Problém s PC - zpomalení, potíže s internetem

[Greyhound]

Dobrý den,
počítač se poslední dobou chová značně nestandardně. Několikrát se sám od sebe vypnul, internet byl nejdříve pomalejší, teď už nejde spustit vůbec. Tady je log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by user at 2011-11-16 11:20:18
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 44 GB (44%) free of 100 GB
Total RAM: 2047 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:45, on 16.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe
C:\Program Files\Philips\GoGear Mix Device Manager\main.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
F:\Update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Seznam Postak] "C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe" -s
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Philips Device Manager.lnk = C:\Program Files\Philips\GoGear Mix Device Manager\main.exe
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

--
End of file - 11425 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1659004503-725345543-1004Core1cb6dca5423f97a.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1659004503-725345543-1004UA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-606747145-1659004503-725345543-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-1659004503-725345543-1004.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\user\Data aplikací\Mozilla\Firefox\Profiles\o5lmi18u.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "wrc@avast.com:20110101, {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@bittorrent.com/BitTorrentDNA]
"Description"=Delivery Network Acceleration by BitTorrent™
"Path"=C:\Program Files\DNA\plugins\npbtdna.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647]
"Description"=12.0.1.647
"Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

E:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

E:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsjsrealplayerplugin.xpt

E:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

E:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\user\Data aplikací\Mozilla\Firefox\Profiles\o5lmi18u.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-05-27 386776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-04 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-09-04 1007160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll [2007-02-16 457216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-09-06 806456]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-04 305328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe [2009-08-27 614400]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2011-09-06 3722416]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2009-10-26 15872]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"TkBellExe"=C:\program files\real\realplayer\update\realsched.exe [2011-05-27 273544]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-11-13 323392]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Google Update"=C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-04-23 136176]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-04-27 39408]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-11-11 4617600]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Seznam Postak"=C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe [2010-10-07 488728]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Philips Device Manager.lnk - C:\Program Files\Philips\GoGear Mix Device Manager\main.exe

C:\Documents and Settings\user\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-18 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-08-10 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"E:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe"="E:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Disabled:SopCast Main Application"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.ffds"=ff_vfw.dll
"VIDC.FPS1"=frapsvid.dll

======List of files/folders created in the last 1 month======

2011-11-16 11:20:18 ----D---- C:\rsit
2011-11-16 11:09:16 ----A---- C:\TDSSKiller.2.6.19.0_16.11.2011_11.09.16_log.txt
2011-11-11 21:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2641690$
2011-11-09 21:24:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2011-10-28 10:22:10 ----D---- C:\Program Files\Common Files\Java

======List of files/folders modified in the last 1 month======

2011-11-16 11:13:18 ----D---- C:\WINDOWS\Prefetch
2011-11-16 11:12:56 ----D---- C:\Documents and Settings\user\Data aplikací\DNA
2011-11-16 11:09:16 ----D---- C:\WINDOWS\system32\drivers
2011-11-16 10:47:48 ----D---- C:\WINDOWS\Temp
2011-11-16 10:40:51 ----D---- C:\WINDOWS\Debug
2011-11-16 10:40:51 ----D---- C:\WINDOWS
2011-11-16 10:32:51 ----D---- C:\Program Files\DNA
2011-11-16 10:26:09 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-11-16 10:14:48 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-15 20:42:22 ----A---- C:\WINDOWS\wincmd.ini
2011-11-15 18:25:43 ----SD---- C:\WINDOWS\Tasks
2011-11-15 11:52:18 ----D---- C:\WINDOWS\network diagnostic
2011-11-14 10:54:36 ----SHD---- C:\WINDOWS\Installer
2011-11-14 10:54:29 ----D---- C:\Program Files\Google
2011-11-12 10:18:04 ----D---- C:\WINDOWS\system32
2011-11-11 21:50:25 ----HD---- C:\WINDOWS\inf
2011-11-11 21:50:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-11-11 18:56:04 ----D---- C:\Program Files\SUPERAntiSpyware
2011-11-11 10:43:55 ----HD---- C:\WINDOWS\$hf_mig$
2011-11-09 21:23:09 ----A---- C:\WINDOWS\system32\MRT.exe
2011-11-08 14:31:13 ----A---- C:\WINDOWS\NeroDigital.ini
2011-10-30 09:38:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-28 10:22:10 ----D---- C:\Program Files\Common Files
2011-10-28 10:21:54 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-08-14 105344]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-09-06 30808]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-09-06 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-09-06 442200]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-09-06 320856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-09-06 52568]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-09-06 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-09-06 110552]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-06 93952]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-18 2849280]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-12-03 717296]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-18 116608]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-18 512000]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-09-06 44768]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-07-13 131131]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-07-13 65599]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-27 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-27 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-27 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Zdravím!
V logu nevidím nic nebezpečného. Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[Greyhound]

