2011/08/09 20:50:56.0125 2440 Boot type: Normal boot
2011/08/09 20:50:56.0125 2440 ================================================================================
2011/08/09 20:50:56.0796 2440 Initialize success
2011/08/09 20:51:48.0390 2584 ================================================================================
2011/08/09 20:51:48.0390 2584 Scan started
2011/08/09 20:51:48.0390 2584 Mode: Manual;
2011/08/09 20:51:48.0390 2584 ================================================================================
2011/08/09 20:51:48.0578 2584 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/08/09 20:51:48.0718 2584 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/09 20:51:48.0765 2584 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/09 20:51:48.0828 2584 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/08/09 20:51:48.0875 2584 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/08/09 20:51:49.0031 2584 AmdK8 (fcffa85cfd4bf7a4711012847048dca3) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/08/09 20:51:49.0062 2584 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/09 20:51:49.0140 2584 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/08/09 20:51:49.0156 2584 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/08/09 20:51:49.0171 2584 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/08/09 20:51:49.0203 2584 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/08/09 20:51:49.0218 2584 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/08/09 20:51:49.0234 2584 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/08/09 20:51:49.0265 2584 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/09 20:51:49.0281 2584 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/09 20:51:49.0375 2584 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/08/09 20:51:49.0406 2584 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/09 20:51:49.0437 2584 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/09 20:51:49.0500 2584 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/09 20:51:49.0828 2584 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/09 20:51:49.0875 2584 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/09 20:51:49.0906 2584 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/09 20:51:49.0953 2584 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/09 20:51:49.0984 2584 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/09 20:51:50.0125 2584 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/09 20:51:50.0187 2584 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/09 20:51:50.0218 2584 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/09 20:51:50.0250 2584 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/09 20:51:50.0312 2584 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/09 20:51:50.0343 2584 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/09 20:51:50.0359 2584 ElbyCDFL (075d91e4de09a6f1ede77c341803d454) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
2011/08/09 20:51:50.0390 2584 ElbyCDIO (c9c7113f5e15f70fcc576e835c859d56) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/08/09 20:51:50.0421 2584 ENTECH (bdd170fecb0e496a914318009d85b819) C:\WINDOWS\system32\DRIVERS\ENTECH.SYS
2011/08/09 20:51:50.0453 2584 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/09 20:51:50.0484 2584 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/09 20:51:50.0500 2584 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/09 20:51:50.0515 2584 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/09 20:51:50.0531 2584 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/09 20:51:50.0531 2584 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/09 20:51:50.0562 2584 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/09 20:51:50.0593 2584 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/09 20:51:50.0625 2584 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/08/09 20:51:50.0671 2584 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/09 20:51:50.0718 2584 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/09 20:51:50.0781 2584 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/09 20:51:50.0828 2584 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/09 20:51:50.0843 2584 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/09 20:51:50.0890 2584 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/09 20:51:50.0984 2584 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/09 20:51:51.0000 2584 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/09 20:51:51.0140 2584 IntcAzAudAddService (001aaca6ed0e6b00fc5b8faf74977e81) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/09 20:51:51.0203 2584 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/09 20:51:51.0234 2584 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/09 20:51:51.0250 2584 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/09 20:51:51.0281 2584 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/09 20:51:51.0296 2584 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/09 20:51:51.0359 2584 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/09 20:51:51.0406 2584 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/09 20:51:51.0453 2584 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/09 20:51:51.0500 2584 kbdhid (065b5a83aa78c0c7047bf22e0ab5c821) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/09 20:51:51.0562 2584 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/09 20:51:51.0578 2584 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/09 20:51:51.0656 2584 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/08/09 20:51:51.0687 2584 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
