Nějaká infekce, prosím o kontrolu.

Zpráva

rokony · #1 Příspěvek od **rokony** » 18 lis 2011 14:35

Zdravím!
Počítač (jiný než posledně) sice běží bez problémů, ale AVG občas hlásí trojany. Nevím, odkud se berou, pc není připojené k internetu.
Combofix se hned po spuštění smazal, po přejmenování sice jde spustit, ale nemůže najít soubory NIRCMDC a MTEE.
Prosím o kontrolu logů.

Přikládám log z Rsitu a Hijacku:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Paul at 2011-11-18 14:18:39
Systém Microsoft Windows XP Professional Service Pack 3
System drive E: has 74 GB (48%) free of 153 GB
Total RAM: 2014 MB (71% free)

HijackThis download failed

======Scheduled tasks folder======

E:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - E:\Program Files\AVG\AVG2012\avgssie.dll [2011-10-14 1360736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - E:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - E:\Program Files\Java\jre6\bin\ssv.dll [2011-04-25 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - E:\Program Files\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - E:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-04-25 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - E:\Program Files\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=E:\WINDOWS\RTHDCPL.EXE [2010-07-28 19557480]
"ISUSScheduler"=E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"nwiz"=E:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvMediaCenter"=E:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"NvCplDaemon"=E:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"IgfxTray"=E:\WINDOWS\system32\igfxtray.exe [2009-01-21 134656]
"HotKeysCmds"=E:\WINDOWS\system32\hkcmd.exe [2009-01-21 166912]
"Persistence"=E:\WINDOWS\system32\igfxpers.exe [2009-01-21 134656]
"EasyTuneVPro"=E:\Program Files\Gigabyte\ET5Pro\ETcall.exe [2007-07-26 20480]
"StartCCC"=E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-13 98304]
"BCWipeTM Startup"=E:\Program Files\Jetico\BestCrypt\BCWipeTM.exe [2004-05-31 294912]
"RIMBBLaunchAgent.exe"=E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [2011-02-18 79192]
"AVG_TRAY"=E:\Program Files\AVG\AVG2012\avgtray.exe [2011-10-24 2415456]
"COMODO Internet Security"=E:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-10-20 2497352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=E:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
E:\Program Files\Ask.com\Updater\Updater.exe [2011-08-23 887976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
E:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BestCrypt Auto Open.lnk]
E:\PROGRA~1\Jetico\BESTCR~1\BESTCR~1.EXE [2004-06-22 700416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^Paul^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
E:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]

E:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.exe.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
E:\WINDOWS\system32\Ati2evxx.dll [2009-08-14 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
E:\WINDOWS\system32\igfxdev.dll [2009-01-21 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"E:\WINDOWS\system32\PnkBstrA.exe"="E:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"E:\WINDOWS\system32\PnkBstrB.exe"="E:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Program Files\Quake III Arena\quake3.exe"="E:\Program Files\Quake III Arena\quake3.exe:*:Disabled:quake3"
"E:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe"="E:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software"
"E:\Program Files\Research In Motion\BlackBerry JDE 4.2.1\simulator\fledge.exe"="E:\Program Files\Research In Motion\BlackBerry JDE 4.2.1\simulator\fledge.exe:*:Enabled:BlackBerry Handheld Simulator"
"E:\Program Files\Research In Motion\BlackBerry Theme Studio 6.0\_jvm\bin\java.exe"="E:\Program Files\Research In Motion\BlackBerry Theme Studio 6.0\_jvm\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"E:\Program Files\Research In Motion\BlackBerry Theme Studio 6.0\_jvm\bin\javaw.exe"="E:\Program Files\Research In Motion\BlackBerry Theme Studio 6.0\_jvm\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"E:\Program Files\AVG\AVG2012\avgmfapx.exe"="E:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"E:\Program Files\Opera\opera.exe"="E:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"E:\Program Files\AVG\AVG2012\avgnsx.exe"="E:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít"
"E:\Program Files\AVG\AVG2012\avgdiagex.exe"="E:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012"
"E:\Program Files\AVG\AVG2012\avgemcx.exe"="E:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=E:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=E:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-11-18 14:16:03 ----D---- E:\Program Files\trend micro
2011-11-18 14:16:01 ----D---- E:\rsit
2011-11-18 13:56:30 ----D---- E:\Program Files\HijackThis
2011-11-18 13:33:26 ----SD---- E:\CBF
2011-11-18 12:43:37 ----A---- E:\WINDOWS\zip.exe
2011-11-18 12:43:37 ----A---- E:\WINDOWS\SWXCACLS.exe
2011-11-18 12:43:37 ----A---- E:\WINDOWS\SWSC.exe
2011-11-18 12:43:37 ----A---- E:\WINDOWS\SWREG.exe
2011-11-18 12:43:37 ----A---- E:\WINDOWS\sed.exe
2011-11-18 12:43:37 ----A---- E:\WINDOWS\PEV.exe
2011-11-18 12:43:37 ----A---- E:\WINDOWS\NIRCMD.exe
2011-11-18 12:43:37 ----A---- E:\WINDOWS\MBR.exe
2011-11-18 12:43:37 ----A---- E:\WINDOWS\grep.exe
2011-11-18 12:43:01 ----R---- E:\CBF.exe
2011-11-17 23:27:54 ----D---- E:\WINDOWS\temp
2011-11-17 23:26:50 ----A---- E:\WINDOWS\system32\CF11002.exe
2011-11-17 23:26:24 ----A---- E:\hijackthis.exe
2011-11-17 22:48:19 ----D---- E:\WINDOWS\ERDNT
2011-11-17 22:48:18 ----A---- E:\WINDOWS\system32\CF3455.exe
2011-11-17 22:48:15 ----D---- E:\Qoobox
2011-11-17 11:56:17 ----D---- E:\Záloha SD karty 2G
2011-11-07 19:40:07 ----D---- E:\WINDOWS\pss
2011-11-03 18:07:27 ----D---- E:\WINDOWS\Sun
2011-11-03 17:08:22 ----D---- E:\Program Files\NORTON UTILITIES 14
2011-11-01 23:53:28 ----D---- E:\Documents and Settings\All Users\Data aplikací\Comodo
2011-11-01 23:53:24 ----D---- E:\Program Files\COMODO
2011-11-01 23:53:23 ----A---- E:\WINDOWS\system32\gdiplus.dll
2011-11-01 23:52:30 ----D---- E:\Documents and Settings\All Users\Data aplikací\Comodo Downloader
2011-11-01 23:39:36 ----D---- E:\Program Files\Spybot - Search & Destroy
2011-11-01 23:39:36 ----D---- E:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-10-30 19:25:55 ----D---- E:\Documents and Settings\Paul\Data aplikací\AVG
2011-10-29 20:36:35 ----D---- E:\WINDOWS\system32\NtmsData
2011-10-29 17:42:24 ----D---- E:\Documents and Settings\Paul\Data aplikací\Opera
2011-10-29 17:42:15 ----D---- E:\Program Files\Opera
2011-10-29 17:41:32 ----A---- E:\Opera_1152_int_Setup.exe
2011-10-29 16:48:00 ----A---- E:\WINDOWS\UPGRADE.TXT
2011-10-29 16:18:54 ----D---- E:\XP Dell
2011-10-23 19:47:58 ----D---- E:\Documents and Settings\Paul\Data aplikací\Tific