Log z Malwarebytes´:
Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16.11.2011 20:05:34
mbam-log-2011-11-16 (20-04-54).txt

Typ kontroly: Úplný test (C:\|E:\|)
Testované objekty: 446382
Uplynulý čas: 2 hodin, 7 minut, 16 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
e:\hry\Miniclip\kingofthehill.exe (Spyware.Passwords) -> No action taken.
e:\Nove\Hry\stress reducer.exe (Joke.Stressreducer) -> No action taken.

[Rudy]

Obě nalezené položky smažte. Restartujte PC a vyčistěte PC CCleanerem: http://www.viry.cz/forum/viewtopic.php?f=46&t=7478 od balastu.

[Greyhound]

Postup jsem provedl, situace se ale nezměnila - internet stále nejde spustit. Při každém restartu navíc Windows provádí kontrolu souborů na disku C.

[Rudy]

Zkuste použít WinsockFix: http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=22 . Utilita reinstaluje TCP/IP protokol. Máte-li paeametry sítě nastaveny ručně, budete je muset po restartu znovu zadat.

[Greyhound]

Žádná změna. Kontrola systému, která se spustila při restartu skončila s tím, že v rejstřících došlo k neurčené chybě.

[Rudy]

Šlo o internet. Funguje, nebo ne?

[Greyhound]

Pořád ne.

[Rudy]

Zkontrolujte, příp restartujte všechny síť. prvky v datové cestě (modem a pod.). Pokud ani pak ne, stáhněte a spusťte TDSSKIller: http://support.kaspersky.com/faq/?qid=208283363 a nechte pracovat. Pak dejte log.

[Greyhound]

Síťové prvky jsou v pořádku. Tady je log z TDSSKiller :

