PC-HELP.CZ

Předem se omlouvam že zakladam new topick.
Jak jsem psal mam probelm že některé systémove programy si najednou vyžádají 100% cpu a tím mi zpusobí zasekání pc. Při hraní war 3 nebo CS source jsou tyto seky hodně znát. Předtím se nic takového nedělo.

Něco jsem tu četl tak jsem si stahl včera Malwarebytes' Anti-Malware 1.46 a udělal sken

Včerejší sken


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4208

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

17.6.2010 11:35:46
mbam-log-2010-06-17 (11-35-46).txt

Scan type: Quick scan
Objects scanned: 135581
Time elapsed: 48 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 4
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\flv direct player (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ace20dd0-0c01-831a-f788-577e1faeb9fa} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ace20dd0-0c01-831a-f788-577e1faeb9fa} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://flvdirect.iamwired.net/) Good: (http://www.google.com) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\FLV Direct Player (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Jendus\FLVPro.exe (Adware.FLV) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\downloading.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\FLVPlayer.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\player.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\preload.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\uninstall.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\Button.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\Logo.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\skin.xml (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\SysCloseButton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\SysMaxButton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\SysMinButton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\Window.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\FLV Direct Player\FLV Direct Player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\FLV Direct Player\Uninstall FLV Direct Player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NdOMrO.dll (Adware.AdRotator) -> Quarantined and deleted successfully.

dnešní sken

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4208

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

18.6.2010 12:36:53
mbam-log-2010-06-18 (12-36-53).txt

Scan type: Full scan (C:\|)
Objects scanned: 203305
Time elapsed: 1 hour(s), 29 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\start.exe (Trojan.Agent)

-> Quarantined and deleted successfully

CID
nováček

Příspěvky: 4
Pohlaví: Muž

* Soukromá zpráva

Dale mi našel nod freeverze 4 viry.

jedný dva mě trápi a to

C:\windows\system32\csrcs.exe
C:\windows\system32\msgr.exe

oba jsem dal do karenteny vyskočila chyba. Po skenu Malwarebytes' Anti-Malware 1.46 a smazaní nalezu mi už chybova hlašení nevyskočilo.

ale pořad mam problem s přetěžováním cpu a to procesem takmgr.exe kterej si jendou za čas vyžada 100% cpu a při puštění hry nastava ten problem sekání.

Ještě jsem přidal tento test.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:26:41, on 18.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\Garena\Garena.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Jendus\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Jendus\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6401 bytes

Ahoj,

Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- klikni na něj pravým tlačítkem myši a přejmenuj ho na želva.com
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.

ComboFix 10-06-17.02 - Jendus 18.06.2010 15:00:29.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.511.184 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jendus\Desktop\Uti- sys koste\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Desktop\FLV Direct Player.lnk
c:\documents and settings\Jendus\Application Data\Microsoft\Internet Explorer\qiPSearchbar.dll
c:\documents and settings\Jendus\Local Settings\Temporary Internet Files\b9ZKij3k088jKdD
c:\documents and settings\Jendus\Local Settings\Temporary Internet Files\K-b85Q
c:\documents and settings\Jendus\Local Settings\Temporary Internet Files\l4v12312_Q4-s
c:\windows\regedit.com
c:\windows\system32\AutoRun.inf
c:\windows\system32\taskmgr.com
c:\windows\system32\win.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-18 do 2010-06-18 )))))))))))))))))))))))))))))))
.

