Prosím o kontrolu, děkuji.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Foto at 2011-11-23 17:39:32
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 36 GB (65%) free of 55 GB
Total RAM: 511 MB (40% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:39:48, on 23.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Foto\Plocha\powarc1201int.exe
C:\DOCUME~1\Foto\LOCALS~1\Temp\7zS14D.tmp\setup.exe
C:\DOCUME~1\Foto\LOCALS~1\Temp\7zS14D.tmp\setup.exe
C:\WINDOWS\system32\MsiExec.exe
C:\DOCUME~1\Foto\LOCALS~1\Temp\7zS14D.tmp\setup.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Foto\Plocha\RSIT.exe
C:\Program Files\trend micro\Foto.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centrum.cz/?ms=ge
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: (no name) - {11D54ACE-09A9-11D4-8ACE-00C04F542830} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - (no file)
O2 - BHO: (no name) - {44742878-4CC3-4781-BA86-23D704E22B48} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {9673F57D-44CC-4B63-AF7B-91450A790407} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: (no name) - {ED15212B-018F-41FF-BBA1-C9BBDC95C9BF} - (no file)
O2 - BHO: CentrumBHO - {FC7D27FB-CA10-4CE3-B312-8A164671FD03} - C:\Program Files\NetCentrum\Turbo\bho.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Centrum.cz Turbo - {A6890AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\Program Files\NetCentrum\Turbo\Turbo.dll
O3 - Toolbar: KMPlayer Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Bleskově - {141D2E4F-F313-4991-B61A-EE5D6D849361} - http://bleskove.centrum.cz (file missing)
O9 - Extra button: Centrum.cz - {2A5CFB1C-AAA2-4760-8462-1B61CF74B7D8} - http://www.centrum.cz (file missing)
O9 - Extra button: Xchat - {2BCB61BF-DC41-4738-A149-BDAAAD7FF0BD} - http://www.xchat.cz (file missing)
O9 - Extra button: Aktuálně - {2E01031B-AB09-4455-823D-25F1A1C11F48} - http://aktualne.centrum.cz (file missing)
O9 - Extra button: Slovníky - {2F741D0A-150E-40F9-A602-1B2421475F1D} - http://slovniky.centrum.cz (file missing)
O9 - Extra button: Supermapy - {309176E6-E204-40A0-8D13-7F19C0498C40} - http://www.supermapy.cz (file missing)
O9 - Extra button: mp3.centrum.cz - {49681216-5BF4-41A2-AAFA-129A6BD625DA} - http://mp3.centrum.cz/ (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Žena - {8B6E8E01-D262-4980-8C27-B8B2802285C1} - http://www.zena.cz (file missing)
O9 - Extra button: Fotoalba - {8FD64249-590C-4FBC-B181-12A6BAF516AF} - http://www.fotoalba.cz (file missing)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Počasí - {A5050656-2286-454F-A489-C605ED1B461C} - http://pocasi.centrum.cz (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Sportplus - {BC78516C-9DC9-40C5-A91E-74593222EF89} - http://sportplus.centrum.cz (file missing)
O9 - Extra button: Digitálně - {DAE865E8-970E-4931-A172-119CB56BBAF5} - http://www.digitalne.cz/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Stahuj.cz - {FC29EB7D-EDBA-4299-AEE4-D1BDC70EFA15} - http://www.stahuj.cz/ (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: xxyxWpmL - xxyxWpmL.dll (file missing)
O21 - SSODL: vbksrofa - {15B0A9DC-DFD9-4248-91F3-C752D83F4609} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: epistylar - {917f93bf-6714-4e11-8982-59db2e0f88fc} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
--
End of file - 10954 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\WGASetup.job
C:\WINDOWS\tasks\{0BEFEABE-F34A-4F6F-BFA3-2ACC54F1D858}_COMPUTER_Foto.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default
prefs.js - "browser.startup.homepage" - "http://www.ask.com/?l=dis&o=15187"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.3, {20a82645-c095-46ed-80e3-08825760534b}:1.0, cs@dictionaries.addons.mozilla.org:1.0, wrc@avast.com:6.0.1289, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... id=afex&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe Flash Player 9.0
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
aboutRobots.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
nsAddonRepository.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat
C:\Program Files\Mozilla Firefox\plugins\
flashplayer.xpt
npnul32.dll
NPPandBr.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
NPSWF32.dll
NPSWF32_FlashUtil.exe
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\extensions\
cs@dictionaries.addons.mozilla.org
toolbar@ask.com
{800b5000-a755-47e1-992b-48a1c1357f07}
C:\Documents and Settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\searchplugins\
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin.xml
search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}]
Pando Search Assistant BHO - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL [2007-10-21 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11D54ACE-09A9-11D4-8ACE-00C04F542830}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-12-07 1377576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44742878-4CC3-4781-BA86-23D704E22B48}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9673F57D-44CC-4B63-AF7B-91450A790407}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-11-26 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-05-05 734704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
KMPlayer Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-11-17 1515688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4}]
Pando Toolbar BHO - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2007-10-21 266240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED15212B-018F-41FF-BBA1-C9BBDC95C9BF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC7D27FB-CA10-4CE3-B312-8A164671FD03}]
Turbo BHO Class - C:\Program Files\NetCentrum\Turbo\bho.dll [2007-12-18 82432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - Pando Toolbar - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2007-10-21 266240]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-11-26 2403392]
{A6890AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - Centrum.cz Turbo - C:\Program Files\NetCentrum\Turbo\Turbo.dll [2007-12-18 157696]
{D4027C7F-154A-4066-A1AD-4243D8127440} - KMPlayer Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-11-17 1515688]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-06-09 28672]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-05-23 88363]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"pdfSaver3"= []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-11-17 901800]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"some"=C:\Program Files\NetProject\scit.exe []
"start"=C:\Program Files\NetProject\sbmntr.exe []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyxWpmL]
xxyxWpmL.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
vbksrofa - {15B0A9DC-DFD9-4248-91F3-C752D83F4609}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
epistylar - {917f93bf-6714-4e11-8982-59db2e0f88fc}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9673F57D-44CC-4B63-AF7B-91450A790407}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\opnkhGxV
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\agL17.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ahN28.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhn74.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ciO30.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ckP38.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dkP05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kqW74.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lrW07.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lrW40.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ltA17.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ntA63.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouB63.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pvB41.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\agL17.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ahN28.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Bhn74.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ciO30.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ckP38.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dkP05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\kqW74.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\lrW07.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\lrW40.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ltA17.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ntA63.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ouB63.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\pvB41.sys]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Boiling Point - Cesta do pekel\XENUS.EXE"="C:\Program Files\Boiling Point - Cesta do pekel\XENUS.EXE:*:Enabled:XENUS"
"C:\Program Files\Sierra\Empire Earth\Empire Earth.exe"="C:\Program Files\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Program Files\Sierra\Empire Earth - The Art of Conquest\EE-AOC.exe"="C:\Program Files\Sierra\Empire Earth - The Art of Conquest\EE-AOC.exe:*:Enabled:EE-AOC"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"c:\windows\system32\rk.exe"="c:\windows\system32\rk.exe:*:Enabled:rk.exe"
"C:\Program Files\Stormregion\S.W.I.N.E\swine.exe"="C:\Program Files\Stormregion\S.W.I.N.E\swine.exe:*:Disabled:Swine"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Disabled:pando"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codecp.acm
"msacm.ctmp3"=C:\WINDOWS\system32\ctmp3.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=serwvdrv.dll
"msacm.voxacm160"=vct3216.acm
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"mixer4"=wdmaud.drv
"VIDC.XFR1"=xfcodec.dll
======List of files/folders created in the last 1 month======
2011-11-23 17:39:33 ----D---- C:\Program Files\trend micro
2011-11-23 17:39:32 ----DC---- C:\rsit
2011-11-23 17:21:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Caphyon
2011-11-23 17:21:04 ----D---- C:\Program Files\PatchBeam
2011-11-23 17:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2011-11-23 17:09:16 ----D---- C:\WINDOWS\ie8updates
2011-11-23 17:06:50 ----HDC---- C:\WINDOWS\ie8
2011-11-23 16:58:46 ----D---- C:\Program Files\Ask.com
2011-11-23 16:41:21 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-11-23 16:40:11 ----A---- C:\WINDOWS\avastSS.scr
2011-11-23 16:39:58 ----D---- C:\Program Files\AVAST Software
2011-11-23 16:39:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-11-23 16:18:52 ----A---- C:\WINDOWS\OEWABLog.txt
2011-11-23 16:18:12 ----D---- C:\WINDOWS\Prefetch
2011-11-23 16:14:38 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2011-11-23 16:13:21 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2011-11-23 16:12:20 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2011-11-23 16:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2011-11-23 16:10:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2011-11-23 16:09:03 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2011-11-23 16:08:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2011-11-23 16:06:59 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2011-11-23 16:05:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2011-11-23 16:04:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2011-11-23 16:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2011-11-23 16:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2011-11-23 16:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2011-11-23 16:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2011-11-23 15:59:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2011-11-23 15:58:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2011-11-23 15:56:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2011-11-23 15:55:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2011-11-23 15:54:19 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2011-11-23 15:53:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2011-11-23 15:52:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2011-11-23 15:50:48 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2011-11-23 15:49:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2011-11-23 15:48:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2011-11-23 15:47:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2011-11-23 15:45:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2011-11-23 15:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2011-11-23 15:42:55 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2011-11-23 15:41:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2011-11-23 15:40:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2011-11-23 15:39:18 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2011-11-23 15:38:06 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2011-11-23 15:36:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2011-11-23 15:35:23 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2011-11-23 15:34:08 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2011-11-23 15:32:53 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2011-11-23 15:31:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2011-11-23 15:30:23 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2011-11-23 15:29:07 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2011-11-23 15:27:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2011-11-23 15:26:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2011-11-23 15:25:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2011-11-23 15:24:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2011-11-23 15:22:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2011-11-23 15:21:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2011-11-23 15:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2011-11-23 15:18:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2011-11-23 15:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2011-11-23 15:16:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2011-11-23 15:15:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2011-11-23 15:13:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2011-11-23 15:12:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2011-11-23 15:11:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2011-11-23 15:10:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2011-11-23 15:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2011-11-23 15:07:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2011-11-23 15:06:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2011-11-23 15:05:10 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2011-11-23 15:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2011-11-23 15:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2011-11-23 15:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2011-11-23 14:58:03 ----A---- C:\WINDOWS\setuplog.txt
2011-11-23 14:57:08 ----N---- C:\WINDOWS\system32\drivers\irbus.sys
2011-11-23 14:57:08 ----N---- C:\WINDOWS\system32\comsdupd.exe
2011-11-23 14:57:07 ----N---- C:\WINDOWS\system32\smtpapi.dll
2011-11-23 14:57:07 ----N---- C:\WINDOWS\system32\rwnh.dll
2011-11-23 14:57:04 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2011-11-23 14:57:04 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2011-11-23 14:57:04 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2011-11-23 14:57:03 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2011-11-23 14:57:03 ----N---- C:\WINDOWS\system32\azroles.dll
2011-11-23 14:57:03 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2011-11-23 14:57:03 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2011-11-23 14:57:03 ----N---- C:\WINDOWS\system32\ati3duag.dll
2011-11-23 14:57:03 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2011-11-23 14:57:02 ----N---- C:\WINDOWS\system32\dot3msm.dll
2011-11-23 14:57:02 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2011-11-23 14:57:02 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2011-11-23 14:57:02 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2011-11-23 14:57:02 ----N---- C:\WINDOWS\system32\dot3api.dll
2011-11-23 14:57:02 ----N---- C:\WINDOWS\system32\dimsroam.dll
2011-11-23 14:57:02 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2011-11-23 14:57:02 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2011-11-23 14:57:02 ----N---- C:\WINDOWS\system32\credssp.dll
2011-11-23 14:57:01 ----N---- C:\WINDOWS\system32\eapsvc.dll
2011-11-23 14:57:01 ----N---- C:\WINDOWS\system32\eapqec.dll
2011-11-23 14:57:01 ----N---- C:\WINDOWS\system32\eappprxy.dll
2011-11-23 14:57:01 ----N---- C:\WINDOWS\system32\eapphost.dll
2011-11-23 14:57:01 ----N---- C:\WINDOWS\system32\eappgnui.dll
2011-11-23 14:57:01 ----N---- C:\WINDOWS\system32\eappcfg.dll
2011-11-23 14:57:01 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2011-11-23 14:57:01 ----N---- C:\WINDOWS\system32\eapolqec.dll
2011-11-23 14:57:01 ----N---- C:\WINDOWS\system32\dot3ui.dll
2011-11-23 14:57:01 ----N---- C:\WINDOWS\system32\dot3svc.dll
2011-11-23 14:57:00 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2011-11-23 14:56:59 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2011-11-23 14:56:58 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2011-11-23 14:56:58 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2011-11-23 14:56:58 ----N---- C:\WINDOWS\system32\kmsvc.dll
2011-11-23 14:56:58 ----N---- C:\WINDOWS\system32\kbdpash.dll
2011-11-23 14:56:58 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2011-11-23 14:56:58 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2011-11-23 14:56:57 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2011-11-23 14:56:57 ----N---- C:\WINDOWS\system32\mssha.dll
2011-11-23 14:56:57 ----N---- C:\WINDOWS\system32\mmcperf.exe
2011-11-23 14:56:57 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2011-11-23 14:56:57 ----N---- C:\WINDOWS\system32\mmcex.dll
2011-11-23 14:56:57 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2011-11-23 14:56:56 ----N---- C:\WINDOWS\system32\napstat.exe
2011-11-23 14:56:56 ----N---- C:\WINDOWS\system32\napmontr.dll
2011-11-23 14:56:56 ----N---- C:\WINDOWS\system32\napipsec.dll
2011-11-23 14:56:56 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2011-11-23 14:56:55 ----N---- C:\WINDOWS\system32\qagentrt.dll
2011-11-23 14:56:55 ----N---- C:\WINDOWS\system32\qagent.dll
2011-11-23 14:56:55 ----N---- C:\WINDOWS\system32\onex.dll
2011-11-23 14:56:54 ----N---- C:\WINDOWS\system32\slserv.exe
2011-11-23 14:56:54 ----N---- C:\WINDOWS\system32\slrundll.exe
2011-11-23 14:56:54 ----N---- C:\WINDOWS\system32\slgen.dll
2011-11-23 14:56:54 ----N---- C:\WINDOWS\system32\slextspk.dll
2011-11-23 14:56:54 ----N---- C:\WINDOWS\system32\slcoinst.dll
2011-11-23 14:56:54 ----N---- C:\WINDOWS\system32\setupn.exe
2011-11-23 14:56:54 ----N---- C:\WINDOWS\system32\s3gnb.dll
2011-11-23 14:56:54 ----N---- C:\WINDOWS\system32\rasqec.dll
2011-11-23 14:56:54 ----N---- C:\WINDOWS\system32\qutil.dll
2011-11-23 14:56:54 ----N---- C:\WINDOWS\system32\qcliprov.dll
2011-11-23 14:56:53 ----N---- C:\WINDOWS\system32\tspkg.dll
2011-11-23 14:56:51 ----N---- C:\WINDOWS\system32\wlanapi.dll
2011-11-23 14:56:50 ----N---- C:\WINDOWS\slrundll.exe
2011-11-23 14:56:49 ----D---- C:\WINDOWS\l2schemas
2011-11-23 14:56:48 ----D---- C:\WINDOWS\system32\cs
2011-11-23 14:56:48 ----D---- C:\WINDOWS\system32\bits
2011-11-23 14:51:10 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2011-11-23 14:51:10 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2011-11-23 14:51:10 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2011-11-23 14:51:10 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2011-11-23 14:51:10 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2011-11-23 14:51:10 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2011-11-23 14:51:09 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2011-11-23 14:51:09 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2011-11-23 14:51:09 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2011-11-23 14:51:09 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2011-11-23 14:51:09 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2011-11-23 14:51:09 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2011-11-23 14:51:09 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2011-11-23 14:51:09 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys
2011-11-23 14:51:09 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys
2011-11-23 14:51:09 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys
2011-11-23 14:51:09 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2011-11-23 14:51:08 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2011-11-23 14:51:08 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2011-11-23 14:51:08 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2011-11-23 14:51:08 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2011-11-23 14:51:08 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2011-11-23 14:51:08 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2011-11-23 14:51:08 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2011-11-23 14:51:08 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2011-11-23 14:51:08 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2011-11-23 14:51:08 ----N---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2011-11-23 14:51:08 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2011-11-23 14:51:08 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2011-11-23 14:51:08 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2011-11-23 14:51:08 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2011-11-23 14:51:07 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2011-11-23 14:51:07 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2011-11-23 14:51:07 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2011-11-23 14:51:07 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2011-11-23 14:51:07 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2011-11-23 14:51:07 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2011-11-23 14:51:07 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2011-11-23 14:51:06 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2011-11-23 14:51:06 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys
2011-11-23 14:51:06 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2011-11-23 14:51:06 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2011-11-23 14:51:06 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2011-11-23 14:51:05 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2011-11-23 14:51:05 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2011-11-23 14:51:05 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2011-11-23 14:51:05 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2011-11-23 14:51:05 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2011-11-23 14:51:05 ----N---- C:\WINDOWS\system32\drivers\hdaudbus.sys