2011/08/09 20:51:51.0718 2584 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/09 20:51:51.0750 2584 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/09 20:51:51.0812 2584 Modem (60210deb037846afe521ebf349964f6b) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/09 20:51:51.0843 2584 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/09 20:51:51.0875 2584 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/09 20:51:51.0921 2584 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/09 20:51:51.0968 2584 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/09 20:51:52.0000 2584 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/09 20:51:52.0078 2584 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/09 20:51:52.0125 2584 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/09 20:51:52.0140 2584 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/09 20:51:52.0171 2584 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/09 20:51:52.0187 2584 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/09 20:51:52.0234 2584 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/09 20:51:52.0296 2584 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/09 20:51:52.0312 2584 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/09 20:51:52.0343 2584 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/09 20:51:52.0359 2584 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/09 20:51:52.0390 2584 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/09 20:51:52.0421 2584 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/09 20:51:52.0437 2584 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/09 20:51:52.0437 2584 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/09 20:51:52.0453 2584 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/09 20:51:52.0484 2584 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/09 20:51:52.0515 2584 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/09 20:51:52.0515 2584 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/09 20:51:52.0546 2584 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/09 20:51:52.0593 2584 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/09 20:51:52.0781 2584 nv (8c0456001b6900114bbb1c548bd8aaf5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/09 20:51:52.0968 2584 nvata (4d6c6b46b3edf6f2e219a86b61d104ae) C:\WINDOWS\system32\DRIVERS\nvata.sys
2011/08/09 20:51:52.0984 2584 NVENETFD (1b83b60541be1b6db81641c448007f21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/08/09 20:51:53.0031 2584 nvnetbus (57b669f9234604a350174b86764444b0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/08/09 20:51:53.0078 2584 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/09 20:51:53.0093 2584 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/09 20:51:53.0140 2584 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/09 20:51:53.0156 2584 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/09 20:51:53.0187 2584 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/09 20:51:53.0203 2584 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/09 20:51:53.0218 2584 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/09 20:51:53.0281 2584 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/09 20:51:53.0296 2584 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/09 20:51:53.0406 2584 pe3ah4nc (f7ba50ee70940bb00d1f20c8ef2013d6) C:\WINDOWS\system32\drivers\pe3ah4nc.sys
2011/08/09 20:51:53.0531 2584 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/09 20:51:53.0562 2584 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2011/08/09 20:51:53.0625 2584 Processor (9a10e4fd13824823da50d4758bd0a645) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/09 20:51:53.0671 2584 ps6ah4nc (0a84dc4a8a18f743fceef41ddf563c4a) C:\WINDOWS\system32\drivers\ps6ah4nc.sys
2011/08/09 20:51:53.0687 2584 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/09 20:51:53.0734 2584 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/09 20:51:53.0750 2584 PTSimBus (c456c2db7f7d6a3112a360ddf315298b) C:\WINDOWS\system32\DRIVERS\PTSimBus.sys
2011/08/09 20:51:53.0781 2584 PTSimHid (f98bb914074a43e7e83ea98d7d13d612) C:\WINDOWS\system32\DRIVERS\PTSimHid.sys