======List of files/folders modified in the last 1 month======

2011-11-18 14:16:03 ----RD---- E:\Program Files
2011-11-18 13:55:33 ----A---- E:\WINDOWS\ntbtlog.txt
2011-11-18 13:33:25 ----D---- E:\WINDOWS\system32\drivers
2011-11-18 13:22:51 ----D---- E:\WINDOWS\system32
2011-11-18 13:22:51 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI
2011-11-18 13:09:37 ----D---- E:\temp
2011-11-18 12:43:37 ----D---- E:\WINDOWS
2011-11-18 12:06:10 ----A---- E:\WINDOWS\SchedLgU.Txt
2011-11-17 23:27:49 ----D---- E:\WINDOWS\system32\CatRoot2
2011-11-17 22:48:54 ----D---- E:\WINDOWS\Prefetch
2011-11-12 19:03:47 ----D---- E:\Documents and Settings\All Users\Data aplikací\MFAData
2011-11-12 19:03:45 ----D---- E:\WINDOWS\system32\drivers\AVG
2011-11-11 22:05:30 ----A---- E:\WINDOWS\WTRAN32.INI
2011-11-07 19:48:47 ----D---- E:\Program Files\AVG
2011-11-07 19:48:37 ----SD---- E:\WINDOWS\Tasks
2011-11-07 19:48:37 ----AD---- E:\Documents and Settings\All Users\Data aplikací\TEMP
2011-11-07 19:45:44 ----A---- E:\WINDOWS\win.ini
2011-11-07 19:45:44 ----A---- E:\WINDOWS\system.ini
2011-11-06 18:12:20 ----SHD---- E:\WINDOWS\Installer
2011-11-06 18:09:02 ----RSHDC---- E:\WINDOWS\system32\dllcache
2011-11-06 18:08:19 ----HD---- E:\WINDOWS\inf
2011-11-02 16:30:57 ----D---- E:\WINDOWS\system32\drivers\etc
2011-10-30 19:26:44 ----SD---- E:\WINDOWS\Downloaded Program Files
2011-10-30 19:05:01 ----D---- E:\WINDOWS\Minidump
2011-10-29 20:36:35 ----SD---- E:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-10-29 18:43:05 ----D---- E:\Documents and Settings\Paul\Data aplikací\Vso
2011-10-24 22:01:27 ----D---- E:\Program Files\Ask.com
2011-10-24 21:56:29 ----D---- E:\Stahy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; E:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; E:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 Inspect;COMODO Internet Security Firewall Driver; E:\WINDOWS\System32\DRIVERS\inspect.sys [2011-10-07 97760]
R1 Avgtdix;AVG TDI Driver; E:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 BC_BFish;BC_BFish; E:\WINDOWS\system32\drivers\BC_BFish.sys [2003-10-31 12747]
R1 BC_DES;BC_DES; E:\WINDOWS\system32\drivers\BC_DES.sys [2003-10-31 17991]
R1 BC_Gost;BC_Gost; E:\WINDOWS\system32\drivers\BC_Gost.sys [2003-10-31 14013]
R1 BC_RIJN;BC_RIJN; E:\WINDOWS\system32\drivers\BC_RIJN.sys [2003-10-31 43101]
R1 BC_TFISH;BC_TFISH; E:\WINDOWS\system32\drivers\BC_TFISH.sys [2003-10-31 31639]
R1 cmdHlp;COMODO Internet Security Helper Driver; E:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2011-10-07 31704]
R1 fsh;fsh; E:\WINDOWS\system32\drivers\fsh.sys [2003-04-18 8448]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; E:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-06-19 255896]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; E:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; E:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mhk;mhk; E:\WINDOWS\system32\drivers\mhk.sys [2002-09-11 6272]
R3 moh;moh; E:\WINDOWS\system32\drivers\moh.sys [2002-09-11 3328]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; E:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdm1;USB Bridge Cable Driver; E:\WINDOWS\System32\Drivers\usbbc.sys [2001-01-08 15576]
S1 Avgldx86;AVG AVI Loader Driver; E:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; E:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
S1 bcbus;BestCrypt bus driver; E:\WINDOWS\system32\DRIVERS\bcbus.sys [2003-10-31 27631]
S1 cmdGuard;COMODO Internet Security Sandbox Driver; E:\WINDOWS\System32\DRIVERS\cmdguard.sys [2011-10-07 492768]
S1 intelppm;Řadič procesoru Intel; E:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S2 A4SII300;A4SII300; E:\WINDOWS\System32\drivers\A4SII300.SYS [1998-04-02 25824]
S2 atksgt;atksgt; E:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-09-18 281760]
S2 cvintdrv;cvintdrv; E:\WINDOWS\system32\drivers\cvintdrv.sys [2005-06-10 7140]
S2 lirsgt;lirsgt; E:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-09-18 25888]
S2 WMDrive;WMDrive; \??\E:\WINDOWS\system32\drivers\WMDrive.sys []
S3 Ambfilt;Ambfilt; E:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 ati2mtag;ati2mtag; E:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-08-14 4485632]
S3 AVGIDSDriver;AVGIDSDriver; E:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134608]
S3 AVGIDSFilter;AVGIDSFilter; E:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim; E:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 catchme;catchme; \??\E:\ComboFix\catchme.sys []
S3 cpuz130;cpuz130; \??\E:\DOCUME~1\Paul\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ET5Drv;ET5Drv; \??\E:\WINDOWS\system32\Drivers\ET5Drv.sys []
S3 gdrv;gdrv; \??\E:\WINDOWS\gdrv.sys []
S3 HidUsb;Ovladač třídy standardu HID; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ialm;ialm; E:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-01-21 6278560]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); E:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-07-28 6108776]
S3 Monfilt;Monfilt; E:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 nv;nv; E:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
S3 pcouffin;VSO Software pcouffin; E:\WINDOWS\System32\Drivers\pcouffin.sys [2011-01-22 47360]
S3 PPJoyBus;Parallel Port Joystick Bus device driver; E:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 13952]
S3 PPortJoystick;Parallel Port Joystick device driver; E:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 28800]
S3 RimUsb;zařízení BlackBerry Smartphone; E:\WINDOWS\System32\Drivers\RimUsb.sys [2011-02-16 64000]
S3 RimVSerPort;RIM Virtual Serial Port v2; E:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; E:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 TVICHW32;TVICHW32; \??\E:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; E:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; E:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-19 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-19 82944]
S4 BCSWAP;BCSWAP; E:\WINDOWS\system32\drivers\BCSWAP.sys [2002-09-11 83456]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Ati HotKey Poller;Ati HotKey Poller; E:\WINDOWS\system32\Ati2evxx.exe [2009-08-14 602112]
S2 ATI Smart;ATI Smart; E:\WINDOWS\system32\ati2sgag.exe [2009-08-13 593920]
S2 AVGIDSAgent;AVGIDSAgent; E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog; E:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cmdAgent;COMODO Internet Security Helper Service; E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-10-07 1883328]
S2 JavaQuickStarterService;Java Quick Starter; E:\Program Files\Java\jre6\bin\jqs.exe [2011-04-25 153376]
S2 LkCitadelServer;Lookout Citadel Server; E:\WINDOWS\system32\lkcitdl.exe [2005-08-25 688190]
S2 lkClassAds;National Instruments PSP Server Locator; E:\WINDOWS\system32\lkads.exe [2005-10-11 45056]
S2 lkTimeSync;National Instruments Time Synchronization; E:\WINDOWS\system32\lktsrv.exe [2005-10-11 53248]
S2 NIDomainService;National Instruments Domain Service; E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2005-10-11 204800]
S2 niSvcLoc;NI Service Locator; E:\WINDOWS\system32\nisvcloc.exe [2005-10-10 49152]
S2 nvsvc;NVIDIA Display Driver Service; E:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
S2 PnkBstrA;PnkBstrA; E:\WINDOWS\system32\PnkBstrA.exe [2010-09-22 66872]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GameConsoleService;GameConsoleService; E:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2008-05-05 165416]
S3 idsvc;Windows CardSpace; e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21:04, on 18.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Záloha SD karty 2G\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - E:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nwiz] E:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] E:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EasyTuneVPro] E:\Program Files\Gigabyte\ET5Pro\ETcall.exe
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BCWipeTM Startup] "E:\Program Files\Jetico\BestCrypt\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [AVG_TRAY] "E:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "E:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F108EBA-DDA6-4975-9336-D963815B6357}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{8F108EBA-DDA6-4975-9336-D963815B6357}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{8F108EBA-DDA6-4975-9336-D963815B6357}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG2012\avgpp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - E:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - E:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - E:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - E:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - E:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - E:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7073 bytes