2011-11-23 14:51:05 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2011-11-23 14:51:04 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2011-11-23 14:51:04 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2011-11-23 14:51:04 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2011-11-23 14:51:03 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2011-11-23 14:51:03 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys
2011-11-23 14:51:03 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2011-11-23 14:51:03 ----N---- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2011-11-23 14:51:03 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2011-11-23 14:51:03 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2011-11-23 14:51:03 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2011-11-23 14:51:03 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2011-11-23 14:51:03 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2011-11-23 14:51:03 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2011-11-23 14:51:03 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2011-11-23 14:51:02 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2011-11-23 14:51:02 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2011-11-23 14:51:02 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys
2011-11-23 14:51:02 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2011-11-23 14:51:02 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys
2011-11-23 14:51:02 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2011-11-23 14:51:02 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys
2011-11-23 14:51:02 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2011-11-23 14:51:02 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2011-11-23 14:51:02 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2011-11-23 14:51:02 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2011-11-23 14:51:01 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2011-11-23 14:51:01 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2011-11-23 14:51:01 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2011-11-23 14:51:01 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2011-11-23 14:51:01 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2011-11-23 14:48:57 ----A---- C:\WINDOWS\003206_.tmp
2011-11-23 14:44:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2011-11-22 11:42:45 ----D---- C:\WINDOWS\system32\XPSViewer
2011-11-22 11:42:41 ----D---- C:\Program Files\MSBuild
2011-11-22 11:42:39 ----D---- C:\WINDOWS\system32\en-US
2011-11-22 11:42:31 ----D---- C:\Program Files\Reference Assemblies
2011-11-22 11:42:04 ----DC---- C:\d0069953962846fca0
2011-11-22 08:21:31 ----D---- C:\WINDOWS\system32\KB905474
2011-11-21 22:15:50 ----HDC---- C:\WINDOWS\$NtUninstallKB980218_0$
2011-11-21 22:15:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2011-11-21 22:15:37 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2011-11-21 22:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2011-11-21 22:15:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2011-11-21 22:15:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2011-11-21 22:15:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971468_0$
2011-11-21 22:15:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979683_0$
2011-11-21 22:14:52 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2011-11-21 22:14:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2011-11-21 22:14:41 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2011-11-21 22:14:26 ----HDC---- C:\WINDOWS\$NtUninstallKB980232_0$
2011-11-21 22:13:55 ----HDC---- C:\WINDOWS\$NtUninstallKB981350$
2011-11-21 22:12:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955759_0$
2011-11-21 22:11:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2011-11-21 22:11:43 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2011-11-21 22:11:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593_0$
2011-11-21 22:11:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2011-11-21 22:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978037_0$
2011-11-21 22:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975713_0$
2011-11-21 22:10:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2011-11-21 22:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB978338_0$
2011-11-21 22:10:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2011-11-21 22:10:18 ----HDC---- C:\WINDOWS\$NtUninstallKB972270_0$
2011-11-21 22:10:11 ----D---- C:\WINDOWS\ServicePackFiles
2011-11-21 22:10:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956744_0$
2011-11-21 22:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2011-11-21 22:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_1$
2011-11-21 22:09:31 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_1$
2011-11-21 22:08:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2011-11-21 22:08:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2011-11-21 22:08:09 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2011-11-21 22:07:58 ----D---- C:\Program Files\MSXML 6.0
2011-11-21 22:07:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975561_0$
2011-11-21 22:07:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2011-11-21 22:07:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2011-11-21 22:07:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2011-11-21 22:06:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2011-11-21 22:06:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2011-11-21 22:06:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2011-11-21 22:06:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975560_0$
2011-11-21 22:05:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2011-11-21 22:05:44 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2011-11-21 22:05:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2011-11-21 22:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2011-11-21 22:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978601_0$
2011-11-21 22:05:04 ----HDC---- C:\WINDOWS\$NtUninstallKB979559_0$
2011-11-21 22:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2011-11-21 22:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2011-11-21 22:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2011-11-21 22:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2011-11-21 22:03:51 ----HDC---- C:\WINDOWS\$NtUninstallKB977914_0$
2011-11-21 22:03:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2011-11-21 22:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2011-11-21 22:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB978542_0$
2011-11-21 22:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2011-11-21 22:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979309_0$
2011-11-21 22:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2011-11-21 22:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB979482_0$
2011-11-21 22:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978706_0$
2011-11-21 22:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2011-11-21 22:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2011-11-21 22:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975562_0$
2011-11-21 22:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2011-11-21 22:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2011-11-21 22:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2011-11-21 22:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2011-11-21 22:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB982381_0$
2011-11-21 22:00:08 ----D---- C:\Program Files\MSXML 4.0
2011-11-21 22:00:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2011-11-21 21:58:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2011-11-21 21:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2011-11-21 21:58:40 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2011-11-21 21:48:46 ----N---- C:\WINDOWS\system32\browserchoice.exe
======List of files/folders modified in the last 1 month======
2011-11-23 17:39:33 ----RD---- C:\Program Files
2011-11-23 17:36:52 ----D---- C:\Documents and Settings
2011-11-23 17:33:28 ----D---- C:\Program Files\The KMPlayer
2011-11-23 17:27:15 ----D---- C:\WINDOWS\TEMP
2011-11-23 17:21:11 ----SHD---- C:\WINDOWS\Installer
2011-11-23 17:21:10 ----SHDC---- C:\Config.Msi
2011-11-23 17:20:56 ----D---- C:\Program Files\PowerArchiver
2011-11-23 17:20:43 ----D---- C:\WINDOWS\system32
2011-11-23 17:18:15 ----D---- C:\Program Files\Common Files\Adobe
2011-11-23 17:17:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-11-23 17:17:52 ----D---- C:\Program Files\Adobe
2011-11-23 17:17:34 ----D---- C:\WINDOWS\WinSxS
2011-11-23 17:12:56 ----HD---- C:\WINDOWS\inf
2011-11-23 17:12:54 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-23 17:12:45 ----D---- C:\WINDOWS
2011-11-23 17:12:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-11-23 17:12:04 ----D---- C:\WINDOWS\Help
2011-11-23 17:12:04 ----D---- C:\Program Files\Internet Explorer
2011-11-23 17:11:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-23 17:10:35 ----HD---- C:\WINDOWS\$hf_mig$
2011-11-23 17:10:31 ----A---- C:\WINDOWS\imsins.BAK
2011-11-23 17:07:57 ----D---- C:\WINDOWS\WBEM
2011-11-23 17:07:51 ----D---- C:\WINDOWS\Media
2011-11-23 16:59:03 ----SD---- C:\WINDOWS\Tasks
2011-11-23 16:46:26 ----D---- C:\Program Files\Mozilla Firefox
2011-11-23 16:43:45 ----D---- C:\Program Files\Alwil Software
2011-11-23 16:41:21 ----D---- C:\WINDOWS\system32\drivers
2011-11-23 16:31:26 ----D---- C:\Program Files\Scorpions WinCheater
2011-11-23 16:31:13 ----HD---- C:\Program Files\InstallShield Installation Information
2011-11-23 16:31:13 ----D---- C:\Program Files\WarRock
2011-11-23 16:21:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-23 16:17:27 ----D---- C:\WINDOWS\AppPatch
2011-11-23 16:17:26 ----D---- C:\WINDOWS\system32\wbem
2011-11-23 16:17:26 ----D---- C:\WINDOWS\system32\Setup
2011-11-23 16:17:25 ----RSD---- C:\WINDOWS\Fonts
2011-11-23 16:15:57 ----A---- C:\WINDOWS\iis6.BAK
2011-11-23 16:15:31 ----D---- C:\WINDOWS\system32\CatRoot
2011-11-23 16:05:04 ----D---- C:\Program Files\Outlook Express
2011-11-23 15:58:31 ----D---- C:\Program Files\Movie Maker
2011-11-23 15:06:52 ----D---- C:\WINDOWS\security
2011-11-23 15:04:26 ----D---- C:\Program Files\Messenger
2011-11-23 14:57:09 ----D---- C:\WINDOWS\ehome
2011-11-23 14:57:07 ----D---- C:\WINDOWS\system32\inetsrv
2011-11-23 14:57:07 ----D---- C:\WINDOWS\network diagnostic
2011-11-23 14:57:06 ----D---- C:\WINDOWS\ime
2011-11-23 14:56:50 ----D---- C:\WINDOWS\system32\usmt
2011-11-23 14:56:50 ----D---- C:\WINDOWS\system32\cs-cz
2011-11-23 14:56:48 ----D---- C:\WINDOWS\PeerNet
2011-11-23 14:53:33 ----D---- C:\WINDOWS\system32\Restore
2011-11-23 14:53:33 ----D---- C:\WINDOWS\system32\npp
2011-11-23 14:53:31 ----D---- C:\WINDOWS\msagent
2011-11-23 14:53:29 ----D---- C:\WINDOWS\srchasst
2011-11-23 14:53:28 ----D---- C:\Program Files\NetMeeting
2011-11-23 14:53:27 ----D---- C:\WINDOWS\system32\Com
2011-11-23 14:53:24 ----D---- C:\Program Files\Windows Media Player
2011-11-23 14:53:22 ----D---- C:\Program Files\Windows NT
2011-11-23 14:53:18 ----D---- C:\Program Files\Common Files\System
2011-11-23 14:52:56 ----D---- C:\WINDOWS\system32\oobe
2011-11-23 14:52:55 ----D---- C:\WINDOWS\system
2011-11-23 14:48:51 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-11-23 14:09:32 ----RSD---- C:\WINDOWS\assembly
2011-11-23 14:06:22 ----D---- C:\WINDOWS\Microsoft.NET
2011-11-23 13:51:51 ----SH---- C:\WINDOWS\system32\rtdqxdkb.ini
2011-11-22 08:25:08 ----D---- C:\Program Files\Centrum.cz
2011-11-21 22:00:19 ----D---- C:\WINDOWS\Debug
2011-11-21 21:57:31 ----A---- C:\WINDOWS\system32\mcrh.tmp
2011-11-21 21:47:05 ----D---- C:\Program Files\ICQToolbar
2011-11-21 21:42:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Bluetooth
2011-10-27 22:04:56 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-09-03 115680]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2003-10-28 20016]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2006-05-10 51200]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-05-10 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-09-06 30808]
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-09-06 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-09-06 442200]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-09-06 320856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-09-06 52568]
R1 Cdr4_2K;Cdr4_2K; C:\WINDOWS\system32\drivers\Cdr4_2K.sys [2007-07-08 52464]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2001-01-02 22089]
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R1 pwd_2K;pwd_2K; C:\WINDOWS\system32\drivers\pwd_2K.sys [2007-07-08 62118]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-09-06 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-09-06 110552]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2007-04-08 18816]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 tenCapture;tenCapture; C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 agL17;agL17; C:\WINDOWS\System32\Drivers\agL17.sys []
S0 ahN28;ahN28; C:\WINDOWS\System32\Drivers\ahN28.sys []
S0 Bhn74;Bhn74; C:\WINDOWS\System32\Drivers\Bhn74.sys []
S0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys []
S0 cercsr6;cercsr6; C:\WINDOWS\system32\drivers\cercsr6.sys [2004-12-13 39904]
S0 ciO30;ciO30; C:\WINDOWS\System32\Drivers\ciO30.sys []
S0 ckP38;ckP38; C:\WINDOWS\System32\Drivers\ckP38.sys []
S0 dkP05;dkP05; C:\WINDOWS\System32\Drivers\dkP05.sys []
S0 kqW74;kqW74; C:\WINDOWS\System32\Drivers\kqW74.sys []
S0 lrW07;lrW07; C:\WINDOWS\System32\Drivers\lrW07.sys []
S0 lrW40;lrW40; C:\WINDOWS\System32\Drivers\lrW40.sys []
S0 ltA17;ltA17; C:\WINDOWS\System32\Drivers\ltA17.sys []
S0 ntA63;ntA63; C:\WINDOWS\System32\Drivers\ntA63.sys []
S0 ouB63;ouB63; C:\WINDOWS\System32\Drivers\ouB63.sys []
S0 pvB41;pvB41; C:\WINDOWS\System32\Drivers\pvB41.sys []
S1 Cdudf;Cdudf; C:\WINDOWS\system32\drivers\Cdudf.sys []
S1 UdfReadr;UdfReadr; C:\WINDOWS\system32\drivers\UdfReadr.sys []
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys []
S3 AgereSoftModem;Microcom InPorte Home; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2002-09-25 1141248]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-06-09 186068]
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-06-09 494384]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys []
S3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-06-09 6144]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-06-09 136448]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2007-07-08 9734]
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-06-09 116416]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2003-06-09 819984]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-06-09 135696]
S3 mdxgthkn;mdxgthkn; \??\C:\DOCUME~1\User\LOCALS~1\Temp\mdxgthkn.sys []
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2007-07-08 17590]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-06-09 113840]
S3 PCAudi;Auditivo PCAudi - Virtual Audio Device; C:\WINDOWS\system32\drivers\pcaudi.sys [2007-01-18 56832]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva090;XDva090; \??\C:\WINDOWS\system32\XDva090.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-10-24 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-06-22 107832]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2001-12-31 136176]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\WINDOWS\system32\sfrem01.exe [2006-05-10 353912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2001-12-31 136176]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-26 138168]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivní kontrola
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Preventivní kontrola
Zdravim a pekny vecer preji 
Male nedorozumneni nastalo 
Mel jste tu dve temata, ja jedno mrsknul do kose a vy druhe mezitim smazal Takze jsem jej z kose "vybufetil" a muzem pokracovat
No je tam pekne nastlano 
Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy
Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
Male nedorozumneni nastalo Mel jste tu dve temata, ja jedno mrsknul do kose a vy druhe mezitim smazal Takze jsem jej z kose "vybufetil" a muzem pokracovat No je tam pekne nastlano Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
- Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
- Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
- Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
- Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
- Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
- Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Preventivní kontrola
omlouvám se dvakrát po sobě jsem kilk na odeslat...
18:26:10.0296 0684 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
18:26:10.0500 0684 ============================================================
18:26:10.0500 0684 Current date / time: 2011/11/23 18:26:10.0500
18:26:10.0500 0684 SystemInfo:
18:26:10.0500 0684
18:26:10.0500 0684 OS Version: 5.1.2600 ServicePack: 3.0
18:26:10.0500 0684 Product type: Workstation
18:26:10.0500 0684 ComputerName: COMPUTER
18:26:10.0500 0684 UserName: Foto
18:26:10.0500 0684 Windows directory: C:\WINDOWS
18:26:10.0500 0684 System windows directory: C:\WINDOWS
18:26:10.0500 0684 Processor architecture: Intel x86
18:26:10.0500 0684 Number of processors: 2
18:26:10.0500 0684 Page size: 0x1000
18:26:10.0500 0684 Boot type: Normal boot
18:26:10.0500 0684 ============================================================
18:26:11.0593 0684 Initialize success
18:26:13.0234 2276 ============================================================
18:26:13.0234 2276 Scan started
18:26:13.0234 2276 Mode: Manual;
18:26:13.0234 2276 ============================================================
18:26:14.0031 2276 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
18:26:14.0031 2276 Aavmker4 - ok
18:26:14.0203 2276 Abiosdsk - ok
18:26:14.0406 2276 abp480n5 - ok
18:26:14.0671 2276 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:26:14.0671 2276 ACPI - ok
18:26:14.0890 2276 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:26:14.0890 2276 ACPIEC - ok
18:26:15.0093 2276 adpu160m - ok
18:26:15.0281 2276 aeaudio - ok
18:26:15.0531 2276 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:26:15.0531 2276 aec - ok
18:26:15.0750 2276 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
18:26:15.0750 2276 AFD - ok
18:26:16.0031 2276 AgereSoftModem (2335c7f0fc7a100228dcae4b00077bf1) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
18:26:16.0218 2276 AgereSoftModem - ok
18:26:16.0671 2276 agL17 - ok
18:26:17.0000 2276 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:26:17.0000 2276 agp440 - ok
18:26:17.0187 2276 Aha154x - ok
18:26:17.0437 2276 ahN28 - ok
18:26:17.0625 2276 aic78u2 - ok
18:26:17.0828 2276 aic78xx - ok
18:26:18.0031 2276 AliIde - ok
18:26:18.0234 2276 amsint - ok
18:26:18.0484 2276 Asapi (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapi.sys
18:26:18.0484 2276 Asapi - ok
18:26:18.0671 2276 asc - ok
18:26:18.0875 2276 asc3350p - ok
18:26:19.0062 2276 asc3550 - ok
18:26:19.0296 2276 Aspi32 (20d04091eba710f6988f710507d85868) C:\WINDOWS\system32\drivers\Aspi32.sys
18:26:19.0296 2276 Aspi32 - ok
18:26:19.0531 2276 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:26:19.0531 2276 aswFsBlk - ok
18:26:19.0734 2276 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
18:26:19.0750 2276 aswMon2 - ok
18:26:19.0968 2276 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
18:26:19.0968 2276 aswRdr - ok
18:26:20.0203 2276 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
18:26:20.0234 2276 aswSnx - ok
18:26:20.0468 2276 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
18:26:20.0500 2276 aswSP - ok
18:26:20.0703 2276 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
18:26:20.0703 2276 aswTdi - ok
18:26:20.0921 2276 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:26:20.0921 2276 AsyncMac - ok
18:26:21.0140 2276 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:26:21.0140 2276 atapi - ok
18:26:21.0328 2276 Atdisk - ok
18:26:21.0578 2276 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:26:21.0578 2276 Atmarpc - ok
18:26:21.0812 2276 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:26:21.0812 2276 audstub - ok
18:26:22.0046 2276 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:26:22.0046 2276 Beep - ok
18:26:22.0265 2276 Bhn74 - ok
18:26:22.0468 2276 BlueletAudio - ok
18:26:22.0656 2276 BlueletSCOAudio - ok
18:26:22.0859 2276 BT - ok
18:26:23.0062 2276 Btcsrusb - ok
18:26:23.0265 2276 BTHidEnum - ok
18:26:23.0453 2276 BTHidMgr - ok
18:26:23.0671 2276 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:26:23.0671 2276 cbidf2k - ok
18:26:23.0890 2276 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:26:23.0890 2276 CCDECODE - ok
18:26:24.0062 2276 cd20xrnt - ok
18:26:24.0296 2276 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:26:24.0312 2276 Cdaudio - ok
18:26:24.0546 2276 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:26:24.0562 2276 Cdfs - ok
18:26:24.0781 2276 Cdr4_2K (f29b3d3b00f44a3ca772151aab312ca6) C:\WINDOWS\system32\drivers\Cdr4_2K.sys
18:26:24.0796 2276 Cdr4_2K - ok
18:26:25.0156 2276 Cdralw2k (0b7d5ecee3b1c6f515c3961a2ce32fc4) C:\WINDOWS\system32\drivers\Cdralw2k.sys
18:26:25.0171 2276 Cdralw2k - ok
18:26:25.0484 2276 cdrbsvsd (7fc46240546c16c0448c29c9d233b915) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
18:26:25.0484 2276 cdrbsvsd - ok
18:26:25.0703 2276 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:26:25.0703 2276 Cdrom - ok
18:26:25.0890 2276 Cdudf - ok
18:26:26.0093 2276 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
18:26:26.0093 2276 cercsr6 - ok
18:26:26.0265 2276 Changer - ok
18:26:26.0468 2276 ciO30 - ok
18:26:26.0640 2276 ckP38 - ok
18:26:26.0828 2276 CmdIde - ok
18:26:27.0015 2276 Cpqarray - ok
18:26:27.0250 2276 ctac32k (23d6d320c0d236784ef0ccf7cbf6c1c0) C:\WINDOWS\system32\drivers\ctac32k.sys
18:26:27.0250 2276 ctac32k - ok
18:26:27.0484 2276 ctaud2k (16693a385321ceac8f24a53070efc378) C:\WINDOWS\system32\drivers\ctaud2k.sys
18:26:27.0515 2276 ctaud2k - ok
18:26:27.0703 2276 ctdvda2k - ok
18:26:27.0890 2276 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
18:26:27.0890 2276 ctljystk - ok
18:26:28.0093 2276 ctprxy2k (53b99368d26ab1be9c3842976df5543c) C:\WINDOWS\system32\drivers\ctprxy2k.sys
18:26:28.0093 2276 ctprxy2k - ok
18:26:28.0343 2276 ctsfm2k (73746e147e50249b790bc631891063b5) C:\WINDOWS\system32\drivers\ctsfm2k.sys
18:26:28.0343 2276 ctsfm2k - ok
18:26:28.0546 2276 dac2w2k - ok
18:26:28.0734 2276 dac960nt - ok
18:26:28.0953 2276 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:26:28.0968 2276 Disk - ok