2010-06-18 12:52 . 2010-06-18 12:52 -------- d-----w- c:\windows\system32\xircom
2010-06-18 12:52 . 2010-06-18 12:52 -------- d-----w- c:\windows\system32\wbem\snmp
2010-06-18 12:52 . 2010-06-18 12:52 -------- d-----w- c:\program files\microsoft frontpage
2010-06-18 12:26 . 2010-06-18 12:26 -------- d---a-w- c:\windows\VDLL.DLL
2010-06-18 12:26 . 2010-06-18 12:26 -------- d---a-w- c:\windows\system32\runouce.exe
2010-06-18 12:26 . 2010-06-18 12:26 -------- d---a-w- c:\windows\rundll16.exe
2010-06-18 12:26 . 2010-06-18 12:26 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-06-18 12:26 . 2010-06-18 12:26 -------- d---a-w- c:\windows\logo1_.exe
2010-06-18 12:26 . 2010-06-18 12:26 -------- d---a-w- c:\windows\logo_1.exe
2010-06-18 12:24 . 2010-06-18 12:24 388096 ----a-r- c:\documents and settings\Jendus\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-18 12:24 . 2010-06-18 12:24 -------- d-----w- c:\program files\Trend Micro
2010-06-18 12:19 . 2010-06-18 12:19 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-06-18 12:19 . 2010-06-18 12:19 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-06-18 12:19 . 2010-06-18 12:19 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-06-18 12:19 . 2008-05-03 12:00 135680 ----a-w- c:\windows\system32\T.COM
2010-06-18 12:19 . 2002-01-01 01:26 146432 ----a-w- c:\windows\R.COM
2010-06-18 12:19 . 2010-06-18 12:19 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-06-18 12:18 . 2010-06-18 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2010-06-18 08:22 . 2010-06-18 08:21 389120 ----a-w- c:\windows\system32\CF22829.exe
2010-06-18 07:44 . 2008-05-03 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-06-17 08:42 . 2010-06-17 08:42 -------- d-----w- c:\documents and settings\Jendus\Application Data\Malwarebytes
2010-06-17 08:39 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-17 08:39 . 2010-06-17 08:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-17 08:39 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-17 08:39 . 2010-06-17 08:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-17 07:45 . 2010-06-17 07:45 -------- d-----w- c:\documents and settings\Jendus\Local Settings\Application Data\ESET
2010-06-17 07:40 . 2010-06-17 07:40 -------- d-----w- c:\program files\ESET
2010-06-14 17:08 . 2010-06-14 17:08 -------- d-----w- C:\New Folder
2010-06-11 13:08 . 2010-06-11 13:08 503808 ----a-w- c:\documents and settings\Tata\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23e47f62-n\msvcp71.dll
2010-06-11 13:08 . 2010-06-11 13:08 499712 ----a-w- c:\documents and settings\Tata\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23e47f62-n\jmc.dll
2010-06-11 13:08 . 2010-06-11 13:08 348160 ----a-w- c:\documents and settings\Tata\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23e47f62-n\msvcr71.dll
2010-06-11 13:08 . 2010-06-11 13:08 61440 ----a-w- c:\documents and settings\Tata\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-568100c6-n\decora-sse.dll
2010-06-11 13:08 . 2010-06-11 13:08 12800 ----a-w- c:\documents and settings\Tata\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-568100c6-n\decora-d3d.dll
2010-06-10 14:38 . 2010-06-18 12:53 -------- d-----w- c:\program files\Common Files\Akamai
2010-06-08 10:26 . 2010-06-08 10:26 61440 ----a-w- c:\documents and settings\Mama\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7d42db7a-n\decora-sse.dll
2010-06-08 10:26 . 2010-06-08 10:26 503808 ----a-w- c:\documents and settings\Mama\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7dd176dd-n\msvcp71.dll
2010-06-08 10:26 . 2010-06-08 10:26 499712 ----a-w- c:\documents and settings\Mama\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7dd176dd-n\jmc.dll
2010-06-08 10:26 . 2010-06-08 10:26 348160 ----a-w- c:\documents and settings\Mama\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7dd176dd-n\msvcr71.dll
2010-06-08 10:26 . 2010-06-08 10:26 12800 ----a-w- c:\documents and settings\Mama\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7d42db7a-n\decora-d3d.dll