14:03:50.0203 0804 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
14:03:50.0218 0804 ============================================================
14:03:50.0218 0804 Current date / time: 2011/11/17 14:03:50.0218
14:03:50.0218 0804 SystemInfo:
14:03:50.0218 0804
14:03:50.0218 0804 OS Version: 5.1.2600 ServicePack: 3.0
14:03:50.0218 0804 Product type: Workstation
14:03:50.0218 0804 ComputerName: USER-608A6EAA30
14:03:50.0218 0804 UserName: user
14:03:50.0218 0804 Windows directory: C:\WINDOWS
14:03:50.0218 0804 System windows directory: C:\WINDOWS
14:03:50.0218 0804 Processor architecture: Intel x86
14:03:50.0218 0804 Number of processors: 2
14:03:50.0218 0804 Page size: 0x1000
14:03:50.0218 0804 Boot type: Normal boot
14:03:50.0218 0804 ============================================================
14:03:50.0515 0804 Initialize success
14:04:03.0718 2224 ============================================================
14:04:03.0718 2224 Scan started
14:04:03.0718 2224 Mode: Manual;
14:04:03.0718 2224 ============================================================
14:04:03.0937 2224 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
14:04:03.0937 2224 Aavmker4 - ok
14:04:03.0937 2224 Abiosdsk - ok
14:04:03.0953 2224 abp480n5 - ok
14:04:04.0000 2224 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:04:04.0000 2224 ACPI - ok
14:04:04.0031 2224 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:04:04.0031 2224 ACPIEC - ok
14:04:04.0078 2224 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
14:04:04.0078 2224 ADIHdAudAddService - ok
14:04:04.0078 2224 adpu160m - ok
14:04:04.0093 2224 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
14:04:04.0093 2224 AEAudio - ok
14:04:04.0125 2224 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:04:04.0140 2224 aec - ok
14:04:04.0171 2224 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:04:04.0171 2224 AFD - ok
14:04:04.0171 2224 Aha154x - ok
14:04:04.0187 2224 aic78u2 - ok
14:04:04.0203 2224 aic78xx - ok
14:04:04.0218 2224 AliIde - ok
14:04:04.0265 2224 AmdK8 (f6f5e047369784e607f3a636ac576148) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:04:04.0265 2224 AmdK8 - ok
14:04:04.0265 2224 amsint - ok
14:04:04.0281 2224 asc - ok
14:04:04.0296 2224 asc3350p - ok
14:04:04.0312 2224 asc3550 - ok
14:04:04.0343 2224 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
14:04:04.0343 2224 aswFsBlk - ok
14:04:04.0343 2224 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
14:04:04.0343 2224 aswMon2 - ok
14:04:04.0375 2224 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
14:04:04.0375 2224 aswRdr - ok
14:04:04.0406 2224 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
14:04:04.0406 2224 aswSnx - ok
14:04:04.0437 2224 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
14:04:04.0437 2224 aswSP - ok
14:04:04.0453 2224 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
14:04:04.0453 2224 aswTdi - ok
14:04:04.0484 2224 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:04:04.0484 2224 AsyncMac - ok
14:04:04.0500 2224 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:04:04.0515 2224 atapi - ok
14:04:04.0515 2224 Atdisk - ok
14:04:04.0609 2224 ati2mtag (d0c00ee032994b698b47837a3561717a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:04:04.0625 2224 ati2mtag - ok
14:04:04.0640 2224 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:04:04.0640 2224 Atmarpc - ok
14:04:04.0656 2224 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:04:04.0671 2224 audstub - ok
14:04:04.0687 2224 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:04:04.0703 2224 Beep - ok
14:04:04.0750 2224 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:04:04.0750 2224 cbidf2k - ok
14:04:04.0750 2224 cd20xrnt - ok
14:04:04.0781 2224 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:04:04.0781 2224 Cdaudio - ok
14:04:04.0796 2224 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:04:04.0812 2224 Cdfs - ok
14:04:04.0828 2224 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:04:04.0828 2224 Cdrom - ok
14:04:04.0828 2224 Changer - ok
14:04:04.0859 2224 CmdIde - ok
14:04:04.0875 2224 Cpqarray - ok
14:04:04.0906 2224 dac2w2k - ok
14:04:04.0906 2224 dac960nt - ok
14:04:04.0953 2224 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\WINDOWS\system32\Drivers\DgiVecp.sys
14:04:04.0953 2224 DgiVecp - ok
14:04:04.0984 2224 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:04:04.0984 2224 Disk - ok
14:04:05.0031 2224 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