18:26:29.0140 2276 dkP05 - ok
18:26:29.0437 2276 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
18:26:29.0468 2276 dmboot - ok
18:26:29.0718 2276 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
18:26:29.0718 2276 dmio - ok
18:26:29.0937 2276 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:26:29.0953 2276 dmload - ok
18:26:30.0171 2276 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:26:30.0171 2276 DMusic - ok
18:26:30.0359 2276 dpti2o - ok
18:26:30.0578 2276 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:26:30.0578 2276 drmkaud - ok
18:26:30.0781 2276 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
18:26:30.0781 2276 dvd43llh - ok
18:26:30.0984 2276 dvd_2K (dc3528506b5d3a374710d94fb2c05960) C:\WINDOWS\system32\drivers\dvd_2K.sys
18:26:30.0984 2276 dvd_2K - ok
18:26:31.0218 2276 emupia (a75959f10b6b536982f872b55fc6ce27) C:\WINDOWS\system32\drivers\emupia2k.sys
18:26:31.0218 2276 emupia - ok
18:26:31.0468 2276 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:26:31.0468 2276 Fastfat - ok
18:26:31.0687 2276 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:26:31.0703 2276 Fdc - ok
18:26:31.0921 2276 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
18:26:31.0921 2276 Fips - ok
18:26:32.0140 2276 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:26:32.0140 2276 Flpydisk - ok
18:26:32.0375 2276 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:26:32.0375 2276 FltMgr - ok
18:26:32.0609 2276 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:26:32.0609 2276 Fs_Rec - ok
18:26:32.0796 2276 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:26:32.0812 2276 Ftdisk - ok
18:26:33.0000 2276 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
18:26:33.0000 2276 gameenum - ok
18:26:33.0218 2276 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:26:33.0218 2276 Gpc - ok
18:26:33.0484 2276 ha10kx2k (bcb3281bfc4eeb8d82932669490013cd) C:\WINDOWS\system32\drivers\ha10kx2k.sys
18:26:33.0515 2276 ha10kx2k - ok
18:26:33.0718 2276 hap16v2k (f8cad1257f4493456486d9964f51a70d) C:\WINDOWS\system32\drivers\hap16v2k.sys
18:26:33.0718 2276 hap16v2k - ok
18:26:33.0921 2276 hpn - ok
18:26:34.0156 2276 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
18:26:34.0156 2276 HTTP - ok
18:26:34.0375 2276 i2omgmt - ok
18:26:34.0562 2276 i2omp - ok
18:26:34.0796 2276 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:26:34.0796 2276 i8042prt - ok
18:26:35.0046 2276 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:26:35.0046 2276 Imapi - ok
18:26:35.0234 2276 ini910u - ok
18:26:35.0453 2276 IntelIde (57d928e548b38502abba7a77a6eb7312) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:26:35.0453 2276 IntelIde - ok
18:26:35.0671 2276 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:26:35.0671 2276 intelppm - ok
18:26:35.0890 2276 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:26:35.0890 2276 Ip6Fw - ok
18:26:36.0093 2276 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:26:36.0093 2276 IpFilterDriver - ok
18:26:36.0312 2276 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:26:36.0312 2276 IpInIp - ok
18:26:36.0546 2276 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:26:36.0562 2276 IpNat - ok
18:26:36.0781 2276 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:26:36.0781 2276 IPSec - ok
18:26:37.0000 2276 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:26:37.0000 2276 IRENUM - ok
18:26:37.0218 2276 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:26:37.0234 2276 isapnp - ok
18:26:37.0687 2276 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:26:37.0703 2276 Kbdclass - ok
18:26:37.0937 2276 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:26:37.0953 2276 kmixer - ok
18:26:38.0140 2276 kqW74 - ok
18:26:38.0359 2276 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:26:38.0375 2276 KSecDD - ok
18:26:38.0562 2276 lbrtfdc - ok
18:26:38.0765 2276 lrW07 - ok
18:26:38.0968 2276 lrW40 - ok
18:26:39.0171 2276 ltA17 - ok
18:26:39.0234 2276 mdxgthkn - ok
18:26:39.0453 2276 mmc_2K (64730819d8b1b17ffd387c314d493966) C:\WINDOWS\system32\drivers\mmc_2K.sys
18:26:39.0453 2276 mmc_2K - ok
18:26:39.0671 2276 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:26:39.0671 2276 mnmdd - ok
18:26:39.0906 2276 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
18:26:39.0906 2276 Modem - ok
18:26:40.0125 2276 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:26:40.0140 2276 MODEMCSA - ok
18:26:40.0328 2276 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:26:40.0343 2276 Mouclass - ok
18:26:40.0562 2276 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:26:40.0562 2276 MountMgr - ok
18:26:40.0750 2276 mraid35x - ok
18:26:41.0000 2276 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:26:41.0000 2276 MRxDAV - ok
18:26:41.0250 2276 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:26:41.0265 2276 MRxSmb - ok
18:26:41.0484 2276 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:26:41.0500 2276 Msfs - ok
18:26:41.0703 2276 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:26:41.0718 2276 MSKSSRV - ok
18:26:41.0921 2276 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:26:41.0921 2276 MSPCLOCK - ok
18:26:42.0140 2276 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:26:42.0140 2276 MSPQM - ok
18:26:42.0343 2276 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:26:42.0343 2276 mssmbios - ok
18:26:42.0546 2276 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:26:42.0546 2276 MSTEE - ok
18:26:42.0765 2276 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
18:26:42.0781 2276 Mup - ok
18:26:43.0000 2276 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:26:43.0015 2276 NABTSFEC - ok
18:26:43.0265 2276 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:26:43.0265 2276 NDIS - ok
18:26:43.0484 2276 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:26:43.0484 2276 NdisIP - ok
18:26:43.0703 2276 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:26:43.0703 2276 NdisTapi - ok
18:26:43.0906 2276 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:26:43.0906 2276 Ndisuio - ok
18:26:44.0140 2276 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:26:44.0140 2276 NdisWan - ok
18:26:44.0359 2276 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
18:26:44.0375 2276 NDProxy - ok
18:26:44.0593 2276 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:26:44.0609 2276 NetBIOS - ok
18:26:44.0859 2276 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:26:44.0859 2276 NetBT - ok
18:26:45.0109 2276 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:26:45.0109 2276 Npfs - ok
18:26:45.0296 2276 ntA63 - ok
18:26:45.0515 2276 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:26:45.0546 2276 Ntfs - ok
18:26:45.0781 2276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:26:45.0796 2276 Null - ok
18:26:46.0062 2276 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:26:46.0109 2276 nv - ok
18:26:46.0328 2276 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:26:46.0328 2276 NwlnkFlt - ok
18:26:46.0546 2276 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:26:46.0546 2276 NwlnkFwd - ok
18:26:46.0765 2276 ossrv (64de7fde0aac66f721addd1e0394e664) C:\WINDOWS\system32\drivers\ctoss2k.sys
18:26:46.0765 2276 ossrv - ok
18:26:46.0953 2276 ouB63 - ok
18:26:47.0156 2276 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
18:26:47.0156 2276 Parport - ok
18:26:47.0375 2276 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:26:47.0390 2276 PartMgr - ok
18:26:47.0609 2276 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
18:26:47.0609 2276 ParVdm - ok
18:26:47.0796 2276 PCAudi (f66d7110057ef0d5fb9207a1ea7586bc) C:\WINDOWS\system32\drivers\pcaudi.sys
18:26:47.0812 2276 PCAudi - ok
18:26:48.0031 2276 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
18:26:48.0046 2276 PCI - ok
18:26:48.0218 2276 PCIDump - ok
18:26:48.0453 2276 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:26:48.0453 2276 PCIIde - ok
18:26:48.0671 2276 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:26:48.0687 2276 Pcmcia - ok
18:26:48.0859 2276 PDCOMP - ok
18:26:49.0031 2276 PDFRAME - ok
18:26:49.0203 2276 PDRELI - ok
18:26:49.0406 2276 PDRFRAME - ok
18:26:49.0609 2276 perc2 - ok
18:26:49.0796 2276 perc2hib - ok
18:26:50.0031 2276 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
18:26:50.0046 2276 pfc - ok
18:26:50.0265 2276 PnkBstrK (752fee296507f1e3d327e013e03d870d) C:\WINDOWS\system32\drivers\PnkBstrK.sys
18:26:50.0265 2276 PnkBstrK - ok
18:26:50.0500 2276 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:26:50.0500 2276 PptpMiniport - ok
18:26:50.0734 2276 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
18:26:50.0734 2276 Processor - ok
18:26:50.0953 2276 prodrv06 (09921a58b4278bc16efa91a8fe480c50) C:\WINDOWS\System32\drivers\prodrv06.sys
18:26:50.0953 2276 prodrv06 - ok
18:26:51.0171 2276 prohlp02 (97184f49aa0733f6eea28ada265ba8da) C:\WINDOWS\system32\drivers\prohlp02.sys
18:26:51.0171 2276 prohlp02 - ok
18:26:51.0406 2276 prosync1 (960bce3ed38761b446aabac06c76badf) C:\WINDOWS\system32\drivers\prosync1.sys
18:26:51.0406 2276 prosync1 - ok
18:26:51.0625 2276 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:26:51.0625 2276 PSched - ok
18:26:51.0828 2276 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:26:51.0828 2276 Ptilink - ok
18:26:52.0000 2276 pvB41 - ok
18:26:52.0218 2276 pwd_2K (d1d27f04afa3741bcb23ee1d3f2a3a9b) C:\WINDOWS\system32\drivers\pwd_2K.sys
18:26:52.0218 2276 pwd_2K - ok
18:26:52.0453 2276 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
18:26:52.0453 2276 PxHelp20 - ok
18:26:52.0625 2276 ql1080 - ok
18:26:52.0812 2276 Ql10wnt - ok
18:26:52.0984 2276 ql12160 - ok
18:26:53.0156 2276 ql1240 - ok
18:26:53.0359 2276 ql1280 - ok
18:26:53.0562 2276 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:26:53.0562 2276 RasAcd - ok
18:26:53.0781 2276 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:26:53.0781 2276 Rasl2tp - ok
18:26:54.0000 2276 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:26:54.0000 2276 RasPppoe - ok
18:26:54.0218 2276 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:26:54.0218 2276 Raspti - ok
18:26:54.0453 2276 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:26:54.0468 2276 Rdbss - ok
18:26:54.0687 2276 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:26:54.0687 2276 RDPCDD - ok
18:26:54.0953 2276 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:26:54.0953 2276 rdpdr - ok
18:26:55.0203 2276 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
18:26:55.0218 2276 RDPWD - ok
18:26:55.0453 2276 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:26:55.0453 2276 redbook - ok
18:26:55.0671 2276 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
18:26:55.0671 2276 ROOTMODEM - ok
18:26:55.0890 2276 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:26:55.0906 2276 rtl8139 - ok
18:26:56.0125 2276 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:26:56.0125 2276 Secdrv - ok
18:26:56.0359 2276 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:26:56.0359 2276 serenum - ok
18:26:56.0578 2276 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
18:26:56.0578 2276 Serial - ok
18:26:56.0796 2276 sfdrv01 (58235f4483b63ff33b0fc41c1cd624c5) C:\WINDOWS\system32\drivers\sfdrv01.sys
18:26:56.0796 2276 sfdrv01 - ok
18:26:57.0000 2276 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
18:26:57.0015 2276 sfhlp01 - ok
18:26:57.0203 2276 sfhlp02 (e58bfc561f3d1d9c79b61a151c208c78) C:\WINDOWS\system32\drivers\sfhlp02.sys
18:26:57.0203 2276 sfhlp02 - ok
18:26:57.0437 2276 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:26:57.0437 2276 Sfloppy - ok
18:26:57.0656 2276 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
18:26:57.0656 2276 sfsync02 - ok
18:26:57.0843 2276 Simbad - ok
18:26:58.0046 2276 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:26:58.0046 2276 SLIP - ok
18:26:58.0234 2276 smwdm - ok
18:26:58.0468 2276 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
18:26:58.0468 2276 SONYPVU1 - ok
18:26:58.0656 2276 Sparrow - ok
18:26:58.0859 2276 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:26:58.0859 2276 splitter - ok
18:26:59.0093 2276 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
18:26:59.0093 2276 sr - ok
18:26:59.0328 2276 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
18:26:59.0343 2276 Srv - ok
18:26:59.0578 2276 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:26:59.0578 2276 streamip - ok
18:26:59.0796 2276 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:26:59.0796 2276 swenum - ok
18:27:00.0015 2276 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:27:00.0046 2276 swmidi - ok
18:27:00.0328 2276 symc810 - ok
18:27:00.0531 2276 symc8xx - ok
18:27:00.0718 2276 sym_hi - ok
18:27:00.0906 2276 sym_u3 - ok
18:27:01.0125 2276 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:27:01.0125 2276 sysaudio - ok
18:27:01.0375 2276 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:27:01.0406 2276 Tcpip - ok
18:27:01.0609 2276 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:27:01.0609 2276 TDPIPE - ok
18:27:01.0828 2276 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:27:01.0828 2276 TDTCP - ok
18:27:02.0046 2276 tenCapture (4333a34011814af753004419f42797aa) C:\WINDOWS\system32\DRIVERS\tenCapture.sys
18:27:02.0046 2276 tenCapture - ok
18:27:02.0265 2276 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:27:02.0265 2276 TermDD - ok
18:27:02.0468 2276 TosIde - ok
18:27:02.0671 2276 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
18:27:02.0671 2276 tunmp - ok
18:27:02.0859 2276 UdfReadr - ok
18:27:03.0062 2276 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:27:03.0078 2276 Udfs - ok
18:27:03.0250 2276 ultra - ok
18:27:03.0515 2276 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:27:03.0531 2276 Update - ok
18:27:03.0765 2276 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:27:03.0765 2276 USBAAPL - ok
18:27:03.0968 2276 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:27:03.0968 2276 usbehci - ok
18:27:04.0187 2276 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:27:04.0187 2276 usbhub - ok
18:27:04.0390 2276 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:27:04.0390 2276 usbscan - ok
18:27:04.0625 2276 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:27:04.0625 2276 USBSTOR - ok
18:27:04.0859 2276 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:27:04.0859 2276 usbuhci - ok
18:27:05.0031 2276 VComm - ok
18:27:05.0203 2276 VcommMgr - ok
18:27:05.0468 2276 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:27:05.0468 2276 VgaSave - ok
18:27:05.0828 2276 ViaIde - ok
18:27:06.0031 2276 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
18:27:06.0046 2276 VolSnap - ok
18:27:06.0281 2276 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:27:06.0281 2276 Wanarp - ok
18:27:06.0484 2276 WDICA - ok
18:27:06.0703 2276 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:27:06.0703 2276 wdmaud - ok
18:27:06.0984 2276 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:27:06.0984 2276 WSTCODEC - ok
18:27:07.0203 2276 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:27:07.0203 2276 WudfPf - ok
18:27:07.0421 2276 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:27:07.0437 2276 WudfRd - ok
18:27:07.0609 2276 XDva090 - ok
18:27:07.0656 2276 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
18:27:07.0765 2276 \Device\Harddisk0\DR0 - ok
18:27:07.0765 2276 Boot (0x1200) (03980e6f51a1fcc3a3ba98912d01d857) \Device\Harddisk0\DR0\Partition0
18:27:07.0765 2276 \Device\Harddisk0\DR0\Partition0 - ok
18:27:07.0796 2276 Boot (0x1200) (04bfbb8348dafb555845edc97d17d6c5) \Device\Harddisk0\DR0\Partition1
18:27:07.0796 2276 \Device\Harddisk0\DR0\Partition1 - ok
18:27:07.0796 2276 ============================================================
18:27:07.0796 2276 Scan finished
18:27:07.0796 2276 ============================================================
18:27:07.0812 2332 Detected object count: 0
18:27:07.0812 2332 Actual detected object count: 0
18:26:10.0296 0684 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
18:26:10.0500 0684 ============================================================
18:26:10.0500 0684 Current date / time: 2011/11/23 18:26:10.0500
18:26:10.0500 0684 SystemInfo:
18:26:10.0500 0684
18:26:10.0500 0684 OS Version: 5.1.2600 ServicePack: 3.0
18:26:10.0500 0684 Product type: Workstation
18:26:10.0500 0684 ComputerName: COMPUTER
18:26:10.0500 0684 UserName: Foto
18:26:10.0500 0684 Windows directory: C:\WINDOWS
18:26:10.0500 0684 System windows directory: C:\WINDOWS
18:26:10.0500 0684 Processor architecture: Intel x86
18:26:10.0500 0684 Number of processors: 2
18:26:10.0500 0684 Page size: 0x1000
18:26:10.0500 0684 Boot type: Normal boot
18:26:10.0500 0684 ============================================================
18:26:11.0593 0684 Initialize success
18:26:13.0234 2276 ============================================================
18:26:13.0234 2276 Scan started
18:26:13.0234 2276 Mode: Manual;
18:26:13.0234 2276 ============================================================
18:26:14.0031 2276 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
18:26:14.0031 2276 Aavmker4 - ok
18:26:14.0203 2276 Abiosdsk - ok
18:26:14.0406 2276 abp480n5 - ok
18:26:14.0671 2276 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:26:14.0671 2276 ACPI - ok
18:26:14.0890 2276 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:26:14.0890 2276 ACPIEC - ok
18:26:15.0093 2276 adpu160m - ok
18:26:15.0281 2276 aeaudio - ok
18:26:15.0531 2276 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:26:15.0531 2276 aec - ok
18:26:15.0750 2276 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
18:26:15.0750 2276 AFD - ok
18:26:16.0031 2276 AgereSoftModem (2335c7f0fc7a100228dcae4b00077bf1) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
18:26:16.0218 2276 AgereSoftModem - ok
18:26:16.0671 2276 agL17 - ok
18:26:17.0000 2276 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:26:17.0000 2276 agp440 - ok
18:26:17.0187 2276 Aha154x - ok
18:26:17.0437 2276 ahN28 - ok
18:26:17.0625 2276 aic78u2 - ok
18:26:17.0828 2276 aic78xx - ok
18:26:18.0031 2276 AliIde - ok
18:26:18.0234 2276 amsint - ok
18:26:18.0484 2276 Asapi (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapi.sys
18:26:18.0484 2276 Asapi - ok
18:26:18.0671 2276 asc - ok
18:26:18.0875 2276 asc3350p - ok
18:26:19.0062 2276 asc3550 - ok
18:26:19.0296 2276 Aspi32 (20d04091eba710f6988f710507d85868) C:\WINDOWS\system32\drivers\Aspi32.sys
18:26:19.0296 2276 Aspi32 - ok
18:26:19.0531 2276 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:26:19.0531 2276 aswFsBlk - ok
18:26:19.0734 2276 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
18:26:19.0750 2276 aswMon2 - ok
18:26:19.0968 2276 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
18:26:19.0968 2276 aswRdr - ok
18:26:20.0203 2276 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
18:26:20.0234 2276 aswSnx - ok
18:26:20.0468 2276 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
18:26:20.0500 2276 aswSP - ok
18:26:20.0703 2276 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
18:26:20.0703 2276 aswTdi - ok
18:26:20.0921 2276 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:26:20.0921 2276 AsyncMac - ok
18:26:21.0140 2276 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:26:21.0140 2276 atapi - ok
18:26:21.0328 2276 Atdisk - ok
18:26:21.0578 2276 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:26:21.0578 2276 Atmarpc - ok
18:26:21.0812 2276 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:26:21.0812 2276 audstub - ok
18:26:22.0046 2276 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:26:22.0046 2276 Beep - ok
18:26:22.0265 2276 Bhn74 - ok
18:26:22.0468 2276 BlueletAudio - ok
18:26:22.0656 2276 BlueletSCOAudio - ok
18:26:22.0859 2276 BT - ok
18:26:23.0062 2276 Btcsrusb - ok
18:26:23.0265 2276 BTHidEnum - ok
18:26:23.0453 2276 BTHidMgr - ok
18:26:23.0671 2276 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:26:23.0671 2276 cbidf2k - ok
18:26:23.0890 2276 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:26:23.0890 2276 CCDECODE - ok
18:26:24.0062 2276 cd20xrnt - ok
18:26:24.0296 2276 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:26:24.0312 2276 Cdaudio - ok
18:26:24.0546 2276 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:26:24.0562 2276 Cdfs - ok
18:26:24.0781 2276 Cdr4_2K (f29b3d3b00f44a3ca772151aab312ca6) C:\WINDOWS\system32\drivers\Cdr4_2K.sys
18:26:24.0796 2276 Cdr4_2K - ok
18:26:25.0156 2276 Cdralw2k (0b7d5ecee3b1c6f515c3961a2ce32fc4) C:\WINDOWS\system32\drivers\Cdralw2k.sys
18:26:25.0171 2276 Cdralw2k - ok
18:26:25.0484 2276 cdrbsvsd (7fc46240546c16c0448c29c9d233b915) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
18:26:25.0484 2276 cdrbsvsd - ok
18:26:25.0703 2276 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:26:25.0703 2276 Cdrom - ok
18:26:25.0890 2276 Cdudf - ok
18:26:26.0093 2276 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
18:26:26.0093 2276 cercsr6 - ok
18:26:26.0265 2276 Changer - ok
18:26:26.0468 2276 ciO30 - ok
18:26:26.0640 2276 ckP38 - ok
18:26:26.0828 2276 CmdIde - ok
18:26:27.0015 2276 Cpqarray - ok
18:26:27.0250 2276 ctac32k (23d6d320c0d236784ef0ccf7cbf6c1c0) C:\WINDOWS\system32\drivers\ctac32k.sys
18:26:27.0250 2276 ctac32k - ok
18:26:27.0484 2276 ctaud2k (16693a385321ceac8f24a53070efc378) C:\WINDOWS\system32\drivers\ctaud2k.sys
18:26:27.0515 2276 ctaud2k - ok
18:26:27.0703 2276 ctdvda2k - ok
18:26:27.0890 2276 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
18:26:27.0890 2276 ctljystk - ok
18:26:28.0093 2276 ctprxy2k (53b99368d26ab1be9c3842976df5543c) C:\WINDOWS\system32\drivers\ctprxy2k.sys
18:26:28.0093 2276 ctprxy2k - ok
18:26:28.0343 2276 ctsfm2k (73746e147e50249b790bc631891063b5) C:\WINDOWS\system32\drivers\ctsfm2k.sys
18:26:28.0343 2276 ctsfm2k - ok
18:26:28.0546 2276 dac2w2k - ok
18:26:28.0734 2276 dac960nt - ok
18:26:28.0953 2276 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:26:28.0968 2276 Disk - ok
18:26:29.0140 2276 dkP05 - ok
18:26:29.0437 2276 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
18:26:29.0468 2276 dmboot - ok
18:26:29.0718 2276 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
18:26:29.0718 2276 dmio - ok
18:26:29.0937 2276 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:26:29.0953 2276 dmload - ok
18:26:30.0171 2276 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:26:30.0171 2276 DMusic - ok
18:26:30.0359 2276 dpti2o - ok
18:26:30.0578 2276 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:26:30.0578 2276 drmkaud - ok
18:26:30.0781 2276 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
18:26:30.0781 2276 dvd43llh - ok
18:26:30.0984 2276 dvd_2K (dc3528506b5d3a374710d94fb2c05960) C:\WINDOWS\system32\drivers\dvd_2K.sys
18:26:30.0984 2276 dvd_2K - ok