2010-06-07 08:11 . 2010-06-07 08:11 87040 ----a-w- c:\documents and settings\Jendus\Application Data\BattlePunks\BattlePunks\NativeHelper.dll
2010-06-07 08:11 . 2010-06-07 08:11 6144 ----a-w- c:\documents and settings\Jendus\Application Data\BattlePunks\BattlePunks\CrashDataUploader.exe
2010-06-07 08:11 . 2010-06-07 08:11 4178264 ----a-w- c:\documents and settings\Jendus\Application Data\BattlePunks\BattlePunks\D3DX9_41.dll
2010-06-07 08:11 . 2010-06-07 08:11 374784 ----a-w- c:\documents and settings\Jendus\Application Data\BattlePunks\BattlePunks\fmodex.dll
2010-06-07 08:11 . 2010-06-07 08:11 261120 ----a-w- c:\documents and settings\Jendus\Application Data\BattlePunks\BattlePunks\BattlePunks.exe
2010-06-07 08:11 . 2010-06-07 08:11 22360 ----a-w- c:\documents and settings\Jendus\Application Data\BattlePunks\BattlePunks\X3DAudio1_6.dll
2010-06-07 08:11 . 2010-06-07 08:11 110592 ----a-w- c:\documents and settings\Jendus\Application Data\BattlePunks\BattlePunks\OpenAL32.dll
2010-06-07 08:11 . 2010-06-07 08:11 7648256 ----a-w- c:\documents and settings\Jendus\Application Data\BattlePunks\BattlePunks\BattlePunks.dll
2010-06-07 08:08 . 2010-06-07 08:08 152064 ----a-w- c:\documents and settings\Jendus\Application Data\BattlePunks\BattlePunks\JavaLib\_NativeHelper.temp1296903373.dll
2010-06-07 08:07 . 2010-06-07 08:29 -------- d-----w- c:\documents and settings\Jendus\Application Data\BattlePunks
2010-06-07 08:07 . 2010-06-07 08:07 -------- d-----w- c:\windows\Sun
2010-06-07 07:59 . 2010-06-07 07:59 -------- d-----w- c:\program files\Common Files\Java
2010-06-07 07:59 . 2010-06-07 07:59 503808 ----a-w- c:\documents and settings\Jendus\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-70277fff-n\msvcp71.dll
2010-06-07 07:59 . 2010-06-07 07:59 499712 ----a-w- c:\documents and settings\Jendus\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-70277fff-n\jmc.dll
2010-06-07 07:59 . 2010-06-07 07:59 348160 ----a-w- c:\documents and settings\Jendus\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-70277fff-n\msvcr71.dll
2010-06-07 07:59 . 2010-06-07 07:59 61440 ----a-w- c:\documents and settings\Jendus\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-21b54e45-n\decora-sse.dll
2010-06-07 07:59 . 2010-06-07 07:59 12800 ----a-w- c:\documents and settings\Jendus\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-21b54e45-n\decora-d3d.dll
2010-06-07 07:58 . 2010-06-07 07:58 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-07 07:58 . 2010-06-07 07:58 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 11:41 . 2009-11-28 10:03 -------- d-----w- c:\program files\Garena
2010-06-16 14:11 . 2009-11-16 10:32 -------- d-----w- c:\documents and settings\Tata\Application Data\Spyware Terminator
2010-06-15 20:03 . 2009-11-06 11:50 1 ----a-w- c:\documents and settings\Jendus\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-15 17:17 . 2009-11-15 17:27 -------- d-----w- c:\documents and settings\Mama\Application Data\Spyware Terminator
2010-06-04 09:28 . 2009-11-14 15:11 -------- d-----w- c:\program files\World of Warcraft
2010-05-20 18:01 . 2009-10-29 15:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-19 12:29 . 2010-05-19 12:29 -------- d-----w- c:\documents and settings\Jendus\Application Data\Atari
2010-05-14 17:18 . 2009-12-16 15:16 1 ----a-w- c:\documents and settings\Tata\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-04 10:09 . 2010-05-04 10:09 -------- d-----w- c:\program files\FDRLab
2010-05-03 06:35 . 2009-11-07 14:38 -------- d-----w- c:\program files\Lexmark X1100 Series
2010-04-07 19:37 . 2010-02-20 18:00 1 ----a-w- c:\documents and settings\Mama\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-31 06:23 . 2010-03-31 06:23 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-03-31 06:22 . 2010-03-31 06:22 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-31 06:17 . 2010-03-31 06:17 140216 ----a-w- c:\windows\system32\drivers\eamon.sys
.