14:04:05.0046 2224 dmboot - ok
14:04:05.0046 2224 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
14:04:05.0062 2224 dmio - ok
14:04:05.0062 2224 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:04:05.0062 2224 dmload - ok
14:04:05.0093 2224 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:04:05.0093 2224 DMusic - ok
14:04:05.0125 2224 dpti2o - ok
14:04:05.0140 2224 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:04:05.0156 2224 drmkaud - ok
14:04:05.0203 2224 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:04:05.0203 2224 Fastfat - ok
14:04:05.0203 2224 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:04:05.0218 2224 Fdc - ok
14:04:05.0218 2224 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
14:04:05.0218 2224 Fips - ok
14:04:05.0234 2224 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:04:05.0234 2224 Flpydisk - ok
14:04:05.0265 2224 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:04:05.0265 2224 FltMgr - ok
14:04:05.0296 2224 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:04:05.0296 2224 Fs_Rec - ok
14:04:05.0296 2224 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:04:05.0312 2224 Ftdisk - ok
14:04:05.0312 2224 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:04:05.0312 2224 Gpc - ok
14:04:05.0359 2224 HdAudAddService (56bf27d7a539f9e6bbc1de201aba0edf) C:\WINDOWS\system32\drivers\AtiHdAud.sys
14:04:05.0359 2224 HdAudAddService - ok
14:04:05.0375 2224 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:04:05.0375 2224 HDAudBus - ok
14:04:05.0406 2224 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:04:05.0406 2224 HidUsb - ok
14:04:05.0406 2224 hpn - ok
14:04:05.0453 2224 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:04:05.0453 2224 HTTP - ok
14:04:05.0453 2224 i2omgmt - ok
14:04:05.0468 2224 i2omp - ok
14:04:05.0484 2224 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:04:05.0484 2224 i8042prt - ok
14:04:05.0500 2224 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:04:05.0500 2224 Imapi - ok
14:04:05.0515 2224 ini910u - ok
14:04:05.0531 2224 IntelIde - ok
14:04:05.0578 2224 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:04:05.0578 2224 Ip6Fw - ok
14:04:05.0593 2224 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:04:05.0593 2224 IpFilterDriver - ok
14:04:05.0609 2224 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:04:05.0609 2224 IpInIp - ok
14:04:05.0640 2224 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:04:05.0640 2224 IpNat - ok
14:04:05.0656 2224 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:04:05.0656 2224 IPSec - ok
14:04:05.0656 2224 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:04:05.0671 2224 IRENUM - ok
14:04:05.0671 2224 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:04:05.0671 2224 isapnp - ok
14:04:05.0703 2224 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:04:05.0703 2224 Kbdclass - ok
14:04:05.0734 2224 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:04:05.0734 2224 kbdhid - ok
14:04:05.0750 2224 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:04:05.0750 2224 kmixer - ok
14:04:05.0781 2224 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:04:05.0781 2224 KSecDD - ok
14:04:05.0796 2224 lbrtfdc - ok
14:04:05.0828 2224 mcdbus - ok
14:04:05.0859 2224 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:04:05.0859 2224 mnmdd - ok
14:04:05.0875 2224 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
14:04:05.0875 2224 Modem - ok
14:04:05.0890 2224 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:04:05.0890 2224 Mouclass - ok
14:04:05.0906 2224 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:04:05.0906 2224 mouhid - ok
14:04:05.0921 2224 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:04:05.0921 2224 MountMgr - ok
14:04:05.0921 2224 mraid35x - ok
14:04:05.0953 2224 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:04:05.0953 2224 MRxDAV - ok
14:04:05.0984 2224 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:04:06.0000 2224 MRxSmb - ok
14:04:06.0015 2224 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:04:06.0015 2224 Msfs - ok
14:04:06.0031 2224 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:04:06.0031 2224 MSKSSRV - ok
14:04:06.0031 2224 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:04:06.0046 2224 MSPCLOCK - ok
14:04:06.0046 2224 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:04:06.0046 2224 MSPQM - ok