18:26:31.0218 2276 emupia (a75959f10b6b536982f872b55fc6ce27) C:\WINDOWS\system32\drivers\emupia2k.sys
18:26:31.0218 2276 emupia - ok
18:26:31.0468 2276 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:26:31.0468 2276 Fastfat - ok
18:26:31.0687 2276 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:26:31.0703 2276 Fdc - ok
18:26:31.0921 2276 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
18:26:31.0921 2276 Fips - ok
18:26:32.0140 2276 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:26:32.0140 2276 Flpydisk - ok
18:26:32.0375 2276 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:26:32.0375 2276 FltMgr - ok
18:26:32.0609 2276 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:26:32.0609 2276 Fs_Rec - ok
18:26:32.0796 2276 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:26:32.0812 2276 Ftdisk - ok
18:26:33.0000 2276 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
18:26:33.0000 2276 gameenum - ok
18:26:33.0218 2276 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:26:33.0218 2276 Gpc - ok
18:26:33.0484 2276 ha10kx2k (bcb3281bfc4eeb8d82932669490013cd) C:\WINDOWS\system32\drivers\ha10kx2k.sys
18:26:33.0515 2276 ha10kx2k - ok
18:26:33.0718 2276 hap16v2k (f8cad1257f4493456486d9964f51a70d) C:\WINDOWS\system32\drivers\hap16v2k.sys
18:26:33.0718 2276 hap16v2k - ok
18:26:33.0921 2276 hpn - ok
18:26:34.0156 2276 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
18:26:34.0156 2276 HTTP - ok
18:26:34.0375 2276 i2omgmt - ok
18:26:34.0562 2276 i2omp - ok
18:26:34.0796 2276 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:26:34.0796 2276 i8042prt - ok
18:26:35.0046 2276 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:26:35.0046 2276 Imapi - ok
18:26:35.0234 2276 ini910u - ok
18:26:35.0453 2276 IntelIde (57d928e548b38502abba7a77a6eb7312) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:26:35.0453 2276 IntelIde - ok
18:26:35.0671 2276 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:26:35.0671 2276 intelppm - ok
18:26:35.0890 2276 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:26:35.0890 2276 Ip6Fw - ok
18:26:36.0093 2276 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:26:36.0093 2276 IpFilterDriver - ok
18:26:36.0312 2276 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:26:36.0312 2276 IpInIp - ok
18:26:36.0546 2276 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:26:36.0562 2276 IpNat - ok
18:26:36.0781 2276 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:26:36.0781 2276 IPSec - ok
18:26:37.0000 2276 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:26:37.0000 2276 IRENUM - ok
18:26:37.0218 2276 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:26:37.0234 2276 isapnp - ok
18:26:37.0687 2276 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:26:37.0703 2276 Kbdclass - ok
18:26:37.0937 2276 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:26:37.0953 2276 kmixer - ok
18:26:38.0140 2276 kqW74 - ok
18:26:38.0359 2276 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:26:38.0375 2276 KSecDD - ok
18:26:38.0562 2276 lbrtfdc - ok
18:26:38.0765 2276 lrW07 - ok
18:26:38.0968 2276 lrW40 - ok
18:26:39.0171 2276 ltA17 - ok
18:26:39.0234 2276 mdxgthkn - ok
18:26:39.0453 2276 mmc_2K (64730819d8b1b17ffd387c314d493966) C:\WINDOWS\system32\drivers\mmc_2K.sys
18:26:39.0453 2276 mmc_2K - ok
18:26:39.0671 2276 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:26:39.0671 2276 mnmdd - ok
18:26:39.0906 2276 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
18:26:39.0906 2276 Modem - ok
18:26:40.0125 2276 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:26:40.0140 2276 MODEMCSA - ok
18:26:40.0328 2276 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:26:40.0343 2276 Mouclass - ok
18:26:40.0562 2276 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:26:40.0562 2276 MountMgr - ok
18:26:40.0750 2276 mraid35x - ok
18:26:41.0000 2276 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:26:41.0000 2276 MRxDAV - ok
18:26:41.0250 2276 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:26:41.0265 2276 MRxSmb - ok
18:26:41.0484 2276 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:26:41.0500 2276 Msfs - ok
18:26:41.0703 2276 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:26:41.0718 2276 MSKSSRV - ok
18:26:41.0921 2276 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:26:41.0921 2276 MSPCLOCK - ok
18:26:42.0140 2276 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:26:42.0140 2276 MSPQM - ok
18:26:42.0343 2276 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:26:42.0343 2276 mssmbios - ok
18:26:42.0546 2276 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:26:42.0546 2276 MSTEE - ok
18:26:42.0765 2276 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
18:26:42.0781 2276 Mup - ok
18:26:43.0000 2276 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:26:43.0015 2276 NABTSFEC - ok
18:26:43.0265 2276 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:26:43.0265 2276 NDIS - ok
18:26:43.0484 2276 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:26:43.0484 2276 NdisIP - ok
18:26:43.0703 2276 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:26:43.0703 2276 NdisTapi - ok
18:26:43.0906 2276 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:26:43.0906 2276 Ndisuio - ok
18:26:44.0140 2276 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:26:44.0140 2276 NdisWan - ok
18:26:44.0359 2276 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
18:26:44.0375 2276 NDProxy - ok
18:26:44.0593 2276 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:26:44.0609 2276 NetBIOS - ok
18:26:44.0859 2276 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:26:44.0859 2276 NetBT - ok
18:26:45.0109 2276 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:26:45.0109 2276 Npfs - ok
18:26:45.0296 2276 ntA63 - ok
18:26:45.0515 2276 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:26:45.0546 2276 Ntfs - ok
18:26:45.0781 2276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:26:45.0796 2276 Null - ok
18:26:46.0062 2276 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:26:46.0109 2276 nv - ok
18:26:46.0328 2276 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:26:46.0328 2276 NwlnkFlt - ok
18:26:46.0546 2276 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:26:46.0546 2276 NwlnkFwd - ok
18:26:46.0765 2276 ossrv (64de7fde0aac66f721addd1e0394e664) C:\WINDOWS\system32\drivers\ctoss2k.sys
18:26:46.0765 2276 ossrv - ok
18:26:46.0953 2276 ouB63 - ok
18:26:47.0156 2276 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
18:26:47.0156 2276 Parport - ok
18:26:47.0375 2276 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:26:47.0390 2276 PartMgr - ok
18:26:47.0609 2276 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
18:26:47.0609 2276 ParVdm - ok
18:26:47.0796 2276 PCAudi (f66d7110057ef0d5fb9207a1ea7586bc) C:\WINDOWS\system32\drivers\pcaudi.sys
18:26:47.0812 2276 PCAudi - ok
18:26:48.0031 2276 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
18:26:48.0046 2276 PCI - ok
18:26:48.0218 2276 PCIDump - ok
18:26:48.0453 2276 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:26:48.0453 2276 PCIIde - ok
18:26:48.0671 2276 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:26:48.0687 2276 Pcmcia - ok
18:26:48.0859 2276 PDCOMP - ok
18:26:49.0031 2276 PDFRAME - ok
18:26:49.0203 2276 PDRELI - ok
18:26:49.0406 2276 PDRFRAME - ok
18:26:49.0609 2276 perc2 - ok
18:26:49.0796 2276 perc2hib - ok
18:26:50.0031 2276 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
18:26:50.0046 2276 pfc - ok
18:26:50.0265 2276 PnkBstrK (752fee296507f1e3d327e013e03d870d) C:\WINDOWS\system32\drivers\PnkBstrK.sys
18:26:50.0265 2276 PnkBstrK - ok
18:26:50.0500 2276 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:26:50.0500 2276 PptpMiniport - ok
18:26:50.0734 2276 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
18:26:50.0734 2276 Processor - ok
18:26:50.0953 2276 prodrv06 (09921a58b4278bc16efa91a8fe480c50) C:\WINDOWS\System32\drivers\prodrv06.sys
18:26:50.0953 2276 prodrv06 - ok
18:26:51.0171 2276 prohlp02 (97184f49aa0733f6eea28ada265ba8da) C:\WINDOWS\system32\drivers\prohlp02.sys
18:26:51.0171 2276 prohlp02 - ok
18:26:51.0406 2276 prosync1 (960bce3ed38761b446aabac06c76badf) C:\WINDOWS\system32\drivers\prosync1.sys
18:26:51.0406 2276 prosync1 - ok
18:26:51.0625 2276 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:26:51.0625 2276 PSched - ok
18:26:51.0828 2276 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:26:51.0828 2276 Ptilink - ok
18:26:52.0000 2276 pvB41 - ok
18:26:52.0218 2276 pwd_2K (d1d27f04afa3741bcb23ee1d3f2a3a9b) C:\WINDOWS\system32\drivers\pwd_2K.sys
18:26:52.0218 2276 pwd_2K - ok
18:26:52.0453 2276 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
18:26:52.0453 2276 PxHelp20 - ok
18:26:52.0625 2276 ql1080 - ok
18:26:52.0812 2276 Ql10wnt - ok
18:26:52.0984 2276 ql12160 - ok
18:26:53.0156 2276 ql1240 - ok
18:26:53.0359 2276 ql1280 - ok
18:26:53.0562 2276 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:26:53.0562 2276 RasAcd - ok
18:26:53.0781 2276 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:26:53.0781 2276 Rasl2tp - ok
18:26:54.0000 2276 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:26:54.0000 2276 RasPppoe - ok
18:26:54.0218 2276 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:26:54.0218 2276 Raspti - ok
18:26:54.0453 2276 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:26:54.0468 2276 Rdbss - ok
18:26:54.0687 2276 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:26:54.0687 2276 RDPCDD - ok
18:26:54.0953 2276 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:26:54.0953 2276 rdpdr - ok
18:26:55.0203 2276 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
18:26:55.0218 2276 RDPWD - ok
18:26:55.0453 2276 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:26:55.0453 2276 redbook - ok
18:26:55.0671 2276 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
18:26:55.0671 2276 ROOTMODEM - ok
18:26:55.0890 2276 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:26:55.0906 2276 rtl8139 - ok
18:26:56.0125 2276 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:26:56.0125 2276 Secdrv - ok
18:26:56.0359 2276 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:26:56.0359 2276 serenum - ok
18:26:56.0578 2276 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
18:26:56.0578 2276 Serial - ok
18:26:56.0796 2276 sfdrv01 (58235f4483b63ff33b0fc41c1cd624c5) C:\WINDOWS\system32\drivers\sfdrv01.sys
18:26:56.0796 2276 sfdrv01 - ok
18:26:57.0000 2276 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
18:26:57.0015 2276 sfhlp01 - ok
18:26:57.0203 2276 sfhlp02 (e58bfc561f3d1d9c79b61a151c208c78) C:\WINDOWS\system32\drivers\sfhlp02.sys
18:26:57.0203 2276 sfhlp02 - ok
18:26:57.0437 2276 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:26:57.0437 2276 Sfloppy - ok
18:26:57.0656 2276 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
18:26:57.0656 2276 sfsync02 - ok
18:26:57.0843 2276 Simbad - ok
18:26:58.0046 2276 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:26:58.0046 2276 SLIP - ok
18:26:58.0234 2276 smwdm - ok
18:26:58.0468 2276 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
18:26:58.0468 2276 SONYPVU1 - ok
18:26:58.0656 2276 Sparrow - ok
18:26:58.0859 2276 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:26:58.0859 2276 splitter - ok
18:26:59.0093 2276 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
18:26:59.0093 2276 sr - ok
18:26:59.0328 2276 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
18:26:59.0343 2276 Srv - ok
18:26:59.0578 2276 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:26:59.0578 2276 streamip - ok
18:26:59.0796 2276 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:26:59.0796 2276 swenum - ok
18:27:00.0015 2276 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:27:00.0046 2276 swmidi - ok
18:27:00.0328 2276 symc810 - ok
18:27:00.0531 2276 symc8xx - ok
18:27:00.0718 2276 sym_hi - ok
18:27:00.0906 2276 sym_u3 - ok
18:27:01.0125 2276 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:27:01.0125 2276 sysaudio - ok
18:27:01.0375 2276 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:27:01.0406 2276 Tcpip - ok
18:27:01.0609 2276 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:27:01.0609 2276 TDPIPE - ok
18:27:01.0828 2276 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:27:01.0828 2276 TDTCP - ok
18:27:02.0046 2276 tenCapture (4333a34011814af753004419f42797aa) C:\WINDOWS\system32\DRIVERS\tenCapture.sys
18:27:02.0046 2276 tenCapture - ok
18:27:02.0265 2276 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:27:02.0265 2276 TermDD - ok
18:27:02.0468 2276 TosIde - ok
18:27:02.0671 2276 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
18:27:02.0671 2276 tunmp - ok
18:27:02.0859 2276 UdfReadr - ok
18:27:03.0062 2276 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:27:03.0078 2276 Udfs - ok
18:27:03.0250 2276 ultra - ok
18:27:03.0515 2276 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:27:03.0531 2276 Update - ok
18:27:03.0765 2276 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:27:03.0765 2276 USBAAPL - ok
18:27:03.0968 2276 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:27:03.0968 2276 usbehci - ok
18:27:04.0187 2276 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:27:04.0187 2276 usbhub - ok
18:27:04.0390 2276 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:27:04.0390 2276 usbscan - ok
18:27:04.0625 2276 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:27:04.0625 2276 USBSTOR - ok
18:27:04.0859 2276 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:27:04.0859 2276 usbuhci - ok
18:27:05.0031 2276 VComm - ok
18:27:05.0203 2276 VcommMgr - ok
18:27:05.0468 2276 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:27:05.0468 2276 VgaSave - ok
18:27:05.0828 2276 ViaIde - ok
18:27:06.0031 2276 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
18:27:06.0046 2276 VolSnap - ok
18:27:06.0281 2276 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:27:06.0281 2276 Wanarp - ok
18:27:06.0484 2276 WDICA - ok
18:27:06.0703 2276 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:27:06.0703 2276 wdmaud - ok
18:27:06.0984 2276 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:27:06.0984 2276 WSTCODEC - ok
18:27:07.0203 2276 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:27:07.0203 2276 WudfPf - ok
18:27:07.0421 2276 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:27:07.0437 2276 WudfRd - ok
18:27:07.0609 2276 XDva090 - ok
18:27:07.0656 2276 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
18:27:07.0765 2276 \Device\Harddisk0\DR0 - ok
18:27:07.0765 2276 Boot (0x1200) (03980e6f51a1fcc3a3ba98912d01d857) \Device\Harddisk0\DR0\Partition0
18:27:07.0765 2276 \Device\Harddisk0\DR0\Partition0 - ok
18:27:07.0796 2276 Boot (0x1200) (04bfbb8348dafb555845edc97d17d6c5) \Device\Harddisk0\DR0\Partition1
18:27:07.0796 2276 \Device\Harddisk0\DR0\Partition1 - ok
18:27:07.0796 2276 ============================================================
18:27:07.0796 2276 Scan finished
18:27:07.0796 2276 ============================================================
18:27:07.0812 2332 Detected object count: 0
18:27:07.0812 2332 Actual detected object count: 0
Re: Preventivní kontrola
Nic se nedeje, od toho tu MODi jsou, aby drzely forum ciste 
Pri stahovani ComboFixu jej ulozte jako Beruska.comPROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Preventivní kontrola
ComboFix 11-11-23.01 - Foto 23.11.2011 19:24:16.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.239 [GMT 1:00]
Spuštěný z: c:\documents and settings\Foto\Plocha\Beruska.com.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Foto\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Foto\WINDOWS
c:\windows\CSC\d6
c:\windows\IsUn0405.exe
c:\windows\msmqinst.log
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
c:\windows\msxml6-KB954459-enu-x86.LOG
c:\windows\msxml6-KB973686-enu-x86.LOG
c:\windows\system32\ccgxluaa.ini
c:\windows\system32\eobebpxu.ini
c:\windows\system32\fuqfsidk.ini
c:\windows\system32\hjRrtBeg.ini
c:\windows\system32\hjRrtBeg.ini2
c:\windows\system32\jnypdtpx.ini
c:\windows\system32\kmfnfpuy.ini
c:\windows\system32\krrijcnk.ini
c:\windows\system32\mvwmhjmg.ini
c:\windows\system32\okvvtaag.ini
c:\windows\system32\pimarmpp.ini
c:\windows\system32\qimljuut.ini
c:\windows\system32\rtdqxdkb.ini
c:\windows\system32\sgqbpcub.ini
c:\windows\system32\TZLog.log
c:\windows\system32\VxGhknpo.ini
c:\windows\system32\VxGhknpo.ini2
c:\windows\system32\xokrjfyy.ini
c:\windows\system32\xskfusve.ini
c:\windows\system32\ypenodgk.ini
c:\windows\system32\ytogyfyo.ini
c:\windows\unin0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-23 do 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-23 18:12 . 2008-04-14 07:52 219648 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-11-23 17:44 . 2011-11-23 18:02 -------- d-----w- c:\documents and settings\Foto\Data aplikací\Skype
2011-11-23 17:43 . 2011-11-23 17:43 -------- d-----r- c:\program files\Skype
2011-11-23 17:35 . 2011-11-23 17:35 -------- d-----w- c:\program files\Defraggler
2011-11-23 16:58 . 2011-11-23 16:58 -------- d-sh--w- c:\documents and settings\Foto\PrivacIE
2011-11-23 16:55 . 2011-11-23 16:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ConeXware
2011-11-23 16:39 . 2011-11-23 16:39 -------- d-----w- c:\program files\trend micro
2011-11-23 16:39 . 2011-11-23 16:39 -------- dc----w- C:\rsit
2011-11-23 16:21 . 2011-11-23 16:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Caphyon
2011-11-23 16:21 . 2011-11-23 16:21 -------- d-----w- c:\program files\PatchBeam
2011-11-23 16:12 . 2011-11-23 16:12 -------- d-sh--w- c:\documents and settings\Foto\IETldCache
2011-11-23 16:12 . 2011-11-23 16:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-11-23 16:06 . 2011-11-23 16:08 -------- dc-h--w- c:\windows\ie8
2011-11-23 16:01 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-11-23 16:00 . 2011-08-22 23:41 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-11-23 16:00 . 2011-08-22 23:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-11-23 16:00 . 2011-08-22 23:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-11-23 16:00 . 2011-08-22 23:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-11-23 16:00 . 2011-08-22 23:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-11-23 16:00 . 2011-08-22 23:41 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-11-23 16:00 . 2011-08-23 16:41 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-11-23 15:58 . 2011-11-23 15:58 -------- d-----w- c:\documents and settings\Foto\Local Settings\Data aplikací\APN
2011-11-23 15:41 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-23 15:40 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-23 15:39 . 2011-11-23 15:39 -------- d-----w- c:\program files\AVAST Software
2011-11-23 15:39 . 2011-11-23 15:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-11-23 13:56 . 2008-04-14 07:48 6144 ------w- c:\windows\system32\kbdbhc.dll
2011-11-23 13:51 . 2008-04-14 07:51 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2011-11-23 13:48 . 2006-12-28 23:31 19569 ----a-w- c:\windows\003206_.tmp
2011-11-23 12:59 . 2011-11-23 12:59 -------- d-----w- c:\documents and settings\Foto\Local Settings\Data aplikací\PackageAware
2011-11-22 10:42 . 2011-11-22 10:42 -------- d-----w- c:\windows\system32\XPSViewer
2011-11-22 10:42 . 2011-11-22 10:42 -------- d-----w- c:\program files\MSBuild
2011-11-22 10:42 . 2011-11-22 10:42 -------- d-----w- c:\program files\Reference Assemblies
2011-11-22 10:42 . 2011-11-22 10:42 -------- dc----w- C:\d0069953962846fca0
2011-11-22 07:21 . 2011-11-22 07:21 -------- d-----w- c:\windows\system32\KB905474
2011-11-21 21:10 . 2011-11-23 13:53 -------- d-----w- c:\windows\ServicePackFiles
2011-11-21 21:07 . 2011-11-21 21:07 -------- d-----w- c:\program files\MSXML 6.0
2011-11-21 21:00 . 2011-11-21 21:00 -------- d-----w- c:\program files\MSXML 4.0
2011-11-21 20:52 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2011-11-21 20:51 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-11-21 20:51 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-11-21 20:51 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-11-21 20:48 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-11-21 20:42 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-11-21 20:41 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 18:12 . 2004-08-18 10:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2011-11-21 20:57 . 2008-05-15 11:51 143 ----a-w- c:\windows\system32\mcrh.tmp
2011-09-06 21:45 . 2008-05-17 23:22 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 21:37 . 2008-05-17 23:22 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 21:36 . 2008-05-17 23:22 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 21:36 . 2008-05-17 23:22 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 21:36 . 2008-05-17 23:22 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 21:36 . 2008-05-17 23:22 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 21:36 . 2008-05-17 23:22 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 21:33 . 2008-05-17 23:22 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2004-07-26 01:16 . 2007-09-03 15:07 598086 ----a-w- c:\program files\DVD Shrink 3.2.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7D27FB-CA10-4CE3-B312-8A164671FD03}]
2007-12-18 15:15 82432 ----a-w- c:\program files\NetCentrum\Turbo\bho.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2002-02-07 40960]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 40960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-7 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\f:\0autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\agL17.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ahN28.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhn74.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ciO30.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ckP38.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dkP05.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kqW74.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lrW07.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lrW40.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ltA17.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouB63.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pvB41.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [8.7.2007 13:04 11264]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23.11.2011 16:41 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18.5.2008 0:22 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.5.2008 0:22 20568]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.4.2007 15:15 9344]
S0 agL17;agL17;c:\windows\system32\Drivers\agL17.sys --> c:\windows\system32\Drivers\agL17.sys [?]