2011/08/09 20:51:53.0812 2584 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/09 20:51:53.0921 2584 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/09 20:51:53.0984 2584 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/09 20:51:54.0000 2584 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/09 20:51:54.0031 2584 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/09 20:51:54.0062 2584 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/09 20:51:54.0078 2584 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/09 20:51:54.0125 2584 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/09 20:51:54.0187 2584 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/09 20:51:54.0218 2584 ReallusionVirtualAudio (f13cfbecd7f6d08fb8763a6d7646a5cb) C:\WINDOWS\system32\DRIVERS\RLVrtAuCbl.sys
2011/08/09 20:51:54.0234 2584 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/09 20:51:54.0281 2584 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/08/09 20:51:54.0359 2584 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/09 20:51:54.0375 2584 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/09 20:51:54.0390 2584 Serial (c1ddbc85251551a840212999da3d95f3) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/09 20:51:54.0437 2584 sfdrv01 (00de597b81b381053cb5b21a7f20e365) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/08/09 20:51:54.0453 2584 sfhlp02 (64b9ab76f1b16eb059cb6cdd906c067a) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/08/09 20:51:54.0468 2584 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/09 20:51:54.0484 2584 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
2011/08/09 20:51:54.0531 2584 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/09 20:51:54.0609 2584 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/09 20:51:54.0656 2584 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/09 20:51:54.0703 2584 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/09 20:51:54.0750 2584 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/09 20:51:54.0750 2584 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/09 20:51:54.0812 2584 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/09 20:51:54.0875 2584 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/09 20:51:54.0937 2584 TClass2k (9b10f2be724d8e978e21a5da498ff5c1) C:\WINDOWS\system32\DRIVERS\TClass2k.sys
2011/08/09 20:51:54.0953 2584 Tcpip (6a603809f598332dbedd535bdbce313e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/09 20:51:55.0000 2584 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/09 20:51:55.0031 2584 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/09 20:51:55.0046 2584 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/09 20:51:55.0125 2584 UCTblHid (915a53a87cf9b3bc27359846ecd6a547) C:\WINDOWS\system32\DRIVERS\UCTblHid.sys
2011/08/09 20:51:55.0156 2584 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/09 20:51:55.0218 2584 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/09 20:51:55.0250 2584 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/09 20:51:55.0296 2584 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/09 20:51:55.0296 2584 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/09 20:51:55.0312 2584 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/09 20:51:55.0328 2584 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/09 20:51:55.0343 2584 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/09 20:51:55.0390 2584 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/09 20:51:55.0437 2584 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/09 20:51:55.0453 2584 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/09 20:51:55.0531 2584 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/08/09 20:51:55.0578 2584 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/09 20:51:55.0609 2584 w810bus (5e8b60606fc4173b69cdecd964f22d28) C:\WINDOWS\system32\DRIVERS\w810bus.sys
2011/08/09 20:51:55.0625 2584 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/09 20:51:55.0687 2584 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/09 20:51:55.0765 2584 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/09 20:51:55.0796 2584 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/09 20:51:55.0859 2584 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/09 20:51:55.0875 2584 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/09 20:51:55.0968 2584 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (7b012309260f7e013e24f8458e382fad) C:\Program Files\CyberLink\PowerDVD\000.fcl
2011/08/09 20:51:55.0984 2584 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
2011/08/09 20:51:56.0062 2584 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/08/09 20:51:56.0078 2584 Boot (0x1200) (7e134ef734909fcfff39c964834e6992) \Device\Harddisk0\DR0\Partition0
2011/08/09 20:51:56.0078 2584 Boot (0x1200) (a002188ba75ca2f3789bf786ef87e8f8) \Device\Harddisk1\DR1\Partition0
2011/08/09 20:51:56.0078 2584 ================================================================================
2011/08/09 20:51:56.0078 2584 Scan finished
2011/08/09 20:51:56.0078 2584 ================================================================================
2011/08/09 20:51:56.0093 2572 Detected object count: 0
2011/08/09 20:51:56.0093 2572 Actual detected object count: 0