------- Sigcheck -------

[-] 2008-05-03 . 37D8387CBD4437C55F454209BE10EF11 . 361344 . . [5.1.2600.5508] . . c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

c:\documents and settings\Mama\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-9-16 384512]

c:\documents and settings\Tata\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-9-16 384512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2009-10-29 622592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoActiveDesktop"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\prio.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Akcelerátor spuštění AutoCADu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Akcelerátor spuštění AutoCADu.lnk
backup=c:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-08-19 09:36 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 00:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Documents and Settings\\Jendus\\Desktop\\hamachi1\\hamachi.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/31/2010 8:22 AM 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/31/2010 8:23 AM 95872]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [5/3/2008 2:00 PM 14336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/31/2010 8:23 AM 810120]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/29/2009 5:27 PM 721904]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Jendus\LOCALS~1\Temp\BJP62F.tmp --> c:\docume~1\Jendus\LOCALS~1\Temp\BJP62F.tmp [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - SR
*NewlyCreated* - SRSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Doplňkový sken -------
.
uSearch Page = hxxp://search.qip.ru
uSearch Bar = hxxp://search.qip.ru/ie
uDefault_Page_URL = hxxp://search.qip.ru
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://search.qip.ru
uStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
mSearchAssistant = hxxp://www.google.com/ie_rsearch.html
FF - ProfilePath - c:\documents and settings\Jendus\Application Data\Mozilla\Firefox\Profiles\hr3girho.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch ... ps&search=
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch ... ps&search=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - c:\documents and settings\Jendus\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
BHO-{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - c:\documents and settings\Jendus\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 15:10
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3697.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3697.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Jendus\LOCALS~1\Temp\BJP62F.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aeaudio]
"ImagePath"="system32\drivers\aeaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AegisP]
"ImagePath"="system32\DRIVERS\AegisP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\agp440]
"ImagePath"="system32\DRIVERS\agp440.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3697.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ati HotKey Poller]
"ImagePath"="%SystemRoot%\system32\Ati2evxx.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ATI Smart]
"ImagePath"="c:\windows\system32\ati2sgag.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ati2mtag]
"ImagePath"="system32\DRIVERS\ati2mtag.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Autodesk Licensing Service]
"ImagePath"="\"c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="c:\windows\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\docume~1\Jendus\LOCALS~1\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EagleNT]
"ImagePath"="\??\c:\windows\system32\drivers\EagleNT.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eamon]
"ImagePath"="system32\DRIVERS\eamon.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ehdrv]
"ImagePath"="system32\DRIVERS\ehdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EhttpSrv]
"ImagePath"="\"c:\program files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ekrn]
"ImagePath"="\"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\epfwtdir]
"ImagePath"="system32\DRIVERS\epfwtdir.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\DRIVERS\fltMgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Jendus\LOCALS~1\Temp\BJP62F.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hamachi]
"ImagePath"="system32\DRIVERS\hamachi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\DRIVERS\Ip6Fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LexBceS]
"ImagePath"="c:\windows\system32\LEXBCES.EXE"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="c:\windows\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RT73]
"ImagePath"="system32\DRIVERS\rt73.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139]
"ImagePath"="system32\DRIVERS\RTL8139.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\smwdm]
"ImagePath"="system32\drivers\smwdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SoundMAX Agent Service (default)]
"ImagePath"="c:\program files\Analog Devices\SoundMAX\SMAgent.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{74B20C6E-B3C5-4D2A-859F-449A34ECDB46}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\MsPMSNSv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"c:\program files\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0D36ADD3-ED4B-4F67-86DE-43B5749EA7EF}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{40DD79C1-AE80-4FFC-98B1-2D150652B36C}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{9AF53127-9FCF-4498-9197-BD533C3F97BC}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{CB6584CF-67A7-4D52-BCE6-FD4474BE2B01}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{F6DECE4D-5255-4B06-BDA3-A161CA43E114}]
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-06-18 15:16:43
ComboFix-quarantined-files.txt 2010-06-18 13:16

Před spuštěním: 28 803 096 576 bytes free
Po spuštění: 29 242 368 000 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - FE8E0D52B9EC1F5E5FC4EC6C0CB25E62

Garenu a Akamai používáš?

Stahni Gmer http://www.gmer.net/gmer.zip
-rozbal ho a spusť
-po prvním rychlém skenu klikni na tlačítko Save, uloží se log, který mi sem zkopíruješ.
-v pravém sloupci označ všechny položky fajfkou ve čtverečku a klikni na tlačítko scan
-až se sken dokončí, opět tlačítkem Save ulož log, který sem vložíš.

to je ten první
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-18 19:54:17
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Jendus\LOCALS~1\Temp\pftiiaoc.sys


---- System - GMER 1.0.15 ----

SSDT spdg.sys ZwEnumerateKey [0xF8433CA4]
SSDT spdg.sys ZwEnumerateValueKey [0xF8434032]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 823DD1F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \Fat 820CE500

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- EOF - GMER 1.0.15 ----

tady ten konečnej

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-18 22:54:30
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Jendus\LOCALS~1\Temp\pftiiaoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xECDB8610]
SSDT spdg.sys ZwCreateKey [0xF84150E0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xECDB8C10]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xECDB8730]
SSDT spdg.sys ZwEnumerateKey [0xF8433CA4]
SSDT spdg.sys ZwEnumerateValueKey [0xF8434032]
SSDT spdg.sys ZwOpenKey [0xF84150C0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xECDB84B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xECDB8570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xECDB86D0]
SSDT spdg.sys ZwQueryKey [0xF843410A]
SSDT spdg.sys ZwQueryValueKey [0xF8433F8A]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xECDB8690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xECDB8650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xECDB87D0]
SSDT spdg.sys ZwSetValueKey [0xF843419C]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xECDB8510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xECDB8590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xECDB84D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xECDB85D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xECDB8750]