S0 ahN28;ahN28;c:\windows\system32\Drivers\ahN28.sys --> c:\windows\system32\Drivers\ahN28.sys [?]
S0 Bhn74;Bhn74;c:\windows\system32\Drivers\Bhn74.sys --> c:\windows\system32\Drivers\Bhn74.sys [?]
S0 ciO30;ciO30;c:\windows\system32\Drivers\ciO30.sys --> c:\windows\system32\Drivers\ciO30.sys [?]
S0 ckP38;ckP38;c:\windows\system32\Drivers\ckP38.sys --> c:\windows\system32\Drivers\ckP38.sys [?]
S0 dkP05;dkP05;c:\windows\system32\Drivers\dkP05.sys --> c:\windows\system32\Drivers\dkP05.sys [?]
S0 kqW74;kqW74;c:\windows\system32\Drivers\kqW74.sys --> c:\windows\system32\Drivers\kqW74.sys [?]
S0 lrW07;lrW07;c:\windows\system32\Drivers\lrW07.sys --> c:\windows\system32\Drivers\lrW07.sys [?]
S0 lrW40;lrW40;c:\windows\system32\Drivers\lrW40.sys --> c:\windows\system32\Drivers\lrW40.sys [?]
S0 ltA17;ltA17;c:\windows\system32\Drivers\ltA17.sys --> c:\windows\system32\Drivers\ltA17.sys [?]
S0 ouB63;ouB63;c:\windows\system32\Drivers\ouB63.sys --> c:\windows\system32\Drivers\ouB63.sys [?]
S0 pvB41;pvB41;c:\windows\system32\Drivers\pvB41.sys --> c:\windows\system32\Drivers\pvB41.sys [?]
S1 Cdudf;Cdudf; [x]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.12.2001 23:17 136176]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31.12.2001 23:17 136176]
S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\User\LOCALS~1\Temp\mdxgthkn.sys --> c:\docume~1\User\LOCALS~1\Temp\mdxgthkn.sys [?]
S3 PCAudi;Auditivo PCAudi - Virtual Audio Device;c:\windows\system32\drivers\pcaudi.sys [18.1.2007 3:35 56832]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2001-12-31 22:17]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2001-12-31 22:17]
.
2011-11-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-11-22 21:18]
.
2011-11-23 c:\windows\Tasks\{0BEFEABE-F34A-4F6F-BFA3-2ACC54F1D858}_COMPUTER_Foto.job
- c:\windows\system32\mobsync.exe [2004-08-18 07:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.talti.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{141D2E4F-F313-4991-B61A-EE5D6D849361} - http://bleskove.centrum.cz
IE: {{2A5CFB1C-AAA2-4760-8462-1B61CF74B7D8} - http://www.centrum.cz
IE: {{2BCB61BF-DC41-4738-A149-BDAAAD7FF0BD} - http://www.xchat.cz
IE: {{2E01031B-AB09-4455-823D-25F1A1C11F48} - http://aktualne.centrum.cz
IE: {{2F741D0A-150E-40F9-A602-1B2421475F1D} - http://slovniky.centrum.cz
IE: {{309176E6-E204-40A0-8D13-7F19C0498C40} - http://www.supermapy.cz
IE: {{49681216-5BF4-41A2-AAFA-129A6BD625DA} - http://mp3.centrum.cz/
IE: {{8B6E8E01-D262-4980-8C27-B8B2802285C1} - http://www.zena.cz
IE: {{8FD64249-590C-4FBC-B181-12A6BAF516AF} - http://www.fotoalba.cz
IE: {{A5050656-2286-454F-A489-C605ED1B461C} - http://pocasi.centrum.cz
IE: {{BC78516C-9DC9-40C5-A91E-74593222EF89} - http://sportplus.centrum.cz
IE: {{DAE865E8-970E-4931-A172-119CB56BBAF5} - http://www.digitalne.cz/
IE: {{FC29EB7D-EDBA-4299-AEE4-D1BDC70EFA15} - http://www.stahuj.cz/
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15187
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{11D54ACE-09A9-11D4-8ACE-00C04F542830} - (no file)
BHO-{44742878-4CC3-4781-BA86-23D704E22B48} - (no file)
BHO-{ED15212B-018F-41FF-BBA1-C9BBDC95C9BF} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKLM-Run-pdfSaver3 - (no file)
SSODL-vbksrofa-{15B0A9DC-DFD9-4248-91F3-C752D83F4609} - (no file)
Notify-xxyxWpmL - xxyxWpmL.dll
SafeBoot-ntA63.sys
AddRemove-Adobe Illustrator 7.0.1 CZ - c:\windows\unin0405.exe
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
AddRemove-ArCon - c:\windows\IsUn0405.exe
AddRemove-DirectCD - c:\program files\Roxio\DirectCD\DCDUnins.isu
AddRemove-InfoMapa 5.0 - e:\infomapa\Setup.exe
AddRemove-InfoMapa 5.0 - InfoTools - c:\windows\IsUn0405.exe
AddRemove-InfoMapa 5.0 - Systém - c:\windows\IsUn0405.exe
AddRemove-InfoMapa 5.0 -100 měst - c:\windows\IsUn0405.exe
AddRemove-InfoMapa 5.0 -Brno - c:\windows\IsUn0405.exe
AddRemove-InfoMapa 5.0 -Hradec Králové - c:\windows\IsUn0405.exe
AddRemove-InfoMapa 5.0 -Ostrava - c:\windows\IsUn0405.exe
AddRemove-InfoMapa 5.0 -Praha - c:\windows\IsUn0405.exe
AddRemove-InfoMapa 5.0 -Slovenská republika - c:\windows\IsUn0405.exe
AddRemove-InfoMapa 5.0 -SRN - c:\windows\IsUn0405.exe
AddRemove-InfoMapa 5.0 -Česká republika - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-23 19:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="B452525F022DE951E8056D0D3A9F2A8B8C6713251E99C3BBD61334877AFEB7D96BE74B090483E3D6DA17298C9C655A18A805D1E32876C741647BED07E96FE954DBA6CA14FA1E951ECAEBE3A9C95ACDED30028588B050E9A820E67785919ACD20B39FC0541224ABC281C9F015D4E86017277880BE5179D708E465C3CD34D4807FC9775FCF5490D4576B0A6131B0D1F392319558668896426A301B075CF8C925AA14651EC132334660999A0E1739296C511A1E6415B91EDFCE263DBCE2EA7562CE2E35B7977F2D3656C0FA938F29D6B13ACE66C3132B60E8A98C1A22C6F9AB630B59C7AB74F576E026B942D11C2496B1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555BA7FD869164D6794A6A0AC4980AC79335C58011B99DBBBCF45A5FC2040FAFE87D29A048A68971C56810961C286B8BE68C9147340FA77F309D0B040D3273CEA7EE2A7D7074D12F6E9C038FE8ACB0CE8C53C3C35389CB2B8E3A465019CAB0B7F8A8409951879283B18ABF53D8B944CEB3A0B679F1A589B7932E5754C73046070B04BA69F38205A01B56086F35F3126640D81D21FBF3C29F84DABB6C1151E9945F93A8FEC23AA8FB79DF2CD0E652727C48760DE33C90C31CD11842018001778D972CD75065B35931DAB6AD90BBE31C4D179DC0DF1993DF1615B71D017F844A15E2B742F0B268F12C64340577DD13B5526351D078157F98BF49166889E082C20D6380E352D8BBE9E1FC8E6198CC8671330133E199F6FA28199994D2C1DFA0A5F9933F1A633587CAF6227BD1874120C2030E950B29B8F483C36E00343995FCEB15437EAC3F61FB3A09F4B1E6D83DF31FD3C9B5666DA2A318905D5D87DAC8B1D4D85E635F466B4052EBCA652581E281694BF0A49EDD3F7581917EC93AA8417CBC981E5044285B1467C732F993C3B25AA2FF51B95A494F3EC7ECC1D6B3F60DCE726EFDC7DD868F3FE104F5EA69FE45495FC723A9A09BCDCD0345F628ED397FD3043CB773A0DBA9CEBD4B03220AD3BF8AF139BD6AB4101B49B94D63D9D2693DE9765E6E84AD3BA8FFD194EABA1B4F11887E5A8619194294515DF13AFAD17CFA7C638E2E2AD463976D88D2F51BA2850FC5CD2A95109ED91183FBBC7C248ABDD4419C7B8A0DCA21FBF55CA302D6D9FB1B52618FEA2C0DD2A7BC931F981E88BE4E49C85B35DBE4B649B7F4A83CAB1D304130E5BDFD25E9877049DAA077B03841CFC16C67359B4C5187E996AAB3DF0A54C2CEFA1D4E47875920853F91B44F888D1C5FD45EC5A0EBBDC23966D841A8B18A05BDED73C5F1B71A6A3B95239F3A52A67BAFD9E662992FCE88520F9B77B5550ACBE21CBC64CC6AAF4B554CD3A25D4A4529CF6537C11FAF78567129A48FD131B2FB72DB27CBBEF"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2272)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\CTHELPER.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\CTHELPER.EXE
.
**************************************************************************
.
Celkový čas: 2011-11-23 19:42:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-23 18:41
.
Před spuštěním: Volných bajtů: 37 802 221 568
Po spuštění: Volných bajtů: 38 625 513 472
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E6EF22BDA7BFDFD5493A37DD016E2896
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.239 [GMT 1:00]
Spuštěný z: c:\documents and settings\Foto\Plocha\Beruska.com.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Foto\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Foto\WINDOWS
c:\windows\CSC\d6
c:\windows\IsUn0405.exe
c:\windows\msmqinst.log
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
c:\windows\msxml6-KB954459-enu-x86.LOG
c:\windows\msxml6-KB973686-enu-x86.LOG
c:\windows\system32\ccgxluaa.ini
c:\windows\system32\eobebpxu.ini
c:\windows\system32\fuqfsidk.ini
c:\windows\system32\hjRrtBeg.ini
c:\windows\system32\hjRrtBeg.ini2
c:\windows\system32\jnypdtpx.ini
c:\windows\system32\kmfnfpuy.ini
c:\windows\system32\krrijcnk.ini
c:\windows\system32\mvwmhjmg.ini
c:\windows\system32\okvvtaag.ini
c:\windows\system32\pimarmpp.ini
c:\windows\system32\qimljuut.ini
c:\windows\system32\rtdqxdkb.ini
c:\windows\system32\sgqbpcub.ini
c:\windows\system32\TZLog.log
c:\windows\system32\VxGhknpo.ini
c:\windows\system32\VxGhknpo.ini2
c:\windows\system32\xokrjfyy.ini
c:\windows\system32\xskfusve.ini
c:\windows\system32\ypenodgk.ini
c:\windows\system32\ytogyfyo.ini
c:\windows\unin0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-23 do 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-23 18:12 . 2008-04-14 07:52 219648 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-11-23 17:44 . 2011-11-23 18:02 -------- d-----w- c:\documents and settings\Foto\Data aplikací\Skype
2011-11-23 17:43 . 2011-11-23 17:43 -------- d-----r- c:\program files\Skype
2011-11-23 17:35 . 2011-11-23 17:35 -------- d-----w- c:\program files\Defraggler
2011-11-23 16:58 . 2011-11-23 16:58 -------- d-sh--w- c:\documents and settings\Foto\PrivacIE
2011-11-23 16:55 . 2011-11-23 16:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ConeXware
2011-11-23 16:39 . 2011-11-23 16:39 -------- d-----w- c:\program files\trend micro
2011-11-23 16:39 . 2011-11-23 16:39 -------- dc----w- C:\rsit
2011-11-23 16:21 . 2011-11-23 16:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Caphyon
2011-11-23 16:21 . 2011-11-23 16:21 -------- d-----w- c:\program files\PatchBeam
2011-11-23 16:12 . 2011-11-23 16:12 -------- d-sh--w- c:\documents and settings\Foto\IETldCache
2011-11-23 16:12 . 2011-11-23 16:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-11-23 16:06 . 2011-11-23 16:08 -------- dc-h--w- c:\windows\ie8
2011-11-23 16:01 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-11-23 16:00 . 2011-08-22 23:41 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-11-23 16:00 . 2011-08-22 23:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-11-23 16:00 . 2011-08-22 23:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-11-23 16:00 . 2011-08-22 23:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-11-23 16:00 . 2011-08-22 23:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-11-23 16:00 . 2011-08-22 23:41 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-11-23 16:00 . 2011-08-23 16:41 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-11-23 15:58 . 2011-11-23 15:58 -------- d-----w- c:\documents and settings\Foto\Local Settings\Data aplikací\APN
2011-11-23 15:41 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-23 15:40 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-23 15:39 . 2011-11-23 15:39 -------- d-----w- c:\program files\AVAST Software
2011-11-23 15:39 . 2011-11-23 15:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-11-23 13:56 . 2008-04-14 07:48 6144 ------w- c:\windows\system32\kbdbhc.dll
2011-11-23 13:51 . 2008-04-14 07:51 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2011-11-23 13:48 . 2006-12-28 23:31 19569 ----a-w- c:\windows\003206_.tmp
2011-11-23 12:59 . 2011-11-23 12:59 -------- d-----w- c:\documents and settings\Foto\Local Settings\Data aplikací\PackageAware
2011-11-22 10:42 . 2011-11-22 10:42 -------- d-----w- c:\windows\system32\XPSViewer
2011-11-22 10:42 . 2011-11-22 10:42 -------- d-----w- c:\program files\MSBuild
2011-11-22 10:42 . 2011-11-22 10:42 -------- d-----w- c:\program files\Reference Assemblies
2011-11-22 10:42 . 2011-11-22 10:42 -------- dc----w- C:\d0069953962846fca0
2011-11-22 07:21 . 2011-11-22 07:21 -------- d-----w- c:\windows\system32\KB905474
2011-11-21 21:10 . 2011-11-23 13:53 -------- d-----w- c:\windows\ServicePackFiles
2011-11-21 21:07 . 2011-11-21 21:07 -------- d-----w- c:\program files\MSXML 6.0
2011-11-21 21:00 . 2011-11-21 21:00 -------- d-----w- c:\program files\MSXML 4.0
2011-11-21 20:52 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2011-11-21 20:51 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-11-21 20:51 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-11-21 20:51 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-11-21 20:48 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-11-21 20:42 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-11-21 20:41 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 18:12 . 2004-08-18 10:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2011-11-21 20:57 . 2008-05-15 11:51 143 ----a-w- c:\windows\system32\mcrh.tmp
2011-09-06 21:45 . 2008-05-17 23:22 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 21:37 . 2008-05-17 23:22 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 21:36 . 2008-05-17 23:22 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 21:36 . 2008-05-17 23:22 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 21:36 . 2008-05-17 23:22 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 21:36 . 2008-05-17 23:22 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 21:36 . 2008-05-17 23:22 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 21:33 . 2008-05-17 23:22 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2004-07-26 01:16 . 2007-09-03 15:07 598086 ----a-w- c:\program files\DVD Shrink 3.2.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7D27FB-CA10-4CE3-B312-8A164671FD03}]
2007-12-18 15:15 82432 ----a-w- c:\program files\NetCentrum\Turbo\bho.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2002-02-07 40960]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 40960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-7 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\f:\0autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\agL17.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ahN28.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhn74.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ciO30.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ckP38.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dkP05.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kqW74.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lrW07.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lrW40.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ltA17.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouB63.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pvB41.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [8.7.2007 13:04 11264]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23.11.2011 16:41 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18.5.2008 0:22 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.5.2008 0:22 20568]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.4.2007 15:15 9344]
S0 agL17;agL17;c:\windows\system32\Drivers\agL17.sys --> c:\windows\system32\Drivers\agL17.sys [?]
S0 ahN28;ahN28;c:\windows\system32\Drivers\ahN28.sys --> c:\windows\system32\Drivers\ahN28.sys [?]
S0 Bhn74;Bhn74;c:\windows\system32\Drivers\Bhn74.sys --> c:\windows\system32\Drivers\Bhn74.sys [?]
S0 ciO30;ciO30;c:\windows\system32\Drivers\ciO30.sys --> c:\windows\system32\Drivers\ciO30.sys [?]
S0 ckP38;ckP38;c:\windows\system32\Drivers\ckP38.sys --> c:\windows\system32\Drivers\ckP38.sys [?]
S0 dkP05;dkP05;c:\windows\system32\Drivers\dkP05.sys --> c:\windows\system32\Drivers\dkP05.sys [?]
S0 kqW74;kqW74;c:\windows\system32\Drivers\kqW74.sys --> c:\windows\system32\Drivers\kqW74.sys [?]
S0 lrW07;lrW07;c:\windows\system32\Drivers\lrW07.sys --> c:\windows\system32\Drivers\lrW07.sys [?]
S0 lrW40;lrW40;c:\windows\system32\Drivers\lrW40.sys --> c:\windows\system32\Drivers\lrW40.sys [?]
S0 ltA17;ltA17;c:\windows\system32\Drivers\ltA17.sys --> c:\windows\system32\Drivers\ltA17.sys [?]