Výborně

OTC

• Spustíme,zmáčkneme CleanUp a potvrdíme YES Program uklidí a následně restartuje

T-Cleaner

• Spustíme,zmáčkneme klávesu A a potvrdíme ENTER(některé antiviry mohou detekovat utilitu jako vir-jedá se o falešný poplach,proto IGNOROVAT nebo dočasně vypnout antivir )
• po použití T-Cleaner smažte

TFC

• Stáhneme a spustíme program
• Klikneme na Start a potvrdíme OK
• Program začne uklízet,poté restartuje pc
• po použití program smažte

Údržba PC:

1)Čištění dočasných složek + neplatné registry
Ccleaner

• Stáhneme a nainstalujeme program
• Spustíme program
• ČISTIČ
  Windows zde necháme vše jak je (pokud používáme IE,tak odškrkneme jeho položky) a zaškrkneme položky Start Menu zástupci a Zástupci na ploše
  Aplikace - necháme jak je,ale pokud používáme nějaký prohlížeč (Google chrome,Firefox,Opera..) tak odškrkneme jeho položky
  >Stiskeneme tlačítko Analyzovat a poté Spustit Cleaner
• Registry
  >Stiskneme tlačítko Hledej problémy,program začne hledat neplatné registry..podé zvolíme Opravit vybrané problémy..
  >Program se zeptá,zda chceme vytvořit zálohu registrů,zvolíme ano a uložíme si někde zálohu(kdyby byli po opravení registru s něčím problémy,tak zálohu obnovíme tak,že spustíme uloženou zálohu a potvrdíme ano),dále zvolíme Opravit všechny problémy a Zavřít
  >opakujte dokud nebude registr bez problémů
• Program používáme 1x 14dní (záleží na používání pc,můžeme i jednou týdně)

2)Defragmentace disku
Defraggler

• Stáhneme a nainstalujeme program
• Spustíme program
• Vybereme disk ( C:,D:..prostě který používáme)
• Pokud je ve sloupci Fragmentace více než 5% dejte Defragmentovat
• Proveďte se všemi používanými disky
• Provádíme 1x za měsíc

3)Aktualizace programů
FileHippo.com Update Checker

• Stáhneme a nainstalujeme program(Při instalaci odškrkneme volbu Run at Startup )
• Spustíme program
• Program vyhledá nainstalované programy v PC a zjistí dostupné aktualizace
• Poté se vám otevře internetová stránka,kde budou nabídnuté aplikace k aktualizování
  >X Updates Detected..to jsou dostupné aktualizace..
  > klikneme na zelenou šipečku a stáhneme program,poté nainstalujeme jeho aktuální verzi
  > X Beta Updates Detected..tyto aktualizace nestahujte,jedná se o betaverze,které jsou ve vývoji a jsou nestabilní
• Provádíme 1x za 14 dní nebo jednou za měsíc

Jak se chová PC + nový RSIT

Zdravím, takže po kliku pravým tlačítkem nebo stisku kombinace shift+del mi to občas vyhodí chybu v explorer.exe a dojde k restartu grafického prostředí.

rsit log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by oem at 2011-08-09 22:50:26
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 36 GB (15%) free of 238 GB
Total RAM: 2047 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:50:37, on 9.8.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\rsit\RSIT.exe
C:\Program Files\trend micro\oem.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/sh ... Loader.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB2A7072-CF60-43F1-BED4-EC1D5BCF930C}: NameServer = 81.0.255.140,84.19.64.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
O23 - Service: SMART Display Controller - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe
O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 6427 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\oem\Data aplikací\Mozilla\Firefox\Profiles\vvabtshw.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{097d3191-e6fa-4728-9826-b533d755359d}:0.7.13, {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1, udelatko@shabbi.cz:2.8.5, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"
prefs.js - "keyword.URL" - "http://search.qip.ru/search?from=FF&query="

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1]
"Description"=Rhapsody Control
"Path"=C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@unity3d.com/UnityPlayer]
"Description"=Unity Player 2.0.2f2
"Path"=C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt
nsRLCT4Player.xpt

C:\Program Files\Mozilla Firefox\plugins\
CrazyTalk4Native.dll
ctdomemhelper.dll
ctframeplayerobject.dll
ctplayerobject.dll
imagickrt.dll
np-mswmp.dll
npdeploytk.dll
npmusicn.dll
NPOFFICE.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
npRLCT4Player.dll
nprpjplug.dll
QuickTimePlugin.class
rlcontentclass.dll
RLMusicPacker.dll
RLMusicUnpacker.dll
RLVoicePacker.dll
RLVoiceUnpacker.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\oem\Data aplikací\Mozilla\Firefox\Profiles\vvabtshw.default\extensions\
udelatko@shabbi.cz