rokony · #2 Příspěvek od **rokony** » 18 lis 2011 16:31

Ještě přidávám log z RootkitRevealu, též cosi našel, ale nevím co s tím.

HKU\.DEFAULT\Control Panel\International 18.10.2011 11:42 0 bytes Security mismatch.
HKU\.DEFAULT\Control Panel\International\Geo 18.10.2011 11:42 0 bytes Security mismatch.
HKU\.DEFAULT\Control Panel\international_combofixbackup 17.11.2011 22:48 0 bytes Security mismatch.
HKU\.DEFAULT\Control Panel\international_combofixbackup\Geo 17.11.2011 22:48 0 bytes Security mismatch.
HKU\S-1-5-21-2025429265-261478967-682003330-1003\Console 18.11.2011 12:43 0 bytes Security mismatch.
HKU\S-1-5-21-2025429265-261478967-682003330-1003\console_combofixbackup 18.11.2011 12:43 0 bytes Security mismatch.
HKU\S-1-5-21-2025429265-261478967-682003330-1003\Control Panel\International 18.10.2011 11:42 0 bytes Security mismatch.
HKU\S-1-5-21-2025429265-261478967-682003330-1003\Control Panel\International\Geo 18.10.2011 11:42 0 bytes Security mismatch.
HKU\S-1-5-21-2025429265-261478967-682003330-1003\Control Panel\international_combofixbackup 17.11.2011 22:48 0 bytes Security mismatch.
HKU\S-1-5-21-2025429265-261478967-682003330-1003\Control Panel\international_combofixbackup\Geo 17.11.2011 22:48 0 bytes Security mismatch.
HKU\S-1-5-21-2025429265-261478967-682003330-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 1.8.2011 17:41 0 bytes Key name contains embedded nulls (*)
HKU\S-1-5-18\Control Panel\International 18.10.2011 11:42 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International\Geo 18.10.2011 11:42 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\international_combofixbackup 17.11.2011 22:48 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\international_combofixbackup\Geo 17.11.2011 22:48 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 10.9.2010 18:37 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 10.9.2010 18:37 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\swearware\backup\winsock2 18.11.2011 13:19 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters 18.11.2011 13:19 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5 18.11.2011 13:19 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries 18.11.2011 13:19 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 18.11.2011 13:19 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 18.11.2011 13:19 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 18.11.2011 13:19 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9 18.11.2011 13:19 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries 18.11.2011 13:19 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 18.11.2011 13:19 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 18.11.2011 13:19 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 18.11.2011 13:19 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 18.11.2011 13:19 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 18.11.2011 13:19 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 18.11.2011 13:19 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 18.11.2011 13:19 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 18.11.2011 13:19 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 18.11.2011 13:19 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 18.11.2011 13:19 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 18.11.2011 13:19 0 bytes Security mismatch.
E:\Documents and Settings\All Users\Data aplikací\AVG2012\log\avgchjw.log.4 18.11.2011 15:09 1000.14 KB Hidden from Windows API.
E:\Documents and Settings\All Users\Data aplikací\AVG2012\log\avgrs.log.7 18.11.2011 14:42 1000.53 KB Hidden from Windows API.
E:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\BR6P9DK7\CAHOU1LX.HTM 18.11.2011 15:02 0 bytes Hidden from Windows API.
E:\System Volume Information\_restore{F3AEF715-3628-47E9-98B9-D31139944FC3}\RP145\A0047262.gdb 18.11.2011 12:06 28.95 KB Hidden from Windows API.
E:\System Volume Information\_restore{F3AEF715-3628-47E9-98B9-D31139944FC3}\RP145\A0047263.INI 18.11.2011 15:05 3.23 KB Hidden from Windows API.

#3 Příspěvek od **motji** » 18 lis 2011 21:44

Dobrý večer

Když si sám odpovídáte, vypadá to, že s Vámi už problém někdo řeší

.
Rovněž použití combofixu bez doporučení není to pravé ořechové, sice podle Vás nefunguje, ale mohl smazat záznamy po havěti a vlogu teď není nic vidět.