INT 0x62 ? 823DEBF8
INT 0x63 ? 821E8F00
INT 0x82 ? 823DEBF8
INT 0x83 ? 821E8F00
INT 0x83 ? 821E8F00
INT 0xA4 ? 821E8F00
INT 0xB4 ? 821E8F00

---- Kernel code sections - GMER 1.0.15 ----

? spdg.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F81048AC 5 Bytes JMP 821E84E0
.text aoi60j5g.SYS F7D2F386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aoi60j5g.SYS F7D2F3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aoi60j5g.SYS F7D2F3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aoi60j5g.SYS F7D2F3C9 1 Byte [30]
.text aoi60j5g.SYS F7D2F3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text win32k.sys!EngSetPointerTag + 8DF8 BF91EE00 36 Bytes CALL BF80ECA7 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngSetPointerTag + 8E1D BF91EE25 4 Bytes [D8, 74, 76, 3B] {FDIV DWORD [ESI+ESI*2+0x3b]}
.text win32k.sys!EngSetPointerTag + 8E22 BF91EE2A 109 Bytes [F8, 0F, 85, B3, 00, 00, 00, ...]
.text win32k.sys!EngSetPointerTag + 8E90 BF91EE98 16 Bytes CALL BF8E59B2 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngSetPointerTag + 8EA1 BF91EEA9 143 Bytes [74, 3C, 8B, 4B, 4C, 8B, 53, ...]
.text ...
.text win32k.sys!XFORMOBJ_iGetFloatObjXform + E BF933494 133 Bytes [C8, FF, EB, 34, 83, 7D, 0C, ...]
.text win32k.sys!FLOATOBJ_GetLong + 2 BF93351A 26 Bytes [55, 8B, EC, 6A, 00, 8D, 45, ...]
.text win32k.sys!FLOATOBJ_AddFloat BF933537 108 Bytes [8B, FF, 55, 8B, EC, 51, 51, ...]
.text win32k.sys!FLOATOBJ_Add + 17 BF9335A4 34 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text win32k.sys!FLOATOBJ_SubFloat + 1E BF9335C7 3 Bytes CALL BF837E98 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!FLOATOBJ_SubFloat + 22 BF9335CB 28 Bytes [C9, C2, 08, 00, 90, 90, 90, ...]
.text win32k.sys!FLOATOBJ_SubLong + 15 BF9335E9 1 Byte [F8]
.text win32k.sys!FLOATOBJ_SubLong + 15 BF9335E9 33 Bytes [F8, 50, FF, 75, 08, FF, 75, ...]
.text win32k.sys!FLOATOBJ_Sub + C BF93360B 6 Bytes [75, 08, E8, 85, 48, F0]
.text win32k.sys!FLOATOBJ_Sub + 13 BF933612 42 Bytes [5D, C2, 08, 00, 90, 90, 90, ...]
.text win32k.sys!FLOATOBJ_MulFloat + 22 BF93363D 47 Bytes [C9, C2, 08, 00, 90, 90, 90, ...]
.text win32k.sys!FLOATOBJ_MulLong + 29 BF93366F 56 Bytes [90, 90, 8B, FF, 55, 8B, EC, ...]
.text win32k.sys!FLOATOBJ_DivFloat + 1B BF9336A8 36 Bytes CALL BF80F3A4 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!FLOATOBJ_DivLong + 15 BF9336CD 20 Bytes [F8, 50, FF, 75, 08, FF, 75, ...]
.text win32k.sys!FLOATOBJ_Div BF9336E3 23 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
.text win32k.sys!FLOATOBJ_Neg BF9336FF 157 Bytes [8B, FF, 55, 8B, EC, 8B, 4D, ...]
.text win32k.sys!FLOATOBJ_GreaterThanLong + 45 BF93379E 29 Bytes [90, 90, 90, 8B, FF, 55, 8B, ...]
.text win32k.sys!FLOATOBJ_LessThanLong + 1B BF9337BC 35 Bytes [F8, 50, FF, 75, 0C, E8, 38, ...]