C:\Documents and Settings\oem\Data aplikací\Mozilla\Firefox\Profiles\vvabtshw.default\searchplugins\
askcom.xml
qipsearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67BCF957-85FC-4036-8DC4-D4D80E00A77B}]
CIEDownload Object - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll [2010-07-16 247184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-02 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-12-19 16062464]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
""= []
"WTClient"=C:\WINDOWS\system32\WTClient.exe [2009-08-19 32768]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\oem\Nabídka Start\Programy\Po spuštění
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Codemasters\DiRT\DiRT.exe"="C:\Program Files\Codemasters\DiRT\DiRT.exe:*:Enabled:DiRT Executable"
"C:\Program Files\Microsoft Games\Rise of Nations\rise.exe"="C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations"
"D:\BitLord\BitLord.exe"="D:\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Microsoft Games\Rise of Nations\nations.exe"="C:\Program Files\Microsoft Games\Rise of Nations\nations.exe:*:Enabled:Rise of Nations"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Ubisoft\Heroes of Might and Magic V\bin\H5_Game.exe"="C:\Program Files\Ubisoft\Heroes of Might and Magic V\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"C:\Program Files\Take2\Hidden and Dangerous Deluxe\bin\hde.exe"="C:\Program Files\Take2\Hidden and Dangerous Deluxe\bin\hde.exe:*:Enabled:hde"
"I:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="I:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"I:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="I:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"I:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="I:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"E:\EasySetupAssistant\TD-8840_8841\fscommand\EasySetupAssistant.exe"="E:\EasySetupAssistant\TD-8840_8841\fscommand\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\SMART Technologies\SMART Product Drivers\UCGui.exe"="C:\Program Files\SMART Technologies\SMART Product Drivers\UCGui.exe:*:Enabled:SMART Universal Controller Interface"
"C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe"="C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe:*:Enabled:SMART SNMPAgent"
"C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe"="C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe:*:Enabled:SMART Universal Controller Service"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Microsoft Research\Microsoft WorldWide Telescope\WWTExplorer.exe"="C:\Program Files\Microsoft Research\Microsoft WorldWide Telescope\WWTExplorer.exe:*:Enabled:WorldWide Telescope"
"C:\Program Files\Xi\NetXfer\NetTransport.exe"="C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=Ir32_32.dll
"vidc.iv32"=Ir32_32.dll
"vidc.iv41"=Ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.i263"=i263_32.drv
"msacm.imc"=imc32.acm
"VIDC.wmv3"=wmv9vcm.dll
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"msacm.l3fhg"=mp3fhg.acm
"msacm.divxa32"=divxa32.acm
"msacm.vorbis"=vorbis.acm
"VIDC.X264"=x264vfw.dll
"VIDC.DIVX"=divx.dll
"VIDC.VP60"=vp6vfw.dll
"VIDC.VP61"=vp6vfw.dll
"VIDC.VP62"=vp6vfw.dll
"VIDC.VP70"=vp7vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.HFYU"=huffyuv.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave5"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux2"=wdmaud.drv
"vidc.mjpg"=pvmjpg30.dll
"VIDC.CSCD"=camcodec.dll
"vidc.tscc"=tsccvid.dll

======List of files/folders created in the last 1 month======

2011-08-09 22:50:07 ----D---- C:\rsit
2011-08-08 20:29:25 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-08 20:29:20 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-07-23 11:54:40 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-23 11:54:40 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-23 11:54:38 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-23 11:54:38 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-23 11:54:38 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-23 11:54:38 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-23 11:54:38 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-23 11:54:38 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-23 11:54:28 ----A---- C:\WINDOWS\avastSS.scr
2011-07-23 11:54:27 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-23 11:54:19 ----D---- C:\Program Files\AVAST Software
2011-07-23 11:54:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-07-17 10:46:27 ----D---- C:\Documents and Settings\oem\Data aplikací\Dexpot