Jaké trojany AVG hlásí, jejich název a v jakých souborech?

rokony · #4 Příspěvek od **rokony** » 18 lis 2011 22:01

Dobrý večer,
v trezoru je z dneška trojan Generic10.AQQV v souboru E:\system volume information\_restore...dlooouhé..číslo....\A0040214.exe a 4 poškozené spustitelné soubory opr000VB.tmp, opr001GK.tmp, opr001KI.tmp a opr001KL.tmp.

Ještě jsem dělal test z AVG rescue CD, ten toho našel taky pár, mimo jiné mi našel trojan v souboru ComboFix.
Ty bohužel v trezoru nejsou.
Z minulého týdne tu mám trojany Generic17.TTO, AGENT.AVTK, Agent2.CKEG (tenhle se objevuje častěji) v souboru E:\system volume information\_restore atd..bla..bla.......\A0040212.exe a PSW.Generic_c.AKD také tam, jen pod jménem A0040213.exe.

#5 Příspěvek od **motji** » 18 lis 2011 22:27

U combofixu jde o falešnou detekci. Nehlásil nic, proč se maže?

Stáhněte TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
- a uložte ho na plochu.
- 2x klikněte na ikonu programu a spusťte
- dejte volbu Spustit kontrolu - pak potvrdte start sken
- pokud program najde infikovaný soubor, ukáže se Vám předvolená akce Cure, v tom případě potvrdte tlačítko Continue
- pokud bude chtít program restartovat počítač, klikněte na tlačítko Reboot Now
- pokud si restart nevyžádá, klikněte na tlačítko Report. Měl vy na Vás vyskočit log, obsah logu zkopírujte do svého topicu.
- pokud se log nezobrazí, je uložený ve Vašem kořenovém adresáři.

rokony · #6 Příspěvek od **rokony** » 18 lis 2011 22:34

Nestihl nic hlásit, ledva naskočilo to jeho modré okénko, tak zmizel soubor ComboFix.exe s plochy a vzápětí i to prázdné okno.
Po přejmenování naskočil, zeptal se na instalaci konzole a po té zmizela ta složka, kterou si vytvořil v kořenovém adresáři a naskočila hláška, že nemůže najít ty dva soubory NIRCMDC a MTEE.
Další asi až zítra, jdu spat. Děkuji!

rokony · #7 Příspěvek od **rokony** » 19 lis 2011 15:03

TdssKiller nic nenašel, ale přikládám log z AVG Anti-Rootkitu:

"Test ""Anti-Rootkit test"" byl dokončen."
"Rootkity;""65"";""0"";""65"""

"Test zahájen:;""19. listopadu 2011, 13:34:16"""
"Test dokončen:;""19. listopadu 2011, 13:37:19 (3 minut(a) 2 sekund(a))"""
"Celkem otestováno objektů:;""170938"""
"Uživatel:;""SYSTEM"""

Rootkity
";""Soubor"";""Infekce"";""Výsledek"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] +0xA45, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortGetUncachedExtension+0x852, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortGetUncachedExtension+0xFB6, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortGetUncachedExtension+0xFDA, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortGetUncachedExtension+0x1710, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortGetUncachedExtension+0x17F8, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortGetUncachedExtension+0x1FCE, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortGetUncachedExtension+0x2068, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortGetUncachedExtension+0x2517, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortGetUncachedExtension+0x283C, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortGetUncachedExtension+0x2B0E, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortGetUncachedExtension+0x31BB, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortGetUncachedExtension+0x33EC, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortGetUncachedExtension+0x36F3, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortCompleteRequest+0x10C, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortCompleteRequest+0x1A9, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortCompleteRequest+0x2BA, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortCompleteRequest+0x2F6, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortCompleteRequest+0x3F0, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortCompleteRequest+0x41E, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortCompleteRequest+0x4DE, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortCompleteRequest+0x506, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortCompleteRequest+0x562, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortCompleteRequest+0x67D, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortCompleteRequest+0x6C9, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortCompleteRequest+0x774, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortCompleteRequest+0x943, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce SCSIPORT.SYS[.text] ScsiPortCompleteRequest+0x1599, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce atapi.sys[PAGE] +0x13D09, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Inline hook atapi.sys +0x143AC -> 0xF7F1273B"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce CLASSPNP.SYS[PAGE] ClassModeSense+0x57D, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[.text] PciIdeXSetBusData+0xB29, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[.text] PciIdeXSetBusData+0xD72, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[.text] PciIdeXDebugPrint+0x23, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[.text] PciIdeXDebugPrint+0x173, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[.text] PciIdeXDebugPrint+0x1A8, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x7CB, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x1065, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x10B7, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x15DE, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x15EA, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x166C, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x16FC, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x18F1, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x19B8, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x1A6B, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x1C15, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x1C5A, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x2025, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x2256, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x254A, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x25C1, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x2764, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x27D2, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x2898, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x28D7, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x2983, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x29CB, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x2A47, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x2B47, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x2D1F, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x2D70, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x2E28, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXDebugPrint+0x2E67, velikost 4 bajtů"";""Objekt je skrytý"""
";""<unknown>"";""Poškozená sekce PCIIDEX.SYS[PAGE] PciIdeXInitialize+0x288, velikost 4 bajtů"";""Objekt je skrytý"""

#8 Příspěvek od **motji** » 19 lis 2011 16:02

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC

Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe
- spustte,
- potvrdte disabled
-log vložte zde

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

rokony · #9 Příspěvek od **rokony** » 20 lis 2011 18:37

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:50 on 19/11/2011 (Paul)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled

-=E.O.F=-
__________________________________________________________

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-20 18:33:46
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-8 WDC_WD200BB-00AUA1 rev.18.20D18
Running: gmer.exe; Driver: E:\DOCUME~1\Paul\LOCALS~1\Temp\pxtdapow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xACED06C6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xACED091C]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mhk.SYS (BestCrypt Keyboard watcher/Jetico, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 mhk.SYS (BestCrypt Keyboard watcher/Jetico, Inc.)