S0 ouB63;ouB63;c:\windows\system32\Drivers\ouB63.sys --> c:\windows\system32\Drivers\ouB63.sys [?]
S0 pvB41;pvB41;c:\windows\system32\Drivers\pvB41.sys --> c:\windows\system32\Drivers\pvB41.sys [?]
S1 Cdudf;Cdudf; [x]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.12.2001 23:17 136176]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31.12.2001 23:17 136176]
S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\User\LOCALS~1\Temp\mdxgthkn.sys --> c:\docume~1\User\LOCALS~1\Temp\mdxgthkn.sys [?]
S3 PCAudi;Auditivo PCAudi - Virtual Audio Device;c:\windows\system32\drivers\pcaudi.sys [18.1.2007 3:35 56832]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2001-12-31 22:17]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2001-12-31 22:17]
.
2011-11-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-11-22 21:18]
.
2011-11-23 c:\windows\Tasks\{0BEFEABE-F34A-4F6F-BFA3-2ACC54F1D858}_COMPUTER_Foto.job
- c:\windows\system32\mobsync.exe [2004-08-18 07:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.talti.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{141D2E4F-F313-4991-B61A-EE5D6D849361} - http://bleskove.centrum.cz
IE: {{2A5CFB1C-AAA2-4760-8462-1B61CF74B7D8} - http://www.centrum.cz
IE: {{2BCB61BF-DC41-4738-A149-BDAAAD7FF0BD} - http://www.xchat.cz
IE: {{2E01031B-AB09-4455-823D-25F1A1C11F48} - http://aktualne.centrum.cz
IE: {{2F741D0A-150E-40F9-A602-1B2421475F1D} - http://slovniky.centrum.cz
IE: {{309176E6-E204-40A0-8D13-7F19C0498C40} - http://www.supermapy.cz
IE: {{49681216-5BF4-41A2-AAFA-129A6BD625DA} - http://mp3.centrum.cz/
IE: {{8B6E8E01-D262-4980-8C27-B8B2802285C1} - http://www.zena.cz
IE: {{8FD64249-590C-4FBC-B181-12A6BAF516AF} - http://www.fotoalba.cz
IE: {{A5050656-2286-454F-A489-C605ED1B461C} - http://pocasi.centrum.cz
IE: {{BC78516C-9DC9-40C5-A91E-74593222EF89} - http://sportplus.centrum.cz
IE: {{DAE865E8-970E-4931-A172-119CB56BBAF5} - http://www.digitalne.cz/
IE: {{FC29EB7D-EDBA-4299-AEE4-D1BDC70EFA15} - http://www.stahuj.cz/
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15187
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{11D54ACE-09A9-11D4-8ACE-00C04F542830} - (no file)
BHO-{44742878-4CC3-4781-BA86-23D704E22B48} - (no file)
BHO-{ED15212B-018F-41FF-BBA1-C9BBDC95C9BF} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKLM-Run-pdfSaver3 - (no file)
SSODL-vbksrofa-{15B0A9DC-DFD9-4248-91F3-C752D83F4609} - (no file)
Notify-xxyxWpmL - xxyxWpmL.dll
SafeBoot-ntA63.sys
AddRemove-Adobe Illustrator 7.0.1 CZ - c:\windows\unin0405.exe
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
AddRemove-ArCon - c:\windows\IsUn0405.exe
AddRemove-DirectCD - c:\program files\Roxio\DirectCD\DCDUnins.isu
AddRemove-InfoMapa 5.0 - e:\infomapa\Setup.exe
AddRemove-InfoMapa 5.0 - InfoTools - c:\windows\IsUn0405.exe
AddRemove-InfoMapa 5.0 - Systém - c:\windows\IsUn0405.exe
AddRemove-InfoMapa 5.0 -100 měst - c:\windows\IsUn0405.exe
AddRemove-InfoMapa 5.0 -Brno - c:\windows\IsUn0405.exe
AddRemove-InfoMapa 5.0 -Hradec Králové - c:\windows\IsUn0405.exe
AddRemove-InfoMapa 5.0 -Ostrava - c:\windows\IsUn0405.exe
AddRemove-InfoMapa 5.0 -Praha - c:\windows\IsUn0405.exe
AddRemove-InfoMapa 5.0 -Slovenská republika - c:\windows\IsUn0405.exe
AddRemove-InfoMapa 5.0 -SRN - c:\windows\IsUn0405.exe
AddRemove-InfoMapa 5.0 -Česká republika - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-23 19:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="B452525F022DE951E8056D0D3A9F2A8B8C6713251E99C3BBD61334877AFEB7D96BE74B090483E3D6DA17298C9C655A18A805D1E32876C741647BED07E96FE954DBA6CA14FA1E951ECAEBE3A9C95ACDED30028588B050E9A820E67785919ACD20B39FC0541224ABC281C9F015D4E86017277880BE5179D708E465C3CD34D4807FC9775FCF5490D4576B0A6131B0D1F392319558668896426A301B075CF8C925AA14651EC132334660999A0E1739296C511A1E6415B91EDFCE263DBCE2EA7562CE2E35B7977F2D3656C0FA938F29D6B13ACE66C3132B60E8A98C1A22C6F9AB630B59C7AB74F576E026B942D11C2496B1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555BA7FD869164D6794A6A0AC4980AC79335C58011B99DBBBCF45A5FC2040FAFE87D29A048A68971C56810961C286B8BE68C9147340FA77F309D0B040D3273CEA7EE2A7D7074D12F6E9C038FE8ACB0CE8C53C3C35389CB2B8E3A465019CAB0B7F8A8409951879283B18ABF53D8B944CEB3A0B679F1A589B7932E5754C73046070B04BA69F38205A01B56086F35F3126640D81D21FBF3C29F84DABB6C1151E9945F93A8FEC23AA8FB79DF2CD0E652727C48760DE33C90C31CD11842018001778D972CD75065B35931DAB6AD90BBE31C4D179DC0DF1993DF1615B71D017F844A15E2B742F0B268F12C64340577DD13B5526351D078157F98BF49166889E082C20D6380E352D8BBE9E1FC8E6198CC8671330133E199F6FA28199994D2C1DFA0A5F9933F1A633587CAF6227BD1874120C2030E950B29B8F483C36E00343995FCEB15437EAC3F61FB3A09F4B1E6D83DF31FD3C9B5666DA2A318905D5D87DAC8B1D4D85E635F466B4052EBCA652581E281694BF0A49EDD3F7581917EC93AA8417CBC981E5044285B1467C732F993C3B25AA2FF51B95A494F3EC7ECC1D6B3F60DCE726EFDC7DD868F3FE104F5EA69FE45495FC723A9A09BCDCD0345F628ED397FD3043CB773A0DBA9CEBD4B03220AD3BF8AF139BD6AB4101B49B94D63D9D2693DE9765E6E84AD3BA8FFD194EABA1B4F11887E5A8619194294515DF13AFAD17CFA7C638E2E2AD463976D88D2F51BA2850FC5CD2A95109ED91183FBBC7C248ABDD4419C7B8A0DCA21FBF55CA302D6D9FB1B52618FEA2C0DD2A7BC931F981E88BE4E49C85B35DBE4B649B7F4A83CAB1D304130E5BDFD25E9877049DAA077B03841CFC16C67359B4C5187E996AAB3DF0A54C2CEFA1D4E47875920853F91B44F888D1C5FD45EC5A0EBBDC23966D841A8B18A05BDED73C5F1B71A6A3B95239F3A52A67BAFD9E662992FCE88520F9B77B5550ACBE21CBC64CC6AAF4B554CD3A25D4A4529CF6537C11FAF78567129A48FD131B2FB72DB27CBBEF"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2272)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\CTHELPER.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\CTHELPER.EXE
.
**************************************************************************
.
Celkový čas: 2011-11-23 19:42:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-23 18:41
.
Před spuštěním: Volných bajtů: 37 802 221 568
Po spuštění: Volných bajtů: 38 625 513 472
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E6EF22BDA7BFDFD5493A37DD016E2896
Re: Preventivní kontrola
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroCheck"=- "Adobe ARM"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\agL17.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ahN28.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhn74.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ciO30.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ckP38.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dkP05.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kqW74.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lrW07.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lrW40.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ltA17.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouB63.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pvB41.sys] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{9673F57D-44CC-4B63-AF7B-91450A790407}"=- [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"=hex(7):6D,00,73,00,76,00,31,00,5F,00,30,00,00,00,00,00 File:: c:\windows\003206_.tmp c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk C:\Documents and Settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\searchplugins\icqplugin-1.xml C:\Documents and Settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\searchplugins\icqplugin-2.xml C:\Documents and Settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\searchplugins\icqplugin-3.xml C:\Documents and Settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\searchplugins\icqplugin-4.xml C:\Documents and Settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\searchplugins\icqplugin.xml C:\Documents and Settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\searchplugins\search.xml C:\Documents and Settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\extensions\toolbar@ask.com C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job C:\WINDOWS\tasks\WGASetup.job C:\WINDOWS\tasks\{0BEFEABE-F34A-4F6F-BFA3-2ACC54F1D858}_COMPUTER_Foto.job Driver:: agL17 ahN28 Bhn74 ciO30 ckP38 dkP05 kqW74 lrW07 lrW40 ltA17 ouB63 pvB41 Cdudf gupdate gupdatem mdxgthkn XDva090 Collect:: C:\WINDOWS\system32\opnkhGxV.dll c:\windows\system32\Drivers\agL17.sys c:\windows\system32\Drivers\ahN28.sys c:\windows\system32\Drivers\Bhn74.sys c:\windows\system32\Drivers\ciO30.sys c:\windows\system32\Drivers\ckP38.sys c:\windows\system32\Drivers\dkP05.sys c:\windows\system32\Drivers\kqW74.sys c:\windows\system32\Drivers\lrW07.sys c:\windows\system32\Drivers\lrW40.sys c:\windows\system32\Drivers\ltA17.sys c:\windows\system32\Drivers\ouB63.sys c:\windows\system32\Drivers\pvB41.sys c:\docume~1\User\LOCALS~1\Temp\mdxgthkn.sys c:\windows\system32\XDva090.sys DDS:: uStart Page = hxxp://www.talti.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: {{141D2E4F-F313-4991-B61A-EE5D6D849361} - http://bleskove.centrum.cz IE: {{2A5CFB1C-AAA2-4760-8462-1B61CF74B7D8} - http://www.centrum.cz IE: {{2BCB61BF-DC41-4738-A149-BDAAAD7FF0BD} - http://www.xchat.cz IE: {{2E01031B-AB09-4455-823D-25F1A1C11F48} - http://aktualne.centrum.cz IE: {{2F741D0A-150E-40F9-A602-1B2421475F1D} - http://slovniky.centrum.cz IE: {{309176E6-E204-40A0-8D13-7F19C0498C40} - http://www.supermapy.cz IE: {{49681216-5BF4-41A2-AAFA-129A6BD625DA} - http://mp3.centrum.cz/ IE: {{8B6E8E01-D262-4980-8C27-B8B2802285C1} - http://www.zena.cz IE: {{8FD64249-590C-4FBC-B181-12A6BAF516AF} - http://www.fotoalba.cz IE: {{A5050656-2286-454F-A489-C605ED1B461C} - http://pocasi.centrum.cz IE: {{BC78516C-9DC9-40C5-A91E-74593222EF89} - http://sportplus.centrum.cz IE: {{DAE865E8-970E-4931-A172-119CB56BBAF5} - http://www.digitalne.cz/ IE: {{FC29EB7D-EDBA-4299-AEE4-D1BDC70EFA15} - http://www.stahuj.cz/ Firefox:: FF - ProfilePath - c:\documents and settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15187 FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q= RegNull:: [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] Folder:: C:\WINDOWS\system32\opnkhGxV C:\Program Files\PandoBar C:\Program Files\Ask.com AtJob:: ClearJavaCache:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Preventivní kontrola
ComboFix 11-11-23.01 - Foto 24.11.2011 16:53:37.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.136 [GMT 1:00]
Spuštěný z: c:\documents and settings\Foto\Plocha\Beruska.com.exe
Použité ovládací přepínače :: c:\documents and settings\Foto\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk"
"c:\documents and settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\extensions\toolbar@ask.com"
"c:\documents and settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\searchplugins\icqplugin-1.xml"
"c:\documents and settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\searchplugins\icqplugin-2.xml"
"c:\documents and settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\searchplugins\icqplugin-3.xml"
"c:\documents and settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\searchplugins\icqplugin-4.xml"
"c:\documents and settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\searchplugins\icqplugin.xml"
"c:\documents and settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\searchplugins\search.xml"
"c:\windows\003206_.tmp"
"c:\windows\tasks\{0BEFEABE-F34A-4F6F-BFA3-2ACC54F1D858}_COMPUTER_Foto.job"
"c:\windows\tasks\AppleSoftwareUpdate.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\Scheduled Update for Ask Toolbar.job"
"c:\windows\tasks\WGASetup.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BHN74
-------\Legacy_CIO30
-------\Legacy_GUPDATE
-------\Legacy_MDXGTHKN
-------\Legacy_PVB41
-------\Legacy_XDVA090
-------\Service_agL17
-------\Service_ahN28
-------\Service_Bhn74
-------\Service_Cdudf
-------\Service_ciO30
-------\Service_ckP38
-------\Service_dkP05
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_kqW74
-------\Service_lrW07
-------\Service_lrW40
-------\Service_ltA17
-------\Service_mdxgthkn
-------\Service_ouB63
-------\Service_pvB41
-------\Service_XDva090
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-24 do 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-23 18:12 . 2008-04-14 07:52 219648 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-11-23 17:44 . 2011-11-23 20:23 -------- d-----w- c:\documents and settings\Foto\Data aplikací\Skype
2011-11-23 17:43 . 2011-11-23 17:43 -------- d-----r- c:\program files\Skype
2011-11-23 17:35 . 2011-11-23 17:35 -------- d-----w- c:\program files\Defraggler
2011-11-23 16:58 . 2011-11-23 16:58 -------- d-sh--w- c:\documents and settings\Foto\PrivacIE
2011-11-23 16:55 . 2011-11-23 16:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ConeXware
2011-11-23 16:39 . 2011-11-23 16:39 -------- d-----w- c:\program files\trend micro
2011-11-23 16:39 . 2011-11-23 16:39 -------- dc----w- C:\rsit
2011-11-23 16:21 . 2011-11-23 16:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Caphyon
2011-11-23 16:21 . 2011-11-23 16:21 -------- d-----w- c:\program files\PatchBeam
2011-11-23 16:12 . 2011-11-23 16:12 -------- d-sh--w- c:\documents and settings\Foto\IETldCache
2011-11-23 16:12 . 2011-11-23 16:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-11-23 16:06 . 2011-11-23 16:08 -------- dc-h--w- c:\windows\ie8
2011-11-23 16:01 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-11-23 16:00 . 2011-08-22 23:41 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-11-23 16:00 . 2011-08-22 23:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-11-23 16:00 . 2011-08-22 23:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-11-23 16:00 . 2011-08-22 23:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-11-23 16:00 . 2011-08-22 23:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-11-23 16:00 . 2011-08-22 23:41 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-11-23 16:00 . 2011-08-23 16:41 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-11-23 15:58 . 2011-11-23 15:58 -------- d-----w- c:\documents and settings\Foto\Local Settings\Data aplikací\APN
2011-11-23 15:41 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-23 15:40 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-23 15:39 . 2011-11-23 15:39 -------- d-----w- c:\program files\AVAST Software
2011-11-23 15:39 . 2011-11-23 15:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-11-23 13:56 . 2008-04-14 07:48 6144 ------w- c:\windows\system32\kbdbhc.dll
2011-11-23 13:51 . 2008-04-14 07:51 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2011-11-23 13:48 . 2006-12-28 23:31 19569 ----a-w- c:\windows\003206_.tmp
2011-11-23 12:59 . 2011-11-23 12:59 -------- d-----w- c:\documents and settings\Foto\Local Settings\Data aplikací\PackageAware
2011-11-22 10:42 . 2011-11-22 10:42 -------- d-----w- c:\windows\system32\XPSViewer
2011-11-22 10:42 . 2011-11-22 10:42 -------- d-----w- c:\program files\MSBuild
2011-11-22 10:42 . 2011-11-22 10:42 -------- d-----w- c:\program files\Reference Assemblies
2011-11-22 10:42 . 2011-11-22 10:42 -------- dc----w- C:\d0069953962846fca0
2011-11-22 07:21 . 2011-11-22 07:21 -------- d-----w- c:\windows\system32\KB905474
2011-11-21 21:10 . 2011-11-23 13:53 -------- d-----w- c:\windows\ServicePackFiles
2011-11-21 21:07 . 2011-11-21 21:07 -------- d-----w- c:\program files\MSXML 6.0
2011-11-21 21:00 . 2011-11-21 21:00 -------- d-----w- c:\program files\MSXML 4.0
2011-11-21 20:52 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2011-11-21 20:51 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-11-21 20:51 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-11-21 20:51 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-11-21 20:48 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-11-21 20:42 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-11-21 20:41 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 18:12 . 2004-08-18 10:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2011-11-21 20:57 . 2008-05-15 11:51 143 ----a-w- c:\windows\system32\mcrh.tmp
2011-09-06 21:45 . 2008-05-17 23:22 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 21:37 . 2008-05-17 23:22 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 21:36 . 2008-05-17 23:22 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 21:36 . 2008-05-17 23:22 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 21:36 . 2008-05-17 23:22 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 21:36 . 2008-05-17 23:22 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 21:36 . 2008-05-17 23:22 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 21:33 . 2008-05-17 23:22 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2004-07-26 01:16 . 2007-09-03 15:07 598086 ----a-w- c:\program files\DVD Shrink 3.2.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7D27FB-CA10-4CE3-B312-8A164671FD03}]
2007-12-18 15:15 82432 ----a-w- c:\program files\NetCentrum\Turbo\bho.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2002-02-07 40960]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 40960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-7 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\f:\0autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ %I
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [8.7.2007 13:04 11264]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23.11.2011 16:41 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18.5.2008 0:22 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.5.2008 0:22 20568]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.4.2007 15:15 9344]
S3 PCAudi;Auditivo PCAudi - Virtual Audio Device;c:\windows\system32\drivers\pcaudi.sys [18.1.2007 3:35 56832]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2001-12-31 22:17]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2001-12-31 22:17]
.
2011-11-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-11-22 21:18]
.
2011-11-23 c:\windows\Tasks\{0BEFEABE-F34A-4F6F-BFA3-2ACC54F1D858}_COMPUTER_Foto.job
- c:\windows\system32\mobsync.exe [2004-08-18 07:52]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{141D2E4F-F313-4991-B61A-EE5D6D849361} - http://bleskove.centrum.cz
IE: {{2A5CFB1C-AAA2-4760-8462-1B61CF74B7D8} - http://www.centrum.cz
IE: {{2BCB61BF-DC41-4738-A149-BDAAAD7FF0BD} - http://www.xchat.cz
IE: {{2E01031B-AB09-4455-823D-25F1A1C11F48} - http://aktualne.centrum.cz
IE: {{2F741D0A-150E-40F9-A602-1B2421475F1D} - http://slovniky.centrum.cz
IE: {{309176E6-E204-40A0-8D13-7F19C0498C40} - http://www.supermapy.cz
IE: {{49681216-5BF4-41A2-AAFA-129A6BD625DA} - http://mp3.centrum.cz/
IE: {{8B6E8E01-D262-4980-8C27-B8B2802285C1} - http://www.zena.cz
IE: {{8FD64249-590C-4FBC-B181-12A6BAF516AF} - http://www.fotoalba.cz
IE: {{A5050656-2286-454F-A489-C605ED1B461C} - http://pocasi.centrum.cz
IE: {{BC78516C-9DC9-40C5-A91E-74593222EF89} - http://sportplus.centrum.cz
IE: {{DAE865E8-970E-4931-A172-119CB56BBAF5} - http://www.digitalne.cz/
IE: {{FC29EB7D-EDBA-4299-AEE4-D1BDC70EFA15} - http://www.stahuj.cz/
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-24 17:05
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2180)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\CTHELPER.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\CTHELPER.EXE
.