.text win32k.sys!FLOATOBJ_Equal + 6 BF9337E0 9 Bytes [75, 0C, 8B, 4D, 08, E8, E5, ...]
.text win32k.sys!FLOATOBJ_Equal + 10 BF9337EA 28 Bytes [5D, C2, 08, 00, 90, 90, 90, ...]
.text win32k.sys!FLOATOBJ_GreaterThan + 14 BF933807 28 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text win32k.sys!FLOATOBJ_LessThan + 19 BF933825 29 Bytes [8B, FF, 55, 8B, EC, 56, 8B, ...]
.text win32k.sys!FLOATOBJ_LessThan + 39 BF933845 180 Bytes [8B, FF, 55, 8B, EC, 56, 57, ...]
.text win32k.sys!FLOATOBJ_LessThan + EE BF9338FA 110 Bytes [55, 8B, EC, 8B, 41, 44, 57, ...]
.text win32k.sys!FLOATOBJ_LessThan + 15D BF933969 98 Bytes [89, 46, 08, 5E, 5D, C2, 04, ...]
.text win32k.sys!FLOATOBJ_LessThan + 1C0 BF9339CC 135 Bytes CALL BF84BEF0 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text ...
.text win32k.sys!CLIPOBJ_ppoGetPath + 2 BF933B1F 3 Bytes [55, 8B, EC] {PUSH EBP; MOV EBP, ESP}
.text win32k.sys!CLIPOBJ_ppoGetPath + 6 BF933B23 5 Bytes [4D, 08, E8, 4C, FE]
.text win32k.sys!CLIPOBJ_ppoGetPath + C BF933B29 104 Bytes [FF, 5D, C2, 04, 00, 90, 90, ...]
.text win32k.sys!EngIsSemaphoreOwnedByCurrentThread + B BF933B92 6 Bytes [90, 90, 90, 90, 90, 8B]
.text win32k.sys!EngDebugPrint + 2 BF933B99 13 Bytes [55, 8B, EC, 81, EC, 04, 01, ...]
.text win32k.sys!EngDebugPrint + 10 BF933BA7 3 Bytes [56, 8B, 75]
.text win32k.sys!EngDebugPrint + 14 BF933BAB 54 Bytes [89, 45, FC, 8B, 45, 08, 57, ...]
.text win32k.sys!EngDebugPrint + 4B BF933BE2 10 Bytes [C9, C2, 0C, 00, 90, 90, 90, ...]
.text win32k.sys!EngDebugPrint + 56 BF933BED 30 Bytes [55, 8B, EC, FF, 75, 18, FF, ...]
.text win32k.sys!EngProbeForRead + 2 BF933C0C 4 Bytes [55, 8B, EC, 57] {PUSH EBP; MOV EBP, ESP; PUSH EDI}
.text win32k.sys!EngProbeForRead + 7 BF933C11 10 Bytes [7D, 0C, 85, FF, 74, 28, 8B, ...] {JGE 0xe; TEST EDI, EDI; JZ 0x2e; MOV EAX, [EBP+0x10]; PUSH ESI}
.text win32k.sys!EngProbeForRead + 12 BF933C1C 100 Bytes [75, 08, 48, 85, C6, 74, 06, ...]
.text win32k.sys!EngAllocSectionMem + 38 BF933C81 6 Bytes [15, 1C, CC, 98, BF, 85]
.text win32k.sys!EngAllocSectionMem + 3F BF933C88 55 Bytes [7D, 04, 33, C0, EB, 48, 8D, ...]
.text win32k.sys!EngAllocSectionMem + 77 BF933CC0 73 Bytes [8B, 7D, 10, 8B, D1, C1, E9, ...]
.text win32k.sys!EngMapSection BF933D0B 142 Bytes [8B, FF, 55, 8B, EC, 83, EC, ...]
.text win32k.sys!EngMapSection + 90 BF933D9B 46 Bytes [90, 90, 90, 8B, FF, 55, 8B, ...]
.text win32k.sys!EngInitializeSafeSemaphore + 1B BF933DCA 183 Bytes [85, C0, 89, 06, 75, 04, 33, ...]
.text win32k.sys!EngDeleteSafeSemaphore + 97 BF933E82 26 Bytes [FF, 55, 8B, EC, 5D, E9, 7F, ...]
.text win32k.sys!EngDeleteSafeSemaphore + B6 BF933EA1 19 Bytes [8B, FF, 55, 8B, EC, 5D, E9, ...] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; POP EBP; JMP 0x16cbe; NOP ; NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP}