---- EOF - GMER 1.0.15 ----

Druhý log se nevejde do jedné zprávy, musím ho rozdělit do dvou.

rokony · #10 Příspěvek od **rokony** » 20 lis 2011 18:42

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-20 18:31:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-8 WDC_WD200BB-00AUA1 rev.18.20D18
Running: gmer.exe; Driver: E:\DOCUME~1\Paul\LOCALS~1\Temp\pxtdapow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xACECF79A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xACECED46]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xACECF400]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xACECFFA4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xACED1ABC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xACED1E3A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xACECE732]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xACECF986]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xACECFB7A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xACECE538]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xACED06C6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xACED091C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xACED14EE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xACECF00E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xACECF5DC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xACECFF94]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA9FA3F3C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xACECF2A8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xACECE36A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xACED0B2A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xACED0F7E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xACED0D3C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xACED04DE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xACECFDB6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xACED17DA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xACED0266]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xACECEF78]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xACECF194]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA9FA3FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA9FA4080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA9FA411C]

---- Kernel code sections - GMER 1.0.15 ----

.text E:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB98D2000, 0x238E77, 0xE8000020]
.text E:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA9C03300, 0x3B6D8, 0xE8000020]
.text E:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xACF7B300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text E:\WINDOWS\system32\lkads.exe[228] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkads.exe[228] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\system32\lkads.exe[228] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkads.exe[228] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkads.exe[228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkads.exe[228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkads.exe[228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkads.exe[228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkads.exe[228] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkads.exe[228] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkads.exe[228] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkads.exe[228] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkads.exe[228] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkads.exe[228] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lktsrv.exe[252] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lktsrv.exe[252] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\system32\lktsrv.exe[252] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lktsrv.exe[252] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lktsrv.exe[252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lktsrv.exe[252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lktsrv.exe[252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lktsrv.exe[252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lktsrv.exe[252] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lktsrv.exe[252] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lktsrv.exe[252] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lktsrv.exe[252] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lktsrv.exe[252] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lktsrv.exe[252] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[508] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[508] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[508] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[508] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[508] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[508] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[508] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[508] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[508] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[508] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\nisvcloc.exe[568] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\nisvcloc.exe[568] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\system32\nisvcloc.exe[568] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\nisvcloc.exe[568] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\nisvcloc.exe[568] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\nisvcloc.exe[568] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\nisvcloc.exe[568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\nisvcloc.exe[568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\nisvcloc.exe[568] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\nisvcloc.exe[568] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\nisvcloc.exe[568] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\nisvcloc.exe[568] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\nisvcloc.exe[568] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\nisvcloc.exe[568] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\PnkBstrA.exe[580] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\PnkBstrA.exe[580] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\system32\PnkBstrA.exe[580] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\PnkBstrA.exe[580] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\PnkBstrA.exe[580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\PnkBstrA.exe[580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\PnkBstrA.exe[580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\PnkBstrA.exe[580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\PnkBstrA.exe[580] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\PnkBstrA.exe[580] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\PnkBstrA.exe[580] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\PnkBstrA.exe[580] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\PnkBstrA.exe[580] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\PnkBstrA.exe[580] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[948] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 00C7D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[948] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [37, 84]
.text E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[948] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00C8BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[948] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00C8B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C87DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[948] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00C7D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C84F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C85AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[948] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00C83A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[948] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00C84370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[948] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00C88BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[948] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00C88970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[948] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00C89CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[948] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00C89BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\csrss.exe[952] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10001450 E:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\csrss.exe[952] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 100017F0 E:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\services.exe[1048] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\services.exe[1048] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\system32\services.exe[1048] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\services.exe[1048] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\services.exe[1048] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\services.exe[1048] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\services.exe[1048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\services.exe[1048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\services.exe[1048] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F040 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\services.exe[1048] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\services.exe[1048] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\services.exe[1048] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\services.exe[1048] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lsass.exe[1060] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lsass.exe[1060] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lsass.exe[1060] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lsass.exe[1060] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\Paul\Plocha\gmer.exe[1064] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\Paul\Plocha\gmer.exe[1064] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\Documents and Settings\Paul\Plocha\gmer.exe[1064] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\Paul\Plocha\gmer.exe[1064] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\Paul\Plocha\gmer.exe[1064] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\Paul\Plocha\gmer.exe[1064] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\Paul\Plocha\gmer.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\Paul\Plocha\gmer.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\Paul\Plocha\gmer.exe[1064] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\Paul\Plocha\gmer.exe[1064] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\Paul\Plocha\gmer.exe[1064] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\Paul\Plocha\gmer.exe[1064] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\Paul\Plocha\gmer.exe[1064] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\Paul\Plocha\gmer.exe[1064] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1260] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1260] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1260] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1260] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1260] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1260] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1280] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F040 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1280] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1280] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1280] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1280] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1348] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F040 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1348] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1348] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1348] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1348] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1348] rpcss.dll!WhichService 76A74234 8 Bytes JMP ED301001
.text E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1396] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00526240 E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1396] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0053F8A0 E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1456] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F040 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1456] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1456] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1456] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1456] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1592] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1592] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\system32\Ati2evxx.exe[1592] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1592] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1592] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1592] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1592] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1592] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1592] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1592] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\Ati2evxx.exe[1592] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1612] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1612] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1612] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1612] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1680] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1680] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1680] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1680] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\alg.exe[1692] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\alg.exe[1692] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\System32\alg.exe[1692] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\alg.exe[1692] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\alg.exe[1692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\alg.exe[1692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\alg.exe[1692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\alg.exe[1692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\alg.exe[1692] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\alg.exe[1692] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\alg.exe[1692] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\alg.exe[1692] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\alg.exe[1692] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\alg.exe[1692] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\spoolsv.exe[1764] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\spoolsv.exe[1764] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}