14:04:06.0078 2224 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:04:06.0093 2224 mssmbios - ok
14:04:06.0125 2224 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
14:04:06.0125 2224 MTsensor - ok
14:04:06.0156 2224 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:04:06.0156 2224 Mup - ok
14:04:06.0171 2224 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:04:06.0171 2224 NDIS - ok
14:04:06.0203 2224 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:04:06.0203 2224 NdisTapi - ok
14:04:06.0218 2224 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:04:06.0218 2224 Ndisuio - ok
14:04:06.0234 2224 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:04:06.0234 2224 NdisWan - ok
14:04:06.0281 2224 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:04:06.0281 2224 NDProxy - ok
14:04:06.0281 2224 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:04:06.0281 2224 NetBIOS - ok
14:04:06.0296 2224 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:04:06.0312 2224 NetBT - ok
14:04:06.0343 2224 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:04:06.0343 2224 Npfs - ok
14:04:06.0390 2224 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:04:06.0406 2224 Ntfs - ok
14:04:06.0437 2224 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:04:06.0437 2224 Null - ok
14:04:06.0453 2224 nvata (947c4a0e7b25bcecc3b40f0f1070378b) C:\WINDOWS\system32\DRIVERS\nvata.sys
14:04:06.0453 2224 nvata - ok
14:04:06.0453 2224 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
14:04:06.0468 2224 NVENETFD - ok
14:04:06.0468 2224 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
14:04:06.0468 2224 nvnetbus - ok
14:04:06.0500 2224 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:04:06.0500 2224 NwlnkFlt - ok
14:04:06.0500 2224 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:04:06.0515 2224 NwlnkFwd - ok
14:04:06.0515 2224 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
14:04:06.0531 2224 Parport - ok
14:04:06.0531 2224 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:04:06.0546 2224 PartMgr - ok
14:04:06.0546 2224 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
14:04:06.0546 2224 ParVdm - ok
14:04:06.0562 2224 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
14:04:06.0562 2224 PCI - ok
14:04:06.0562 2224 PCIDump - ok
14:04:06.0593 2224 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:04:06.0609 2224 PCIIde - ok
14:04:06.0625 2224 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:04:06.0625 2224 Pcmcia - ok
14:04:06.0640 2224 PDCOMP - ok
14:04:06.0640 2224 PDFRAME - ok
14:04:06.0656 2224 PDRELI - ok
14:04:06.0656 2224 PDRFRAME - ok
14:04:06.0671 2224 perc2 - ok
14:04:06.0671 2224 perc2hib - ok
14:04:06.0718 2224 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:04:06.0718 2224 PptpMiniport - ok
14:04:06.0734 2224 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
14:04:06.0734 2224 Processor - ok
14:04:06.0765 2224 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:04:06.0765 2224 PSched - ok
14:04:06.0812 2224 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:04:06.0812 2224 Ptilink - ok
14:04:06.0812 2224 ql1080 - ok
14:04:06.0828 2224 Ql10wnt - ok
14:04:06.0828 2224 ql12160 - ok
14:04:06.0843 2224 ql1240 - ok
14:04:06.0859 2224 ql1280 - ok
14:04:06.0875 2224 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:04:06.0875 2224 RasAcd - ok
14:04:06.0890 2224 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:04:06.0890 2224 Rasl2tp - ok
14:04:06.0906 2224 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:04:06.0906 2224 RasPppoe - ok
14:04:06.0906 2224 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:04:06.0921 2224 Raspti - ok
14:04:06.0921 2224 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:04:06.0921 2224 Rdbss - ok
14:04:06.0937 2224 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:04:06.0937 2224 RDPCDD - ok
14:04:06.0984 2224 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:04:07.0000 2224 RDPWD - ok
14:04:07.0031 2224 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:04:07.0031 2224 redbook - ok
14:04:07.0125 2224 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:04:07.0140 2224 SASDIFSV - ok
14:04:07.0156 2224 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:04:07.0156 2224 SASKUTIL - ok
14:04:07.0218 2224 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:04:07.0218 2224 Secdrv - ok
14:04:07.0250 2224 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
14:04:07.0250 2224 SenFiltService - ok