.text win32k.sys!EngDeleteSafeSemaphore + CA BF933EB5 7 Bytes JMP BF80667B \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngDeleteSafeSemaphore + D5 BF933EC0 102 Bytes [90, 8B, FF, 55, 8B, EC, 6A, ...]
.text win32k.sys!EngDeleteSafeSemaphore + 13F BF933F2A 12 Bytes [90, 8B, FF, 55, 8B, EC, A1, ...] {NOP ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; MOV EAX, [0xbf9a5480]; POP EBP}
.text ...
.text win32k.sys!HeapVidMemAllocAligned + 14 BF934312 20 Bytes [90, 90, 8B, FF, 55, 8B, EC, ...]
.text win32k.sys!EngAllocPrivateUserMem BF93432A 18 Bytes [8B, FF, 55, 8B, EC, A1, 80, ...] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; MOV EAX, [0xbf9a5480]; POP EBP; JMP [EAX+0x2a4]; NOP }
.text win32k.sys!EngFreePrivateUserMem BF934340 16 Bytes [8B, FF, 55, 8B, EC, A1, 80, ...]
.text win32k.sys!EngFreePrivateUserMem + 11 BF934351 44 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text win32k.sys!EngLockDirectDrawSurface + 15 BF934381 130 Bytes [90, 8B, FF, 55, 8B, EC, A1, ...]
.text win32k.sys!EngUnlockDirectDrawSurface + 82 BF934404 239 Bytes [75, 08, 8D, 4D, 08, 33, F6, ...]
.text win32k.sys!EngUnlockDirectDrawSurface + 172 BF9344F4 14 Bytes [C2, 10, 00, 90, 90, 90, 90, ...] {RET 0x10; NOP ; NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH ESI}
.text win32k.sys!EngUnlockDirectDrawSurface + 181 BF934503 24 Bytes [75, 08, 8D, 4D, 08, 33, F6, ...]
.text win32k.sys!EngUnlockDirectDrawSurface + 19A BF93451C 45 Bytes [B0, 08, 03, 00, 00, 8D, 4D, ...]
.text win32k.sys!EngUnlockDirectDrawSurface + 1C8 BF93454A 36 Bytes [4D, 10, 83, 09, FF, 83, 7D, ...]
.text ...
.text win32k.sys!EngGetType1FontList BF934EA2 27 Bytes [8B, FF, 55, 8B, EC, 51, 56, ...]
.text win32k.sys!EngGetType1FontList + 1C BF934EBE 23 Bytes [FF, 89, 86, CC, 02, 00, 00, ...]
.text win32k.sys!EngGetType1FontList + 34 BF934ED6 3 Bytes [84, EB, 00]
.text win32k.sys!EngGetType1FontList + 39 BF934EDB 115 Bytes [8B, 55, 18, 89, 3A, EB, 05, ...]
.text win32k.sys!EngGetType1FontList + AD BF934F4F 11 Bytes [86, CC, 02, 00, 00, 33, D2, ...]
.text ...
.text win32k.sys!EngQueryLocalTime BF934FD4 180 Bytes [8B, FF, 55, 8B, EC, 83, EC, ...]
.text win32k.sys!EngQueryLocalTime + B7 BF93508B 61 Bytes [8B, 01, F6, 40, 28, 08, 74, ...]
.text win32k.sys!EngQueryLocalTime + F5 BF9350C9 4 Bytes [0D, F0, BF, 9A]
.text win32k.sys!EngQueryLocalTime + FA BF9350CE 44 Bytes CALL BF801982 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngQueryLocalTime + 127 BF9350FB 47 Bytes [83, 26, 00, 83, 66, 04, 00, ...]
.text ...
.text win32k.sys!EngCheckAbort + 3 BF935264 236 Bytes [8B, EC, 8B, 45, 08, 8D, 48, ...]
.text win32k.sys!EngCheckAbort + F0 BF935351 9 Bytes CALL BF800C42 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngCheckAbort + FF BF935360 2 Bytes [FF, 55]
.text win32k.sys!EngCheckAbort + 102 BF935363 37 Bytes [EC, 83, EC, 10, 83, 4D, FC, ...]