**************************************************************************
.
Celkový čas: 2011-11-24 17:09:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-24 16:09
ComboFix2.txt 2011-11-23 18:42
.
Před spuštěním: Volných bajtů: 38 687 965 184
Po spuštění: Volných bajtů: 38 697 259 008
.
- - End Of File - - A542740BF73FE1DC4BCABD27239693DF
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.136 [GMT 1:00]
Spuštěný z: c:\documents and settings\Foto\Plocha\Beruska.com.exe
Použité ovládací přepínače :: c:\documents and settings\Foto\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk"
"c:\documents and settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\extensions\toolbar@ask.com"
"c:\documents and settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\searchplugins\icqplugin-1.xml"
"c:\documents and settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\searchplugins\icqplugin-2.xml"
"c:\documents and settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\searchplugins\icqplugin-3.xml"
"c:\documents and settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\searchplugins\icqplugin-4.xml"
"c:\documents and settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\searchplugins\icqplugin.xml"
"c:\documents and settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\searchplugins\search.xml"
"c:\windows\003206_.tmp"
"c:\windows\tasks\{0BEFEABE-F34A-4F6F-BFA3-2ACC54F1D858}_COMPUTER_Foto.job"
"c:\windows\tasks\AppleSoftwareUpdate.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\Scheduled Update for Ask Toolbar.job"
"c:\windows\tasks\WGASetup.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BHN74
-------\Legacy_CIO30
-------\Legacy_GUPDATE
-------\Legacy_MDXGTHKN
-------\Legacy_PVB41
-------\Legacy_XDVA090
-------\Service_agL17
-------\Service_ahN28
-------\Service_Bhn74
-------\Service_Cdudf
-------\Service_ciO30
-------\Service_ckP38
-------\Service_dkP05
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_kqW74
-------\Service_lrW07
-------\Service_lrW40
-------\Service_ltA17
-------\Service_mdxgthkn
-------\Service_ouB63
-------\Service_pvB41
-------\Service_XDva090
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-24 do 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-23 18:12 . 2008-04-14 07:52 219648 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-11-23 17:44 . 2011-11-23 20:23 -------- d-----w- c:\documents and settings\Foto\Data aplikací\Skype
2011-11-23 17:43 . 2011-11-23 17:43 -------- d-----r- c:\program files\Skype
2011-11-23 17:35 . 2011-11-23 17:35 -------- d-----w- c:\program files\Defraggler
2011-11-23 16:58 . 2011-11-23 16:58 -------- d-sh--w- c:\documents and settings\Foto\PrivacIE
2011-11-23 16:55 . 2011-11-23 16:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ConeXware
2011-11-23 16:39 . 2011-11-23 16:39 -------- d-----w- c:\program files\trend micro
2011-11-23 16:39 . 2011-11-23 16:39 -------- dc----w- C:\rsit
2011-11-23 16:21 . 2011-11-23 16:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Caphyon
2011-11-23 16:21 . 2011-11-23 16:21 -------- d-----w- c:\program files\PatchBeam
2011-11-23 16:12 . 2011-11-23 16:12 -------- d-sh--w- c:\documents and settings\Foto\IETldCache
2011-11-23 16:12 . 2011-11-23 16:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-11-23 16:06 . 2011-11-23 16:08 -------- dc-h--w- c:\windows\ie8
2011-11-23 16:01 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-11-23 16:00 . 2011-08-22 23:41 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-11-23 16:00 . 2011-08-22 23:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-11-23 16:00 . 2011-08-22 23:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-11-23 16:00 . 2011-08-22 23:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-11-23 16:00 . 2011-08-22 23:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-11-23 16:00 . 2011-08-22 23:41 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-11-23 16:00 . 2011-08-23 16:41 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-11-23 15:58 . 2011-11-23 15:58 -------- d-----w- c:\documents and settings\Foto\Local Settings\Data aplikací\APN
2011-11-23 15:41 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-23 15:40 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-23 15:39 . 2011-11-23 15:39 -------- d-----w- c:\program files\AVAST Software
2011-11-23 15:39 . 2011-11-23 15:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-11-23 13:56 . 2008-04-14 07:48 6144 ------w- c:\windows\system32\kbdbhc.dll
2011-11-23 13:51 . 2008-04-14 07:51 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2011-11-23 13:48 . 2006-12-28 23:31 19569 ----a-w- c:\windows\003206_.tmp
2011-11-23 12:59 . 2011-11-23 12:59 -------- d-----w- c:\documents and settings\Foto\Local Settings\Data aplikací\PackageAware
2011-11-22 10:42 . 2011-11-22 10:42 -------- d-----w- c:\windows\system32\XPSViewer
2011-11-22 10:42 . 2011-11-22 10:42 -------- d-----w- c:\program files\MSBuild
2011-11-22 10:42 . 2011-11-22 10:42 -------- d-----w- c:\program files\Reference Assemblies
2011-11-22 10:42 . 2011-11-22 10:42 -------- dc----w- C:\d0069953962846fca0
2011-11-22 07:21 . 2011-11-22 07:21 -------- d-----w- c:\windows\system32\KB905474
2011-11-21 21:10 . 2011-11-23 13:53 -------- d-----w- c:\windows\ServicePackFiles
2011-11-21 21:07 . 2011-11-21 21:07 -------- d-----w- c:\program files\MSXML 6.0
2011-11-21 21:00 . 2011-11-21 21:00 -------- d-----w- c:\program files\MSXML 4.0
2011-11-21 20:52 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2011-11-21 20:51 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-11-21 20:51 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-11-21 20:51 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-11-21 20:48 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-11-21 20:42 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-11-21 20:41 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 18:12 . 2004-08-18 10:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2011-11-21 20:57 . 2008-05-15 11:51 143 ----a-w- c:\windows\system32\mcrh.tmp
2011-09-06 21:45 . 2008-05-17 23:22 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 21:37 . 2008-05-17 23:22 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 21:36 . 2008-05-17 23:22 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 21:36 . 2008-05-17 23:22 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 21:36 . 2008-05-17 23:22 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 21:36 . 2008-05-17 23:22 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 21:36 . 2008-05-17 23:22 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 21:33 . 2008-05-17 23:22 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2004-07-26 01:16 . 2007-09-03 15:07 598086 ----a-w- c:\program files\DVD Shrink 3.2.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7D27FB-CA10-4CE3-B312-8A164671FD03}]
2007-12-18 15:15 82432 ----a-w- c:\program files\NetCentrum\Turbo\bho.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2002-02-07 40960]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 40960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-7 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\f:\0autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ %I
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [8.7.2007 13:04 11264]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23.11.2011 16:41 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18.5.2008 0:22 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.5.2008 0:22 20568]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.4.2007 15:15 9344]
S3 PCAudi;Auditivo PCAudi - Virtual Audio Device;c:\windows\system32\drivers\pcaudi.sys [18.1.2007 3:35 56832]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2001-12-31 22:17]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2001-12-31 22:17]
.
2011-11-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-11-22 21:18]
.
2011-11-23 c:\windows\Tasks\{0BEFEABE-F34A-4F6F-BFA3-2ACC54F1D858}_COMPUTER_Foto.job
- c:\windows\system32\mobsync.exe [2004-08-18 07:52]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{141D2E4F-F313-4991-B61A-EE5D6D849361} - http://bleskove.centrum.cz
IE: {{2A5CFB1C-AAA2-4760-8462-1B61CF74B7D8} - http://www.centrum.cz
IE: {{2BCB61BF-DC41-4738-A149-BDAAAD7FF0BD} - http://www.xchat.cz
IE: {{2E01031B-AB09-4455-823D-25F1A1C11F48} - http://aktualne.centrum.cz
IE: {{2F741D0A-150E-40F9-A602-1B2421475F1D} - http://slovniky.centrum.cz
IE: {{309176E6-E204-40A0-8D13-7F19C0498C40} - http://www.supermapy.cz
IE: {{49681216-5BF4-41A2-AAFA-129A6BD625DA} - http://mp3.centrum.cz/
IE: {{8B6E8E01-D262-4980-8C27-B8B2802285C1} - http://www.zena.cz
IE: {{8FD64249-590C-4FBC-B181-12A6BAF516AF} - http://www.fotoalba.cz
IE: {{A5050656-2286-454F-A489-C605ED1B461C} - http://pocasi.centrum.cz
IE: {{BC78516C-9DC9-40C5-A91E-74593222EF89} - http://sportplus.centrum.cz
IE: {{DAE865E8-970E-4931-A172-119CB56BBAF5} - http://www.digitalne.cz/
IE: {{FC29EB7D-EDBA-4299-AEE4-D1BDC70EFA15} - http://www.stahuj.cz/
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Foto\Data aplikací\Mozilla\Firefox\Profiles\1fkyhuyo.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-24 17:05
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2180)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\CTHELPER.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\CTHELPER.EXE
.
**************************************************************************
.
Celkový čas: 2011-11-24 17:09:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-24 16:09
ComboFix2.txt 2011-11-23 18:42
.
Před spuštěním: Volných bajtů: 38 687 965 184
Po spuštění: Volných bajtů: 38 697 259 008
.
- - End Of File - - A542740BF73FE1DC4BCABD27239693DF
Re: Preventivní kontrola
Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu
- Do okna vlozte skript nize
Kód: Vybrat vše
:reg HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /sub- Kliknete na Look
- Tlacitko Look se zmeni na Scanning a zsedne
- Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
- Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Preventivní kontrola
SystemLook 30.07.11 by jpshortstuff
Log created at 17:17 on 24/11/2011 by Foto
Administrator - Elevation successful
========== reg ==========
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"="m s v 1 _ 0"
"Bounds"=00 30 00 00 00 20 00 00 (REG_BINARY)
"Security Packages"="kerberos msv1_0 schannel wdigest"
"ImpersonatePrivilegeUpgradeToolHasRun"= 0x0000000001 (1)
"LsaPid"= 0x0000000270 (624)
"SecureBoot"= 0x0000000001 (1)
"auditbaseobjects"= 0x0000000000 (0)
"crashonauditfail"= 0x0000000000 (0)
"disabledomaincreds"= 0x0000000000 (0)
"everyoneincludesanonymous"= 0x0000000000 (0)
"fipsalgorithmpolicy"= 0x0000000000 (0)
"forceguest"= 0x0000000001 (1)
"fullprivilegeauditing"=00 (REG_BINARY)
"limitblankpassworduse"= 0x0000000001 (1)
"lmcompatibilitylevel"= 0x0000000000 (0)
"nodefaultadminowner"= 0x0000000001 (1)
"nolmhash"= 0x0000000000 (0)
"restrictanonymous"= 0x0000000000 (0)
"restrictanonymoussam"= 0x0000000001 (1)
"Notification Packages"="scecli"
"enabledcom"="y"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders]
"ProviderOrder"="Windows NT Access Provider"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"="%SystemRoot%\system32\ntmarta.dll"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing\System]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data]
"Pattern"=53 e4 f2 18 6b ad 34 50 4a 7e 65 58 ea af a0 ab 64 32 30 64 66 35 38 64 00 fd 07 00 f0 72 00 00 34 fa 07 00 56 82 4b 75 20 fa 07 00 40 fd 07 00 4c fd 07 00 ce 8a 40 68 df 72 0d 51 f9 55 d2 d2 (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG]
"GrafBlumGroup"=c3 b9 d5 34 d8 fb b6 c9 9f (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD]
"Lookup"=46 9a dd 3a ac 5f (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\Domains]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\SidCache]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"= 0x0000000000 (0)
"ntlmminserversec"= 0x0000000000 (0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1]
"SkewMatrix"=9b a3 bb d2 ef ba a3 0d 9d aa 77 1b 18 ef 00 64 (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache]
"Time"=0e 7c 06 09 f3 a9 cc 01 (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"= 0x0000004050 (16464)
"RpcId"= 0x000000ffff (65535)
"Version"= 0x0000000001 (1)
"TokenSize"= 0x000000ffff (65535)
"Time"=00 0e 8a 5f 04 9e c8 01 (REG_BINARY)
"Type"= 0x0000000031 (49)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"= 0x0000000037 (55)
"RpcId"= 0x0000000011 (17)
"Version"= 0x0000000001 (1)
"TokenSize"= 0x0000000300 (768)
"Time"=00 c2 4e 64 04 9e c8 01 (REG_BINARY)
"Type"= 0x0000000031 (49)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"= 0x0000000037 (55)
"RpcId"= 0x0000000012 (18)
"Version"= 0x0000000001 (1)
"TokenSize"= 0x0000000300 (768)
"Time"=00 ef 7f 65 04 9e c8 01 (REG_BINARY)
"Type"= 0x0000000031 (49)
-= EOF =-
Log created at 17:17 on 24/11/2011 by Foto
Administrator - Elevation successful
========== reg ==========
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"="m s v 1 _ 0"
"Bounds"=00 30 00 00 00 20 00 00 (REG_BINARY)
"Security Packages"="kerberos msv1_0 schannel wdigest"
"ImpersonatePrivilegeUpgradeToolHasRun"= 0x0000000001 (1)
"LsaPid"= 0x0000000270 (624)
"SecureBoot"= 0x0000000001 (1)
"auditbaseobjects"= 0x0000000000 (0)
"crashonauditfail"= 0x0000000000 (0)
"disabledomaincreds"= 0x0000000000 (0)
"everyoneincludesanonymous"= 0x0000000000 (0)
"fipsalgorithmpolicy"= 0x0000000000 (0)
"forceguest"= 0x0000000001 (1)
"fullprivilegeauditing"=00 (REG_BINARY)
"limitblankpassworduse"= 0x0000000001 (1)
"lmcompatibilitylevel"= 0x0000000000 (0)
"nodefaultadminowner"= 0x0000000001 (1)
"nolmhash"= 0x0000000000 (0)
"restrictanonymous"= 0x0000000000 (0)
"restrictanonymoussam"= 0x0000000001 (1)
"Notification Packages"="scecli"
"enabledcom"="y"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders]
"ProviderOrder"="Windows NT Access Provider"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"="%SystemRoot%\system32\ntmarta.dll"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing\System]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data]
"Pattern"=53 e4 f2 18 6b ad 34 50 4a 7e 65 58 ea af a0 ab 64 32 30 64 66 35 38 64 00 fd 07 00 f0 72 00 00 34 fa 07 00 56 82 4b 75 20 fa 07 00 40 fd 07 00 4c fd 07 00 ce 8a 40 68 df 72 0d 51 f9 55 d2 d2 (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG]
"GrafBlumGroup"=c3 b9 d5 34 d8 fb b6 c9 9f (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD]
"Lookup"=46 9a dd 3a ac 5f (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\Domains]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\SidCache]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"= 0x0000000000 (0)
"ntlmminserversec"= 0x0000000000 (0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1]
"SkewMatrix"=9b a3 bb d2 ef ba a3 0d 9d aa 77 1b 18 ef 00 64 (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache]
"Time"=0e 7c 06 09 f3 a9 cc 01 (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"= 0x0000004050 (16464)
"RpcId"= 0x000000ffff (65535)
"Version"= 0x0000000001 (1)
"TokenSize"= 0x000000ffff (65535)
"Time"=00 0e 8a 5f 04 9e c8 01 (REG_BINARY)
"Type"= 0x0000000031 (49)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"= 0x0000000037 (55)
"RpcId"= 0x0000000011 (17)
"Version"= 0x0000000001 (1)
"TokenSize"= 0x0000000300 (768)
"Time"=00 c2 4e 64 04 9e c8 01 (REG_BINARY)
"Type"= 0x0000000031 (49)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"= 0x0000000037 (55)
"RpcId"= 0x0000000012 (18)
"Version"= 0x0000000001 (1)
"TokenSize"= 0x0000000300 (768)
"Time"=00 ef 7f 65 04 9e c8 01 (REG_BINARY)
"Type"= 0x0000000031 (49)
-= EOF =-
Re: Preventivní kontrola
Stahnete OTM (viz muj podpis)
- Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
- Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize
Kód: Vybrat vše
:reg [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"=hex(7):"msv1_0" :files C:\WINDOWS\system32\opnkhGxV*.* C:\WINDOWS\system32\opnkhGxV* %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp :commands [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH]- Kliknete na cervene tlacitko MoveIt!
- Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte
A znovu SystemLook jako predtim"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Preventivní kontrola
All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Authentication Packages"|hex(7):"msv1_0" /E : value set successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\opnkhGxV*.* not found.
File/Folder C:\WINDOWS\system32\opnkhGxV* not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\003206_.tmp moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\SET25.tmp moved successfully.
C:\WINDOWS\SET26.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 492122 bytes
->Flash cache emptied: 405 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Foto
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98438 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 60373872 bytes
->Google Chrome cache emptied: 96791079 bytes
->Flash cache emptied: 11811092 bytes
User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2647 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 162,00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
User: Foto
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
OTM by OldTimer - Version 3.1.19.0 log created on 11242011_193953
Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
SystemLook
SystemLook 30.07.11 by jpshortstuff
Log created at 19:43 on 24/11/2011 by Foto
Administrator - Elevation successful
========== reg ==========
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"="msv1_0"
"Bounds"=00 30 00 00 00 20 00 00 (REG_BINARY)
"Security Packages"="kerberos msv1_0 schannel wdigest"
"ImpersonatePrivilegeUpgradeToolHasRun"= 0x0000000001 (1)
"LsaPid"= 0x000000026c (620)
"SecureBoot"= 0x0000000001 (1)
"auditbaseobjects"= 0x0000000000 (0)
"crashonauditfail"= 0x0000000000 (0)
"disabledomaincreds"= 0x0000000000 (0)
"everyoneincludesanonymous"= 0x0000000000 (0)
"fipsalgorithmpolicy"= 0x0000000000 (0)
"forceguest"= 0x0000000001 (1)
"fullprivilegeauditing"=00 (REG_BINARY)
"limitblankpassworduse"= 0x0000000001 (1)
"lmcompatibilitylevel"= 0x0000000000 (0)
"nodefaultadminowner"= 0x0000000001 (1)
"nolmhash"= 0x0000000000 (0)
"restrictanonymous"= 0x0000000000 (0)
"restrictanonymoussam"= 0x0000000001 (1)
"Notification Packages"="scecli"
"enabledcom"="y"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders]
"ProviderOrder"="Windows NT Access Provider"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"="%SystemRoot%\system32\ntmarta.dll"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing\System]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data]
"Pattern"=53 e4 f2 18 6b ad 34 50 4a 7e 65 58 ea af a0 ab 64 32 30 64 66 35 38 64 00 fd 07 00 f0 72 00 00 34 fa 07 00 56 82 4b 75 20 fa 07 00 40 fd 07 00 4c fd 07 00 ce 8a 40 68 df 72 0d 51 f9 55 d2 d2 (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG]
"GrafBlumGroup"=c3 b9 d5 34 d8 fb b6 c9 9f (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD]
"Lookup"=46 9a dd 3a ac 5f (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\Domains]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\SidCache]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"= 0x0000000000 (0)
"ntlmminserversec"= 0x0000000000 (0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1]
"SkewMatrix"=9b a3 bb d2 ef ba a3 0d 9d aa 77 1b 18 ef 00 64 (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache]
"Time"=0e 7c 06 09 f3 a9 cc 01 (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"= 0x0000004050 (16464)
"RpcId"= 0x000000ffff (65535)
"Version"= 0x0000000001 (1)
"TokenSize"= 0x000000ffff (65535)
"Time"=00 0e 8a 5f 04 9e c8 01 (REG_BINARY)
"Type"= 0x0000000031 (49)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"= 0x0000000037 (55)
"RpcId"= 0x0000000011 (17)
"Version"= 0x0000000001 (1)
"TokenSize"= 0x0000000300 (768)
"Time"=00 c2 4e 64 04 9e c8 01 (REG_BINARY)
"Type"= 0x0000000031 (49)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"= 0x0000000037 (55)
"RpcId"= 0x0000000012 (18)
"Version"= 0x0000000001 (1)
"TokenSize"= 0x0000000300 (768)
"Time"=00 ef 7f 65 04 9e c8 01 (REG_BINARY)
"Type"= 0x0000000031 (49)
-= EOF =-
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Authentication Packages"|hex(7):"msv1_0" /E : value set successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\opnkhGxV*.* not found.