rokony · #11 Příspěvek od **rokony** » 20 lis 2011 18:42

.text E:\WINDOWS\system32\spoolsv.exe[1764] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\spoolsv.exe[1764] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\spoolsv.exe[1764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\spoolsv.exe[1764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\spoolsv.exe[1764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\spoolsv.exe[1764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\spoolsv.exe[1764] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\spoolsv.exe[1764] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\spoolsv.exe[1764] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\spoolsv.exe[1764] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\spoolsv.exe[1764] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\spoolsv.exe[1764] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1852] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1852] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1852] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\svchost.exe[1852] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgwdsvc.exe[1912] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 006BD060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgwdsvc.exe[1912] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [DB, 83]
.text E:\Program Files\AVG\AVG2012\avgwdsvc.exe[1912] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 006CBB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgwdsvc.exe[1912] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 006CB800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgwdsvc.exe[1912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 006C7DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgwdsvc.exe[1912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 006BD180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgwdsvc.exe[1912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006C4F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgwdsvc.exe[1912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006C5AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgwdsvc.exe[1912] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006C3A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgwdsvc.exe[1912] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 006C4370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgwdsvc.exe[1912] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 006C8BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgwdsvc.exe[1912] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 006C8970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgwdsvc.exe[1912] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 006C9CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgwdsvc.exe[1912] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 006C9BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Java\jre6\bin\jqs.exe[1952] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Java\jre6\bin\jqs.exe[1952] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\Program Files\Java\jre6\bin\jqs.exe[1952] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Java\jre6\bin\jqs.exe[1952] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Java\jre6\bin\jqs.exe[1952] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Java\jre6\bin\jqs.exe[1952] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Java\jre6\bin\jqs.exe[1952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Java\jre6\bin\jqs.exe[1952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Java\jre6\bin\jqs.exe[1952] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Java\jre6\bin\jqs.exe[1952] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Java\jre6\bin\jqs.exe[1952] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Java\jre6\bin\jqs.exe[1952] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Java\jre6\bin\jqs.exe[1952] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Java\jre6\bin\jqs.exe[1952] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkcitdl.exe[2000] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkcitdl.exe[2000] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\system32\lkcitdl.exe[2000] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkcitdl.exe[2000] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkcitdl.exe[2000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkcitdl.exe[2000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkcitdl.exe[2000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkcitdl.exe[2000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkcitdl.exe[2000] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkcitdl.exe[2000] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkcitdl.exe[2000] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkcitdl.exe[2000] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkcitdl.exe[2000] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\lkcitdl.exe[2000] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgnsx.exe[2088] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 0056D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgnsx.exe[2088] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [C6, 83]
.text E:\Program Files\AVG\AVG2012\avgnsx.exe[2088] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0057BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgnsx.exe[2088] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0057B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgnsx.exe[2088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00577DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgnsx.exe[2088] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0056D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgnsx.exe[2088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00574F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgnsx.exe[2088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00575AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgnsx.exe[2088] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00573A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgnsx.exe[2088] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00574370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgnsx.exe[2088] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00578BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgnsx.exe[2088] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00578970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgnsx.exe[2088] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00579CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgnsx.exe[2088] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00579BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgemcx.exe[2096] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 007BD060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgemcx.exe[2096] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [EB, 83] {JMP 0xffffffffffffff85}
.text E:\Program Files\AVG\AVG2012\avgemcx.exe[2096] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 007CBB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgemcx.exe[2096] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 007CB800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgemcx.exe[2096] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007C7DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgemcx.exe[2096] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007BD180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgemcx.exe[2096] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007C4F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgemcx.exe[2096] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007C5AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgemcx.exe[2096] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 007C3A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgemcx.exe[2096] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 007C4370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgemcx.exe[2096] GDI32.dll!DeleteDC 77F16E5F 3 Bytes JMP 007C8BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgemcx.exe[2096] GDI32.dll!DeleteDC + 4 77F16E63 1 Byte [88]
.text E:\Program Files\AVG\AVG2012\avgemcx.exe[2096] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 007C8970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgemcx.exe[2096] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 007C9CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgemcx.exe[2096] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 007C9BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiapsrv.exe[2256] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiapsrv.exe[2256] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\system32\wbem\wmiapsrv.exe[2256] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiapsrv.exe[2256] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiapsrv.exe[2256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiapsrv.exe[2256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiapsrv.exe[2256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiapsrv.exe[2256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiapsrv.exe[2256] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiapsrv.exe[2256] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiapsrv.exe[2256] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiapsrv.exe[2256] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiapsrv.exe[2256] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiapsrv.exe[2256] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiprvse.exe[2280] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiprvse.exe[2280] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\system32\wbem\wmiprvse.exe[2280] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiprvse.exe[2280] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiprvse.exe[2280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiprvse.exe[2280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiprvse.exe[2280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiprvse.exe[2280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiprvse.exe[2280] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiprvse.exe[2280] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiprvse.exe[2280] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiprvse.exe[2280] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiprvse.exe[2280] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wbem\wmiprvse.exe[2280] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[3000] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[3000] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\Explorer.EXE[3000] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[3000] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[3000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[3000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[3000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[3000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[3000] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[3000] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[3000] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[3000] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[3000] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[3000] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\RTHDCPL.EXE[3068] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\RTHDCPL.EXE[3068] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\RTHDCPL.EXE[3068] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\RTHDCPL.EXE[3068] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\RTHDCPL.EXE[3068] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\RTHDCPL.EXE[3068] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\RTHDCPL.EXE[3068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\RTHDCPL.EXE[3068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\RTHDCPL.EXE[3068] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\RTHDCPL.EXE[3068] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\RTHDCPL.EXE[3068] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\RTHDCPL.EXE[3068] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\RTHDCPL.EXE[3068] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\RTHDCPL.EXE[3068] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3160] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3160] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3160] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3160] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3160] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3160] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3160] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3160] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3160] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3160] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3160] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3160] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgtray.exe[3184] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 00E6D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgtray.exe[3184] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [56, 84]
.text E:\Program Files\AVG\AVG2012\avgtray.exe[3184] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00E7BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgtray.exe[3184] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00E7B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgtray.exe[3184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E77DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgtray.exe[3184] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00E6D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgtray.exe[3184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E74F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgtray.exe[3184] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E75AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgtray.exe[3184] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00E78BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgtray.exe[3184] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00E78970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgtray.exe[3184] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00E79CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgtray.exe[3184] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00E79BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgtray.exe[3184] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00E73A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\AVG\AVG2012\avgtray.exe[3184] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00E74370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3236] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0076BD10 E:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3252] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3252] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\WINDOWS\system32\ctfmon.exe[3252] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3252] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3252] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3252] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3252] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3252] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3252] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3252] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3280] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3280] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3280] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3280] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3280] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3280] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3280] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3280] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3280] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3280] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3280] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3280] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Gigabyte\ET5Pro\GUI.exe[3332] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 0138D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Gigabyte\ET5Pro\GUI.exe[3332] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [A8, 84] {TEST AL, 0x84}
.text E:\Program Files\Gigabyte\ET5Pro\GUI.exe[3332] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0139BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Gigabyte\ET5Pro\GUI.exe[3332] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0139B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Gigabyte\ET5Pro\GUI.exe[3332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01397DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Gigabyte\ET5Pro\GUI.exe[3332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0138D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Gigabyte\ET5Pro\GUI.exe[3332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01394F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Gigabyte\ET5Pro\GUI.exe[3332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01395AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Gigabyte\ET5Pro\GUI.exe[3332] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 01393A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Gigabyte\ET5Pro\GUI.exe[3332] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 01394370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Gigabyte\ET5Pro\GUI.exe[3332] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 01398BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Gigabyte\ET5Pro\GUI.exe[3332] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 01398970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Gigabyte\ET5Pro\GUI.exe[3332] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 01399CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Gigabyte\ET5Pro\GUI.exe[3332] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 01399BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3948] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3948] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3948] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3948] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3948] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3948] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3948] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3948] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3948] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3948] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3948] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3948] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3948] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9E20750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9E20820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E207F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9E207B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9E207B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9E20820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9E20750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E207F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E207F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9E207B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9E20820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9E20750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9E207B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9E207F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9E20750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9E20820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9E20750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9E20820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9E207B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E207F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9E207B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9E20820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9E20750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9E207B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E207F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9E20750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9E20820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mhk.SYS (BestCrypt Keyboard watcher/Jetico, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 mhk.SYS (BestCrypt Keyboard watcher/Jetico, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs E:\WINDOWS\system32\hplun.dll E:\WINDOWS\system32\guard32.dll

---- EOF - GMER 1.0.15 ----

Tohle tedy luštit, to tedy smekám.