14:04:07.0281 2224 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:04:07.0281 2224 serenum - ok
14:04:07.0296 2224 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
14:04:07.0296 2224 Serial - ok
14:04:07.0328 2224 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
14:04:07.0328 2224 Sfloppy - ok
14:04:07.0343 2224 Simbad - ok
14:04:07.0375 2224 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:04:07.0375 2224 SONYPVU1 - ok
14:04:07.0390 2224 Sparrow - ok
14:04:07.0406 2224 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:04:07.0406 2224 splitter - ok
14:04:07.0453 2224 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
14:04:07.0468 2224 sptd - ok
14:04:07.0500 2224 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
14:04:07.0500 2224 sr - ok
14:04:07.0531 2224 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:04:07.0546 2224 Srv - ok
14:04:07.0546 2224 SSPORT - ok
14:04:07.0562 2224 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:04:07.0562 2224 swenum - ok
14:04:07.0578 2224 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:04:07.0593 2224 swmidi - ok
14:04:07.0593 2224 symc810 - ok
14:04:07.0609 2224 symc8xx - ok
14:04:07.0625 2224 sym_hi - ok
14:04:07.0625 2224 sym_u3 - ok
14:04:07.0656 2224 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:04:07.0656 2224 sysaudio - ok
14:04:07.0703 2224 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:04:07.0703 2224 Tcpip - ok
14:04:07.0734 2224 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:04:07.0734 2224 TDPIPE - ok
14:04:07.0750 2224 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:04:07.0750 2224 TDTCP - ok
14:04:07.0781 2224 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:04:07.0781 2224 TermDD - ok
14:04:07.0796 2224 TosIde - ok
14:04:07.0828 2224 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:04:07.0828 2224 Udfs - ok
14:04:07.0843 2224 ultra - ok
14:04:07.0953 2224 UnlockerDriver5 (f365fa561c3ab455d8685770d208691a) C:\Program Files\Unlocker\UnlockerDriver5.sys
14:04:07.0953 2224 UnlockerDriver5 - ok
14:04:08.0000 2224 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:04:08.0000 2224 Update - ok
14:04:08.0031 2224 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:04:08.0031 2224 usbccgp - ok
14:04:08.0046 2224 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:04:08.0046 2224 usbehci - ok
14:04:08.0078 2224 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:04:08.0078 2224 usbhub - ok
14:04:08.0078 2224 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:04:08.0078 2224 usbohci - ok
14:04:08.0109 2224 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:04:08.0109 2224 usbprint - ok
14:04:08.0125 2224 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:04:08.0140 2224 usbscan - ok
14:04:08.0156 2224 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:04:08.0156 2224 USBSTOR - ok
14:04:08.0171 2224 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:04:08.0171 2224 VgaSave - ok
14:04:08.0187 2224 ViaIde - ok
14:04:08.0203 2224 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
14:04:08.0218 2224 VolSnap - ok
14:04:08.0250 2224 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:04:08.0250 2224 Wanarp - ok
14:04:08.0265 2224 WDICA - ok
14:04:08.0296 2224 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:04:08.0296 2224 wdmaud - ok
14:04:08.0375 2224 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
14:04:08.0453 2224 \Device\Harddisk0\DR0 - ok
14:04:08.0484 2224 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk1\DR1
14:04:08.0531 2224 \Device\Harddisk1\DR1 - ok
14:04:08.0531 2224 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4
14:04:09.0359 2224 \Device\Harddisk2\DR4 - ok
14:04:09.0359 2224 Boot (0x1200) (063d65ffa7131fbe67476807ec096b10) \Device\Harddisk0\DR0\Partition0
14:04:09.0359 2224 \Device\Harddisk0\DR0\Partition0 - ok
14:04:09.0390 2224 Boot (0x1200) (a711c500da6aa4955ab5383c1aca6956) \Device\Harddisk1\DR1\Partition0
14:04:09.0390 2224 \Device\Harddisk1\DR1\Partition0 - ok
14:04:09.0421 2224 Boot (0x1200) (5229f8f24dff5f7f467cb6c5f87ed5fa) \Device\Harddisk2\DR4\Partition0
14:04:09.0421 2224 \Device\Harddisk2\DR4\Partition0 - ok
14:04:09.0421 2224 ============================================================
14:04:09.0421 2224 Scan finished
14:04:09.0421 2224 ============================================================
14:04:09.0437 2280 Detected object count: 0
14:04:09.0437 2280 Actual detected object count: 0