File/Folder C:\WINDOWS\system32\opnkhGxV* not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\003206_.tmp moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\SET25.tmp moved successfully.
C:\WINDOWS\SET26.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 492122 bytes
->Flash cache emptied: 405 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Foto
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98438 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 60373872 bytes
->Google Chrome cache emptied: 96791079 bytes
->Flash cache emptied: 11811092 bytes
User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2647 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 162,00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
User: Foto
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
OTM by OldTimer - Version 3.1.19.0 log created on 11242011_193953
Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
SystemLook
SystemLook 30.07.11 by jpshortstuff
Log created at 19:43 on 24/11/2011 by Foto
Administrator - Elevation successful
========== reg ==========
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"="msv1_0"
"Bounds"=00 30 00 00 00 20 00 00 (REG_BINARY)
"Security Packages"="kerberos msv1_0 schannel wdigest"
"ImpersonatePrivilegeUpgradeToolHasRun"= 0x0000000001 (1)
"LsaPid"= 0x000000026c (620)
"SecureBoot"= 0x0000000001 (1)
"auditbaseobjects"= 0x0000000000 (0)
"crashonauditfail"= 0x0000000000 (0)
"disabledomaincreds"= 0x0000000000 (0)
"everyoneincludesanonymous"= 0x0000000000 (0)
"fipsalgorithmpolicy"= 0x0000000000 (0)
"forceguest"= 0x0000000001 (1)
"fullprivilegeauditing"=00 (REG_BINARY)
"limitblankpassworduse"= 0x0000000001 (1)
"lmcompatibilitylevel"= 0x0000000000 (0)
"nodefaultadminowner"= 0x0000000001 (1)
"nolmhash"= 0x0000000000 (0)
"restrictanonymous"= 0x0000000000 (0)
"restrictanonymoussam"= 0x0000000001 (1)
"Notification Packages"="scecli"
"enabledcom"="y"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders]
"ProviderOrder"="Windows NT Access Provider"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"="%SystemRoot%\system32\ntmarta.dll"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing\System]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data]
"Pattern"=53 e4 f2 18 6b ad 34 50 4a 7e 65 58 ea af a0 ab 64 32 30 64 66 35 38 64 00 fd 07 00 f0 72 00 00 34 fa 07 00 56 82 4b 75 20 fa 07 00 40 fd 07 00 4c fd 07 00 ce 8a 40 68 df 72 0d 51 f9 55 d2 d2 (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG]
"GrafBlumGroup"=c3 b9 d5 34 d8 fb b6 c9 9f (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD]
"Lookup"=46 9a dd 3a ac 5f (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\Domains]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\SidCache]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"= 0x0000000000 (0)
"ntlmminserversec"= 0x0000000000 (0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1]
"SkewMatrix"=9b a3 bb d2 ef ba a3 0d 9d aa 77 1b 18 ef 00 64 (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO]
(No values found)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache]
"Time"=0e 7c 06 09 f3 a9 cc 01 (REG_BINARY)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"= 0x0000004050 (16464)
"RpcId"= 0x000000ffff (65535)
"Version"= 0x0000000001 (1)
"TokenSize"= 0x000000ffff (65535)
"Time"=00 0e 8a 5f 04 9e c8 01 (REG_BINARY)
"Type"= 0x0000000031 (49)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"= 0x0000000037 (55)
"RpcId"= 0x0000000011 (17)
"Version"= 0x0000000001 (1)
"TokenSize"= 0x0000000300 (768)
"Time"=00 c2 4e 64 04 9e c8 01 (REG_BINARY)
"Type"= 0x0000000031 (49)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"= 0x0000000037 (55)
"RpcId"= 0x0000000012 (18)
"Version"= 0x0000000001 (1)
"TokenSize"= 0x0000000300 (768)
"Time"=00 ef 7f 65 04 9e c8 01 (REG_BINARY)
"Type"= 0x0000000031 (49)
-= EOF =-
Re: Preventivní kontrola
Stahnete SPTD http://www.duplexsecure.com/en/downloads
- Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
- Ulozte na plochu a spustte
- Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe
- Ulozte na plochu a spustte
- Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe ale nespoustejte Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
- Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t -s- Kliknete na OK
- Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte
Dejte logy z Gmeru - viz muj podpis"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Preventivní kontrola
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:16 on 24/11/2011 (Foto)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3120026A rev.3.06 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS
C:\WINDOWS\system32\drivers\prosync1.sys Protection Technology StarForce Protection System
C:\WINDOWS\system32\drivers\sfsync02.sys Protection Technology StarForce Protection System
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x82F8CAB8]
3 CLASSPNP[0xF8737FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000006b[0x82FCB9E8]
5 ACPI[0xF86AE620] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IdeDeviceP0T0L0-3[0x82FCA940]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user & kernel MBR OK
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-24 21:23:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3120026A rev.3.06
Running: gmer.exe; Driver: C:\DOCUME~1\Foto\LOCALS~1\Temp\pgliqpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF6410D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF6410BC5]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF64689A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
Log created at 21:16 on 24/11/2011 (Foto)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3120026A rev.3.06 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS
C:\WINDOWS\system32\drivers\prosync1.sys Protection Technology StarForce Protection System
C:\WINDOWS\system32\drivers\sfsync02.sys Protection Technology StarForce Protection System
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x82F8CAB8]
3 CLASSPNP[0xF8737FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000006b[0x82FCB9E8]
5 ACPI[0xF86AE620] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IdeDeviceP0T0L0-3[0x82FCA940]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user & kernel MBR OK
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-24 21:23:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3120026A rev.3.06
Running: gmer.exe; Driver: C:\DOCUME~1\Foto\LOCALS~1\Temp\pgliqpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF6410D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF6410BC5]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF64689A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
Re: Preventivní kontrola
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-24 21:37:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3120026A rev.3.06
Running: gmer.exe; Driver: C:\DOCUME~1\Foto\LOCALS~1\Temp\pgliqpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF63EC374]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF64532B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF6410829]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF63EE996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF63EE9EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF63EEB04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF64101DD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF63EE8EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF63EEA3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF63EE940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF63EEAB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF63EC398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF6410EEF]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF64111A5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF63EED88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF6410D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF6410BC5]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF6453368]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF63EC162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF63EC3BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF63EEEFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF63ECE54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF63EE9C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF63EEA16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF63EEB2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF6410539]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF63EE918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF63EEBC0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF63EEA7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF63EE96E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF63EECA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF63EEADC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF6453400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF6410A40]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF63ECD1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF6410892]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF645B6E2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF640F850]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF63EC3E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF63EC404]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF63EC1BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF63EC2F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF6410FF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF63EC2D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF63EC31C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF63EC428]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF64689A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 102 804E495C 8 Bytes [96, E9, 3E, F6, EE, E9, 3E, ...]
.text ntoskrnl.exe!ZwYieldExecution + 122 804E497C 4 Bytes [EC, E8, 3E, F6]
.text ntoskrnl.exe!ZwYieldExecution + 13E 804E4998 8 Bytes JMP E940F63E
.text ntoskrnl.exe!ZwYieldExecution + 14E 804E49A8 4 Bytes JMP C926F63E
.text ntoskrnl.exe!ZwYieldExecution + 23E 804E4A98 8 Bytes [C6, E9, 3E, F6, 16, EA, 3E, ...]
.text ...
? C:\DOCUME~1\Foto\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\PnkBstrB.exe[112] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\PnkBstrB.exe[112] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\PnkBstrB.exe[112] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\PnkBstrB.exe[112] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\PnkBstrB.exe[112] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\PnkBstrB.exe[112] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\PnkBstrA.exe[384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\PnkBstrA.exe[384] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\PnkBstrA.exe[384] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\PnkBstrA.exe[384] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\PnkBstrA.exe[384] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\PnkBstrA.exe[384] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\System32\smss.exe[484] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[544] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[544] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[568] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[568] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[568] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[568] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[568] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\winlogon.exe[568] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[568] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[568] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\winlogon.exe[568] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\winlogon.exe[568] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[568] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[568] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\winlogon.exe[568] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\winlogon.exe[568] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\winlogon.exe[568] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\winlogon.exe[568] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\winlogon.exe[568] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\services.exe[612] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[612] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[612] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\services.exe[612] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[612] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\services.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\services.exe[612] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[612] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[612] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[612] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\services.exe[612] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\services.exe[612] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\services.exe[612] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\services.exe[612] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\lsass.exe[624] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[624] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[624] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[624] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[624] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\lsass.exe[624] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[624] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[624] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\lsass.exe[624] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\lsass.exe[624] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[624] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[624] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[624] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\lsass.exe[624] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\lsass.exe[624] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\lsass.exe[624] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\lsass.exe[624] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\svchost.exe[796] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[796] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[796] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[796] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[796] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[796] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[796] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[796] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\svchost.exe[912] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[912] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[912] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[912] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\svchost.exe[912] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\svchost.exe[912] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\svchost.exe[912] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\svchost.exe[912] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[980] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[980] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[980] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[980] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[980] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1204] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1204] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1556] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1556] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1556] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1556] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1556] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\spoolsv.exe[1556] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[1556] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[1556] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\spoolsv.exe[1556] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\spoolsv.exe[1556] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[1556] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[1556] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\spoolsv.exe[1556] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\spoolsv.exe[1556] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\spoolsv.exe[1556] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\spoolsv.exe[1556] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\spoolsv.exe[1556] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\wuauclt.exe[1688] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[1688] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1688] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[1688] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1688] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\wuauclt.exe[1688] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\wuauclt.exe[1688] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\wuauclt.exe[1688] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\wuauclt.exe[1688] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\wuauclt.exe[1688] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\wuauclt.exe[1688] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\wuauclt.exe[1688] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\wuauclt.exe[1688] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\wuauclt.exe[1688] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\wuauclt.exe[1688] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\wuauclt.exe[1688] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\wuauclt.exe[1688] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\wuauclt.exe[1688] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\AGRSMMSG.exe[1808] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\WINDOWS\AGRSMMSG.exe[1808] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\AGRSMMSG.exe[1808] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\WINDOWS\AGRSMMSG.exe[1808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\AGRSMMSG.exe[1808] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\AGRSMMSG.exe[1808] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\AGRSMMSG.exe[1808] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\AGRSMMSG.exe[1808] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\AGRSMMSG.exe[1808] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\AGRSMMSG.exe[1808] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\WINDOWS\AGRSMMSG.exe[1808] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\WINDOWS\AGRSMMSG.exe[1808] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\WINDOWS\AGRSMMSG.exe[1808] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\AGRSMMSG.exe[1808] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\WINDOWS\AGRSMMSG.exe[1808] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\WINDOWS\AGRSMMSG.exe[1808] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\WINDOWS\AGRSMMSG.exe[1808] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\CTHELPER.EXE[1868] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\CTHELPER.EXE[1868] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\CTHELPER.EXE[1868] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\CTHELPER.EXE[1868] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1888] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1908] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1908] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\Explorer.EXE[1908] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\Explorer.EXE[1908] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\Explorer.EXE[1908] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\Explorer.EXE[1908] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\Explorer.EXE[1908] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\Explorer.EXE[1908] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1980] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1980] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1980] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1980] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1980] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\CTHELPER.EXE[2012] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\CTHELPER.EXE[2012] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\CTHELPER.EXE[2012] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\CTHELPER.EXE[2012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2368] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2368] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\alg.exe[2368] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\alg.exe[2368] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\alg.exe[2368] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\alg.exe[2368] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\alg.exe[2368] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\System32\alg.exe[2368] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\alg.exe[2368] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\alg.exe[2368] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\System32\alg.exe[2368] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\System32\alg.exe[2368] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\alg.exe[2368] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\alg.exe[2368] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001601F8
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001603FC
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009C1014
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009C0804
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009C0A08
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009C0C0C
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009C0E10
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C01F8
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C03FC
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009C0600
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC
.text C:\WINDOWS\system32\wuauclt.exe[3936] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[3936] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3936] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[3936] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3936] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\wuauclt.exe[3936] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\wuauclt.exe[3936] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\wuauclt.exe[3936] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\wuauclt.exe[3936] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\wuauclt.exe[3936] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\wuauclt.exe[3936] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\wuauclt.exe[3936] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\wuauclt.exe[3936] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\wuauclt.exe[3936] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\wuauclt.exe[3936] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\wuauclt.exe[3936] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\wuauclt.exe[3936] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\wuauclt.exe[3936] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
Rootkit scan 2011-11-24 21:37:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3120026A rev.3.06
Running: gmer.exe; Driver: C:\DOCUME~1\Foto\LOCALS~1\Temp\pgliqpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF63EC374]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF64532B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF6410829]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF63EE996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF63EE9EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF63EEB04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF64101DD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF63EE8EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF63EEA3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF63EE940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF63EEAB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF63EC398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF6410EEF]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF64111A5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF63EED88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF6410D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF6410BC5]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF6453368]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF63EC162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF63EC3BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF63EEEFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF63ECE54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF63EE9C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF63EEA16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF63EEB2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF6410539]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF63EE918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF63EEBC0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF63EEA7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF63EE96E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF63EECA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF63EEADC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF6453400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF6410A40]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF63ECD1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF6410892]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF645B6E2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF640F850]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF63EC3E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF63EC404]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF63EC1BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF63EC2F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF6410FF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF63EC2D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF63EC31C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF63EC428]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF64689A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 102 804E495C 8 Bytes [96, E9, 3E, F6, EE, E9, 3E, ...]
.text ntoskrnl.exe!ZwYieldExecution + 122 804E497C 4 Bytes [EC, E8, 3E, F6]
.text ntoskrnl.exe!ZwYieldExecution + 13E 804E4998 8 Bytes JMP E940F63E
.text ntoskrnl.exe!ZwYieldExecution + 14E 804E49A8 4 Bytes JMP C926F63E
.text ntoskrnl.exe!ZwYieldExecution + 23E 804E4A98 8 Bytes [C6, E9, 3E, F6, 16, EA, 3E, ...]
.text ...
? C:\DOCUME~1\Foto\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\PnkBstrB.exe[112] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\PnkBstrB.exe[112] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\PnkBstrB.exe[112] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\PnkBstrB.exe[112] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\PnkBstrB.exe[112] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\PnkBstrB.exe[112] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\PnkBstrB.exe[112] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\CTsvcCDA.exe[328] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\PnkBstrA.exe[384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\PnkBstrA.exe[384] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\PnkBstrA.exe[384] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\PnkBstrA.exe[384] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\PnkBstrA.exe[384] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\PnkBstrA.exe[384] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\PnkBstrA.exe[384] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\System32\smss.exe[484] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[544] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[544] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[568] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[568] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[568] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[568] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[568] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\winlogon.exe[568] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[568] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[568] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\winlogon.exe[568] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\winlogon.exe[568] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[568] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[568] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\winlogon.exe[568] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\winlogon.exe[568] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\winlogon.exe[568] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\winlogon.exe[568] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\winlogon.exe[568] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\services.exe[612] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[612] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[612] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\services.exe[612] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[612] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\services.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\services.exe[612] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[612] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[612] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[612] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\services.exe[612] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\services.exe[612] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\services.exe[612] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\services.exe[612] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\lsass.exe[624] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[624] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[624] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[624] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[624] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\lsass.exe[624] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[624] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[624] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\lsass.exe[624] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\lsass.exe[624] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[624] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[624] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[624] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\lsass.exe[624] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\lsass.exe[624] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\lsass.exe[624] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\lsass.exe[624] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[676] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\svchost.exe[796] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[796] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[796] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[796] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[796] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[796] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[796] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[796] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\svchost.exe[912] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[912] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[912] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[912] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\svchost.exe[912] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\svchost.exe[912] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\svchost.exe[912] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\svchost.exe[912] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[980] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[980] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[980] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[980] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[980] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\MsPMSPSv.exe[1028] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1204] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1204] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1556] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1556] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1556] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1556] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1556] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\spoolsv.exe[1556] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[1556] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[1556] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\spoolsv.exe[1556] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\spoolsv.exe[1556] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[1556] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[1556] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\spoolsv.exe[1556] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\spoolsv.exe[1556] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\spoolsv.exe[1556] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\spoolsv.exe[1556] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\spoolsv.exe[1556] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\wuauclt.exe[1688] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[1688] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1688] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[1688] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1688] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\wuauclt.exe[1688] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\wuauclt.exe[1688] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\wuauclt.exe[1688] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\wuauclt.exe[1688] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\wuauclt.exe[1688] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\wuauclt.exe[1688] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\wuauclt.exe[1688] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\wuauclt.exe[1688] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\wuauclt.exe[1688] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\wuauclt.exe[1688] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\wuauclt.exe[1688] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\wuauclt.exe[1688] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\wuauclt.exe[1688] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\AGRSMMSG.exe[1808] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\WINDOWS\AGRSMMSG.exe[1808] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\AGRSMMSG.exe[1808] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\WINDOWS\AGRSMMSG.exe[1808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\AGRSMMSG.exe[1808] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\AGRSMMSG.exe[1808] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\AGRSMMSG.exe[1808] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\AGRSMMSG.exe[1808] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\AGRSMMSG.exe[1808] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\AGRSMMSG.exe[1808] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\WINDOWS\AGRSMMSG.exe[1808] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\WINDOWS\AGRSMMSG.exe[1808] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\WINDOWS\AGRSMMSG.exe[1808] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\AGRSMMSG.exe[1808] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\WINDOWS\AGRSMMSG.exe[1808] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\WINDOWS\AGRSMMSG.exe[1808] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\WINDOWS\AGRSMMSG.exe[1808] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\CTHELPER.EXE[1868] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\CTHELPER.EXE[1868] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\CTHELPER.EXE[1868] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\CTHELPER.EXE[1868] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1888] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1908] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1908] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\Explorer.EXE[1908] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\Explorer.EXE[1908] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\Explorer.EXE[1908] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\Explorer.EXE[1908] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\Explorer.EXE[1908] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\Explorer.EXE[1908] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1920] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1980] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1980] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1980] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1980] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1980] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\CTHELPER.EXE[2012] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\CTHELPER.EXE[2012] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\CTHELPER.EXE[2012] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\CTHELPER.EXE[2012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2368] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2368] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\alg.exe[2368] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\alg.exe[2368] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\alg.exe[2368] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\alg.exe[2368] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\alg.exe[2368] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\System32\alg.exe[2368] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\alg.exe[2368] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\alg.exe[2368] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\System32\alg.exe[2368] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\System32\alg.exe[2368] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\alg.exe[2368] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\alg.exe[2368] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001601F8
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001603FC
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009C1014
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009C0804
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009C0A08
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009C0C0C
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009C0E10
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C01F8
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C03FC
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009C0600
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8
.text C:\Documents and Settings\Foto\Plocha\gmer.exe[3892] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC
.text C:\WINDOWS\system32\wuauclt.exe[3936] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[3936] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3936] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[3936] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3936] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\wuauclt.exe[3936] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\wuauclt.exe[3936] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\wuauclt.exe[3936] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\wuauclt.exe[3936] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\wuauclt.exe[3936] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\wuauclt.exe[3936] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\wuauclt.exe[3936] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\wuauclt.exe[3936] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\wuauclt.exe[3936] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\wuauclt.exe[3936] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\wuauclt.exe[3936] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\wuauclt.exe[3936] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\wuauclt.exe[3936] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
Re: Preventivní kontrola
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[612] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002
IAT C:\WINDOWS\system32\services.exe[612] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\prodrv06 \Device\ProDrv06 E1EFBA18
Device prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E10198C8
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[612] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002
IAT C:\WINDOWS\system32\services.exe[612] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\prodrv06 \Device\ProDrv06 E1EFBA18
Device prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E10198C8
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
Přispějete na provoz fóra?