#12 Příspěvek od **motji** » 20 lis 2011 21:41

Logy jsou čisté.

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop

C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

rokony · #13 Příspěvek od **rokony** » 20 lis 2011 22:14

Internetová ochrana mi při pokusu stáhnout OTL hlásí "škodlivý software" a pokud ho i přesto stáhnu, AVG hlásí trojan Agent3.AXW, mám ho i tak stáhnout?

#14 Příspěvek od **motji** » 20 lis 2011 22:15

Ano, je to falešná detekce.

rokony · #15 Příspěvek od **rokony** » 20 lis 2011 22:36

OTL Extras logfile created on: 20.11.2011 22:23:23 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = G:\Nové nástroje
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,97 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 75,61% Memory free
3,82 Gb Paging File | 3,26 Gb Available in Paging File | 85,35% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 18,65 Gb Total Space | 3,34 Gb Free Space | 17,93% Space Free | Partition Type: NTFS
Drive E: | 149,04 Gb Total Space | 71,94 Gb Free Space | 48,27% Space Free | Partition Type: NTFS
Drive G: | 963,70 Mb Total Space | 101,83 Mb Free Space | 10,57% Space Free | Partition Type: FAT

Computer Name: PILA | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- E:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-2025429265-261478967-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- E:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "E:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "E:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"E:\Program Files\Quake III Arena\quake3.exe" = E:\Program Files\Quake III Arena\quake3.exe:*:Disabled:quake3 -- ()
"E:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = E:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"E:\Program Files\Research In Motion\BlackBerry JDE 4.2.1\simulator\fledge.exe" = E:\Program Files\Research In Motion\BlackBerry JDE 4.2.1\simulator\fledge.exe:*:Enabled:BlackBerry Handheld Simulator -- (Research In Motion Limited)
"E:\Program Files\Research In Motion\BlackBerry Theme Studio 6.0\_jvm\bin\java.exe" = E:\Program Files\Research In Motion\BlackBerry Theme Studio 6.0\_jvm\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"E:\Program Files\Research In Motion\BlackBerry Theme Studio 6.0\_jvm\bin\javaw.exe" = E:\Program Files\Research In Motion\BlackBerry Theme Studio 6.0\_jvm\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"E:\Program Files\AVG\AVG2012\avgmfapx.exe" = E:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG -- (AVG Technologies CZ, s.r.o.)
"E:\Program Files\Opera\opera.exe" = E:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"E:\Program Files\AVG\AVG2012\avgnsx.exe" = E:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít -- (AVG Technologies CZ, s.r.o.)
"E:\Program Files\AVG\AVG2012\avgdiagex.exe" = E:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012 -- (AVG Technologies CZ, s.r.o.)
"E:\Program Files\AVG\AVG2012\avgemcx.exe" = E:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{02FB40EA-C8AC-36F7-A546-B083E00AF3AA}" = Catalyst Control Center Core Implementation
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{078FFF4C-70F9-4900-9481-14F26F1883CC}" = LS-USB 1/2/3 Joypad W/Vibration/3D Pro
"{07FB1A47-5D14-47A2-BC3C-A3481ABBB957}" = EWB Shared Components
"{0B0BEF37-B327-48ED-A2E0-BF6974676294}" = NI Logos 4.6
"{0F77DBD2-FBBE-40AD-9537-32E536DD96DC}" = Gothic III - Forsaken Gods Patch 1.0.7
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{255D87CE-1E45-4795-9731-454EF5371B02}" = NI USI 1.2.0
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{28C59BDD-55F3-4454-BF17-37AC537F894B}" = NI MDF Support
"{3248F0A8-6813-11D6-A77B-00B0D0150220}" = J2SE Runtime Environment 5.0 Update 22
"{32A3A4F4-B792-11D6-A78A-00B0D0150220}" = J2SE Development Kit 5.0 Update 22
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{41B3E7D3-591B-4627-A86C-4532035C8E2C}" = Gothic 3 - Forsaken Gods
"{4445BFF0-008A-8F5C-9D68-B0164F7E26FF}" = ccc-core-static
"{4447D5B5-95ED-4C4D-A9C3-1D8E892D5377}" = AVG 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D89AFAD-669B-514A-E150-7DA3208477DC}" = ccc-utility
"{4E47B686-8DFF-1AAD-3264-A537E2FC3833}" = Catalyst Control Center Graphics Previews Common
"{4EAB2511-0135-48CA-A47B-CE1E6836793A}" = COMODO Internet Security
"{60FC2242-9CF5-4264-B02A-A4A86447F560}" = NI EULA Depot
"{6F1AE16C-769D-4574-A813-F2ABB27FD6E1}" = BlackBerry Java Development Environment 3.7
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.4.7.121
"{7764393A-A48B-6BB2-28BC-A6B4EF3A95BC}" = Catalyst Control Center Graphics Full Existing
"{7A65D944-399F-4665-BA27-318B3F91E881}" = Multisim 9
"{808FAA20-4C3A-11D4-8A57-00201853C903}" = PC-Linq
"{825DFF04-8FB0-3430-CB22-8725719B1A01}" = Catalyst Control Center Graphics Light
"{84430565-C205-B818-7D13-052F88707F70}" = CCC Help English
"{86DDAB11-AC32-45E8-B346-FBEF11F21073}" = BlackBerry Theme Studio 6.0
"{95D1FD8D-9209-4C68-B7E4-95536D21BBD1}" = DR vs AK
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{98E28570-B754-40B0-8B14-E242CB879EC5}" = Multisim 8
"{9CE87FC6-D94B-43A4-A171-F06009C8D810}" = BlackBerry JDE 4.2.1
"{9E0AE153-88DC-428B-99EB-6A3D984230B8}" = NI LabWindows/CVI 7.1.1 Run Time Engine
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5D1EA23-CEE5-4B72-A0C3-8BCEDFC6F94C}" = NI LabVIEW Run-Time Engine 8.0
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B1F27A23-B6D1-4397-BA2F-25F348DF135F}" = NI Uninstaller
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C16ADB2B-37C8-4AF8-A7D2-3A4B1BEF9662}" = Gothic
"{C73A0FC7-FFDC-4BAD-912A-C5791FF9EAC6}" = NI Service Locator
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D0017822-4A72-47CD-9BE8-FEC684A4CE9F}" = Multisim 8
"{D99667FF-4A9B-B278-9014-BEA2896F413F}" = ccc-core-preinstall
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DBD86EB8-8536-DB02-EC42-31ED143497A8}" = Catalyst Control Center HydraVision Full
"{DCDD061F-3797-42C1-96E4-4B897C73E2B4}" = Multisim 9
"{DFFD7D4F-6C61-402D-8D16-72B8AC33FE5A}_is1" = RC Desk Pilot 0.1.3
"{E2B4FE1C-2CFA-47EE-A88C-A14D0FF1F0B0}" = BBSAK
"{E9F882ED-C2B8-2716-0330-7FBA5C9C455B}" = Catalyst Control Center Graphics Full New
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2FC34BE-B3DF-4BD8-8DE0-A8509939CF64}" = BlackBerry Device Manager 6.1
"{F4F7F393-A8E8-42CC-8C2E-7A999B48B2AE}_is1" = DirectX10 CF (Critical Fix)
"{FF35F637-72B9-43BE-A281-06EB2854393A}" = 3DMark03
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Photoshop 6.0.1 CE" = Adobe Photoshop 6.0.1 CE
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2012
"AVI DivX to DVD SVCD VCD Converter_is1" = AVI DivX to DVD SVCD VCD Converter 4.0.0108
"AVIConverter" = AVIConverter 5.1.6
"BestCrypt" = BestCrypt 7.0
"BlackBerry_{F2FC34BE-B3DF-4BD8-8DE0-A8509939CF64}" = BlackBerry Device Manager 6.1
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Dune 2000" = Dune 2000
"Dune 2000 Money Maker v1.20" = Dune 2000 Money Maker v1.20
"EasyTune5Pro" = EasyTune5Pro
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"Framsticks Viewer_is1" = Framsticks Viewer 2.8
"Framsticks_is1" = Framsticks 2.8
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Hex Workshop" = Hex Workshop
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"ImTOO AVI to DVD Converter" = ImTOO AVI to DVD Converter
"InstallShield_{C16ADB2B-37C8-4AF8-A7D2-3A4B1BEF9662}" = Gothic
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Neuro-Programmer 3_is1" = Neuro-Programmer 3.1.1
"NI Uninstaller" = National Instruments Software
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Opera 11.52.1100" = Opera 11.52
"Parallel Port Joystick" = Parallel Port Joystick
"PROSet" = Intel(R) PRO Network Connections Drivers
"PunkBusterSvc" = PunkBuster Services
"Quake III Arena" = Quake III Arena
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"Risen - ModStarter_is1" = Risen - ModStarter 1.3.2.0 (Online Mods DB version)
"S2TNG" = The Settlers II - 10th Anniversary
"SmartPropoPlus" = SmartPropoPlus
"ST6UNST #1" = Magic Berry
"The KMPlayer" = The KMPlayer (remove only)
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WildTangent wildgames Master Uninstall" = WildGames
"WinZip" = WinZip
"WOLAPI" = Westwood Shared Internet Components
"XPort 2" = XPort 2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2025429265-261478967-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26.10.2011 13:34:36 | Computer Name = PILA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 26.10.2011 13:37:11 | Computer Name = PILA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 29.10.2011 13:48:22 | Computer Name = PILA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace mmc.exe, verze 5.2.3790.4136, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 1.11.2011 18:54:19 | Computer Name = PILA | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.