[Rudy]

Tak ještě zkuste GMER: http://www.gmer.net/gmer.zip . Uděláme sken na obecný rootkit. MBR rootkit také nemáte.

[Greyhound]

První log vypadá takto :
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-17 20:57:12
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\00000062 WDC_WD3200AAKS-00B3A0 rev.01.03A01
Running: gmer.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\kgwoqfow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAC9FED5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAC9FEBC5]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xACA7E9A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

[Rudy]

Gmer by měl dát 2 logy. Viz odkaz. Toto je OK.

[Greyhound]

Log č.2:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-17 21:54:32
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\00000062 WDC_WD3200AAKS-00B3A0 rev.01.03A01
Running: gmer.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\kgwoqfow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAC9DA374]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xACA692B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAC9FE829]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAC9DC996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAC9DC9EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAC9DCB04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAC9FE1DD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAC9DC8EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAC9DCA3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAC9DC940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAC9DCAB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAC9DA398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAC9FEEEF]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAC9FF1A5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAC9DCD88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAC9FED5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAC9FEBC5]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xACA69368]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAC9DA162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAC9DA3BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAC9DCEFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAC9DAE54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAC9DC9C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAC9DCA16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAC9DCB2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAC9FE539]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAC9DC918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAC9DCBC0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAC9DCA7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAC9DC96E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAC9DCCA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAC9DCADC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xACA69400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAC9FEA40]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAC9DAD1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAC9FE892]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xACA716E2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAC9FD850]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAC9DA3E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAC9DA404]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAC9DA1BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAC9DA2F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAC9FEFF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAC9DA2D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAC9DA31C]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xACB51640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAC9DA428]

INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B91AF59A
INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B91AF655