======List of files/folders modified in the last 1 month======

2011-08-09 22:50:37 ----D---- C:\Program Files\trend micro
2011-08-09 22:50:34 ----D---- C:\WINDOWS\Prefetch
2011-08-09 22:49:06 ----D---- C:\WINDOWS\temp
2011-08-09 22:45:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-09 22:43:29 ----SHD---- C:\System Volume Information
2011-08-09 22:43:29 ----D---- C:\WINDOWS\system32\Restore
2011-08-09 20:50:56 ----D---- C:\WINDOWS\system32\drivers
2011-08-09 20:45:46 ----D---- C:\WINDOWS\system32\drivers\etc
2011-08-09 20:45:28 ----D---- C:\WINDOWS\system32
2011-08-09 20:45:28 ----D---- C:\WINDOWS
2011-08-09 07:57:01 ----D---- C:\WINDOWS\SoftwareDistribution
2011-08-09 07:45:43 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-08-08 21:42:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-08 20:51:49 ----A---- C:\WINDOWS\NeroDigital.ini
2011-08-08 20:25:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-08-08 20:22:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-08-07 11:21:17 ----SHD---- C:\WINDOWS\Installer
2011-08-04 16:41:08 ----D---- C:\Program Files\Opera
2011-07-26 19:19:50 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-26 09:42:38 ----A---- C:\Diagnostics.txt
2011-07-23 13:55:23 ----D---- C:\Program Files\ESET
2011-07-23 12:29:01 ----A---- C:\WINDOWS\wincmd.ini
2011-07-23 11:56:46 ----D---- C:\Program Files\Google
2011-07-23 11:54:35 ----D---- C:\WINDOWS\WinSxS
2011-07-23 11:54:35 ----D---- C:\Config.Msi
2011-07-23 11:54:19 ----D---- C:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-08-21 105344]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc); C:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc); C:\WINDOWS\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\Drivers\PxHelp20.sys [2006-11-02 36624]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-01-15 278984]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-26 15440]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-01-15 25416]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-12-21 4405248]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-24 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-09-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-09-11 19968]
R3 PTSimBus;PenTablet Bus Enumerator; C:\WINDOWS\system32\DRIVERS\PTSimBus.sys [2009-06-22 23208]
R3 PTSimHid;PenTablet Simulated HID MiniDriver; C:\WINDOWS\system32\DRIVERS\PTSimHid.sys [2009-06-22 14504]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio; C:\WINDOWS\system32\DRIVERS\RLVrtAuCbl.sys [2007-03-19 31616]
R3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2009-06-22 23208]
R3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2009-06-22 19624]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys []
S0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-07-05 25280]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 SMART Board Service;Služba SMART Board; C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe [2010-07-15 5350288]
R2 SMART Display Controller;SMART Display Controller; C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe [2010-07-15 844688]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 WinTabService;WinTab Service; C:\WINDOWS\System32\Drivers\WTSRV.EXE [2009-09-23 73728]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc); C:\WINDOWS\system32\pr2ah4nc.exe [2007-05-18 407152]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service; C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [2010-07-15 1662352]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 gupdate1c98c7ef0a18a3a;Google Update Service (gupdate1c98c7ef0a18a3a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-02 153376]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------

Provedl jste údržbu pc

Aktualizujte Service pack 3 + IE 8,řeší mnoho chyb

Zdravím, udržbu pc jsem provedl. Od te doby mi to tu chybu nevyhodilo.

edit:
Takže, nainstaloval jsem sp3 a ie8. Zjistil jsem, že chybu mi to nevyhazovalo, protože jsem doinstaloval sptd aby mi jel daemoon. Jenže když jsem počítač restartoval tak se začal chovat jak poslední dva týdny. Když zmáčknu pravé tlačítko na ikonu, tak trvá dlouho než se mi vyroluje nabídka. Po odinstalaci sptd se mi nabídka vyroluje hned, ale zase to občas vyhodí chybu.