Error - 1.11.2011 18:54:19 | Computer Name = PILA | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Zvolený server nemůže provést požadovanou operaci.

Error - 1.11.2011 18:54:20 | Computer Name = PILA | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Zvolený server nemůže provést požadovanou operaci.

Error - 1.11.2011 18:54:38 | Computer Name = PILA | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.

Error - 3.11.2011 14:01:16 | Computer Name = PILA | Source = Application Error | ID = 1000
Description = Chybující aplikace game.exe, verze 1.0.0.0, chybující modul ls3df.dll,
verze 0.0.0.0, adresa chyby 0x0005ac2e.

Error - 17.11.2011 17:50:26 | Computer Name = PILA | Source = Application Error | ID = 1000
Description = Chybující aplikace pv.cfexe, verze 0.0.0.0, chybující modul pv.cfexe,
verze 0.0.0.0, adresa chyby 0x00005994.

Error - 17.11.2011 18:27:22 | Computer Name = PILA | Source = Application Error | ID = 1000
Description = Chybující aplikace pv.cfexe, verze 0.0.0.0, chybující modul pv.cfexe,
verze 0.0.0.0, adresa chyby 0x00005994.

[ System Events ]
Error - 19.11.2011 18:39:18 | Computer Name = PILA | Source = Service Control Manager | ID = 7002
Description = Služba A4SII300 závisí na skupině 8Parallel arbitrat a žádný člen
této skupiny nebyl spuštěn.

Error - 19.11.2011 18:39:18 | Computer Name = PILA | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126

Error - 19.11.2011 18:45:03 | Computer Name = PILA | Source = Service Control Manager | ID = 7002
Description = Služba A4SII300 závisí na skupině 8Parallel arbitrat a žádný člen
této skupiny nebyl spuštěn.

Error - 19.11.2011 18:45:03 | Computer Name = PILA | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126

Error - 19.11.2011 18:47:56 | Computer Name = PILA | Source = Service Control Manager | ID = 7002
Description = Služba A4SII300 závisí na skupině 8Parallel arbitrat a žádný člen
této skupiny nebyl spuštěn.

Error - 19.11.2011 18:47:56 | Computer Name = PILA | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126

Error - 20.11.2011 11:19:11 | Computer Name = PILA | Source = Service Control Manager | ID = 7002
Description = Služba A4SII300 závisí na skupině 8Parallel arbitrat a žádný člen
této skupiny nebyl spuštěn.

Error - 20.11.2011 11:19:11 | Computer Name = PILA | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126

Error - 20.11.2011 17:05:04 | Computer Name = PILA | Source = Service Control Manager | ID = 7002
Description = Služba A4SII300 závisí na skupině 8Parallel arbitrat a žádný člen
této skupiny nebyl spuštěn.

Error - 20.11.2011 17:05:04 | Computer Name = PILA | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126

< End of report >

VIRY.CZ

Nějaká infekce, prosím o kontrolu.

Nějaká infekce, prosím o kontrolu.

Re: Nějaká infekce, prosím o kontrolu.

Re: Nějaká infekce, prosím o kontrolu.

Re: Nějaká infekce, prosím o kontrolu.

Re: Nějaká infekce, prosím o kontrolu.

Re: Nějaká infekce, prosím o kontrolu.

Re: Nějaká infekce, prosím o kontrolu.

Re: Nějaká infekce, prosím o kontrolu.

Re: Nějaká infekce, prosím o kontrolu.

Re: Nějaká infekce, prosím o kontrolu.

Re: Nějaká infekce, prosím o kontrolu.

Re: Nějaká infekce, prosím o kontrolu.

Re: Nějaká infekce, prosím o kontrolu.

Re: Nějaká infekce, prosím o kontrolu.

Re: Nějaká infekce, prosím o kontrolu.