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xACA7E9A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C48 805044E4 4 Bytes CALL D1CEF188
.text ntkrnlpa.exe!ZwCallbackReturn + 2E64 80504700 4 Bytes [40, EA, 9F, AC]
.text ntkrnlpa.exe!ZwCallbackReturn + 2EA8 80504744 4 Bytes [92, E8, 9F, AC]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL AC9DB4AF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP ACA7A3DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP ACA7BE84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP ACA7E9AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9031000, 0x17D80E, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xACDA6A00]
.text win32k.sys!EngFreeUserMem + 674 BF809992 5 Bytes JMP AC9DDE48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813986 5 Bytes JMP AC9DDD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF824339 5 Bytes JMP AC9DD0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CA3 5 Bytes JMP AC9DDFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316EE 5 Bytes JMP AC9DE1BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF83A12C 5 Bytes JMP AC9DDCC4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF851A23 5 Bytes JMP AC9DD016 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E5B4 5 Bytes JMP AC9DD326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E63F 5 Bytes JMP AC9DD4CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F8B2 5 Bytes JMP AC9DCFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF864C81 5 Bytes JMP AC9DDD7E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873FD0 5 Bytes JMP AC9DD4A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89482D 5 Bytes JMP AC9DDEFA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895305 5 Bytes JMP AC9DE118 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89DC40 5 Bytes JMP AC9DD14A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9D8 BF8C21B0 5 Bytes JMP AC9DD1E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA612 5 Bytes JMP AC9DD254 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA892 5 Bytes JMP AC9DD28E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2F7 5 Bytes JMP AC9DCF32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF913433 5 Bytes JMP AC9DD096 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF914007 5 Bytes JMP AC9DD1AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF916980 5 Bytes JMP AC9DD5E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18FC BF9463F2 5 Bytes JMP AC9DE070 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[120] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[120] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[120] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[120] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[120] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[120] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[120] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[120] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[120] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[120] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[120] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[120] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00640804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[120] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00640A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[120] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00640600
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[120] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 006401F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[120] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 006403FC
.text C:\WINDOWS\system32\ctfmon.exe[148] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[148] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[148] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[148] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[148] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\ctfmon.exe[148] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\ctfmon.exe[148] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\ctfmon.exe[148] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\ctfmon.exe[148] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\ctfmon.exe[148] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\ctfmon.exe[148] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\ctfmon.exe[148] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\ctfmon.exe[148] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\ctfmon.exe[148] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\ctfmon.exe[148] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\ctfmon.exe[148] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\ctfmon.exe[148] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ctfmon.exe[148] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[264] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[264] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[264] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[264] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002F0804
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[264] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002F0A08
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[264] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002F0600
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[264] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002F01F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[264] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002F03FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[264] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[264] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[264] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[264] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[264] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[264] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[264] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[264] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\Program Files\Messenger\msmsgs.exe[280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\Program Files\Messenger\msmsgs.exe[280] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\Program Files\Messenger\msmsgs.exe[280] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[280] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014
.text C:\Program Files\Messenger\msmsgs.exe[280] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804
.text C:\Program Files\Messenger\msmsgs.exe[280] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08
.text C:\Program Files\Messenger\msmsgs.exe[280] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C
.text C:\Program Files\Messenger\msmsgs.exe[280] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10
.text C:\Program Files\Messenger\msmsgs.exe[280] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8
.text C:\Program Files\Messenger\msmsgs.exe[280] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC
.text C:\Program Files\Messenger\msmsgs.exe[280] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600
.text C:\Program Files\Messenger\msmsgs.exe[280] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00330804
.text C:\Program Files\Messenger\msmsgs.exe[280] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00330A08
.text C:\Program Files\Messenger\msmsgs.exe[280] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00330600
.text C:\Program Files\Messenger\msmsgs.exe[280] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003301F8
.text C:\Program Files\Messenger\msmsgs.exe[280] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003303FC
.text C:\WINDOWS\System32\smss.exe[392] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe[416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe[416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe[416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe[416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe[416] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00491014
.text C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe[416] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00490804
.text C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe[416] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00490A08
.text C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe[416] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00490C0C
.text C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe[416] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00490E10
.text C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe[416] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004901F8
.text C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe[416] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004903FC
.text C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe[416] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00490600
.text C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe[416] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004A0804
.text C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe[416] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004A0A08
.text C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe[416] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004A0600
.text C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe[416] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004A01F8
.text C:\Documents and Settings\user\Local Settings\Data aplikací\Seznam.cz\postak.exe[416] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004A03FC
.text C:\WINDOWS\system32\csrss.exe[440] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[440] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[476] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[476] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[476] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\winlogon.exe[476] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[476] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[476] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\winlogon.exe[476] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\winlogon.exe[476] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[476] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[476] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\winlogon.exe[476] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\winlogon.exe[476] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\winlogon.exe[476] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\winlogon.exe[476] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\winlogon.exe[476] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\services.exe[520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[520] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[520] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[520] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\services.exe[520] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[520] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[520] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\services.exe[520] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\services.exe[520] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[520] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[520] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[520] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\services.exe[520] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\services.exe[520] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\services.exe[520] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\services.exe[520] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\lsass.exe[560] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[560] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[560] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[560] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\lsass.exe[560] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[560] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[560] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\lsass.exe[560] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\lsass.exe[560] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[560] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[560] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[560] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\lsass.exe[560] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\lsass.exe[560] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\lsass.exe[560] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\lsass.exe[560] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\Philips\GoGear Mix Device Manager\main.exe[672] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Philips\GoGear Mix Device Manager\main.exe[672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Philips\GoGear Mix Device Manager\main.exe[672] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Philips\GoGear Mix Device Manager\main.exe[672] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Philips\GoGear Mix Device Manager\main.exe[672] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\Philips\GoGear Mix Device Manager\main.exe[672] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Philips\GoGear Mix Device Manager\main.exe[672] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\Philips\GoGear Mix Device Manager\main.exe[672] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Philips\GoGear Mix Device Manager\main.exe[672] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Philips\GoGear Mix Device Manager\main.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 010B1014
.text C:\Program Files\Philips\GoGear Mix Device Manager\main.exe[672] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 010B0804
.text C:\Program Files\Philips\GoGear Mix Device Manager\main.exe[672] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 010B0A08
.text C:\Program Files\Philips\GoGear Mix Device Manager\main.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 010B0C0C
.text C:\Program Files\Philips\GoGear Mix Device Manager\main.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 010B0E10
.text C:\Program Files\Philips\GoGear Mix Device Manager\main.exe[672] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 010B01F8
.text C:\Program Files\Philips\GoGear Mix Device Manager\main.exe[672] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 010B03FC
.text C:\Program Files\Philips\GoGear Mix Device Manager\main.exe[672] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 010B0600
.text C:\WINDOWS\system32\Ati2evxx.exe[692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[692] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\Ati2evxx.exe[692] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[692] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\Ati2evxx.exe[692] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[692] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\WINDOWS\system32\Ati2evxx.exe[692] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\Ati2evxx.exe[692] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[692] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[692] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[692] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\svchost.exe[820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[820] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\svchost.exe[820] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[820] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[820] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\svchost.exe[820] ADVAPI32.dll!ChangeServiceConfig2W