.text win32k.sys!EngCheckAbort + 128 BF935389 129 Bytes [00, 00, 53, 8B, 5D, 08, 56, ...]
.text ...
.text win32k.sys!EngMapEvent + 1A BF936AA3 60 Bytes [8B, F0, 89, 75, E4, 33, DB, ...]
.text win32k.sys!EngMapEvent + 57 BF936AE0 4 Bytes [15, 54, CE, 98]
.text win32k.sys!EngMapEvent + 5C BF936AE5 9 Bytes [83, 4E, 04, 01, EB, 2C, 56, ...]
.text win32k.sys!EngMapEvent + 66 BF936AEF 1 Byte [EC]
.text win32k.sys!EngMapEvent + 66 BF936AEF 43 Bytes [EC, FF, 33, F6, 89, 75, E4, ...]
.text ...
.text win32k.sys!EngClearEvent + 2 BF936B80 150 Bytes [55, 8B, EC, 8B, 45, 08, FF, ...]
.text win32k.sys!EngReadStateEvent + 80 BF936C17 1 Byte [5D]
.text win32k.sys!EngReadStateEvent + 80 BF936C17 104 Bytes [5D, 08, 8D, 74, 73, DE, EB, ...]
.text win32k.sys!EngGetFilePath + A BF936C80 90 Bytes [70, 20, 85, F6, 74, 0B, 56, ...]
.text win32k.sys!EngGetFileChangeTime + 3A BF936CDC 2 Bytes [80, CB]
.text win32k.sys!EngGetFileChangeTime + 3E BF936CE0 33 Bytes [56, 56, 6A, 10, 6A, 03, 56, ...]
.text win32k.sys!EngGetFileChangeTime + 61 BF936D03 45 Bytes [D4, 18, 00, 00, 00, 89, 75, ...]
.text win32k.sys!EngGetFileChangeTime + 8F BF936D31 18 Bytes [FF, 15, 24, D0, 98, BF, 85, ...] {CALL [0xbf98d024]; TEST EAX, EAX; JL 0x1b; MOV ECX, [EBP-0x44]; MOV EAX, [EBP+0xc]; MOV [EAX], ECX}
.text win32k.sys!EngGetFileChangeTime + A3 BF936D45 50 Bytes [C0, 33, F6, 89, 48, 04, 46, ...]
.text ...
.text win32k.sys!EngDeleteFile + 14 BF936F34 41 Bytes [15, 80, CB, 98, BF, 83, 65, ...]
.text win32k.sys!EngDeleteFile + 3E BF936F5E 169 Bytes [15, 40, D0, 98, BF, 85, C0, ...]
.text win32k.sys!EngDeleteFile + E8 BF937008 179 Bytes [8D, 55, F8, FF, 75, 44, FF, ...]
.text win32k.sys!EngDeleteFile + 19C BF9370BC 82 Bytes [45, F4, 8B, 45, 30, 8B, 18, ...]
.text win32k.sys!EngDeleteFile + 1EF BF93710F 63 Bytes [75, 20, FF, 75, 1C, FF, 75, ...]
.text ...
.text win32k.sys!EngControlSprites + 4 BF9380DC 45 Bytes [EC, 83, EC, 0C, 83, 7D, 0C, ...]
.text win32k.sys!EngControlSprites + 32 BF93810A 9 Bytes [4D, F4, 89, 7D, 08, E8, 8A, ...]
.text win32k.sys!EngControlSprites + 3C BF938114 250 Bytes [8B, 46, 68, 85, C0, 74, 1D, ...]
.text win32k.sys!EngControlSprites + 137 BF93820F 61 Bytes [85, C0, 75, 3A, 53, E8, ED, ...]
.text win32k.sys!EngControlSprites + 175 BF93824D 4 Bytes [8B, 46, 08, 3B]
.text ...
.text win32k.sys!EngMovePointer + 25 BF938A5D 3 Bytes [45, FC, 50] {INC EBP; CLD ; PUSH EAX}
.text win32k.sys!EngMovePointer + 29 BF938A61 53 Bytes CALL BF80CDC9 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngMovePointer + 5F BF938A97 3 Bytes [0F, 82, 86]
.text win32k.sys!EngMovePointer + 63 BF938A9B 23 Bytes [00, 00, 8B, 96, 7C, 01, 00, ...]
.text win32k.sys!EngMovePointer + 7B BF938AB3 13 Bytes [8B, DA, 8B, C1, 8B, 48, 10, ...] {MOV EBX, EDX; MOV EAX, ECX; MOV ECX, [EAX+0x10]; CMP ECX, EBX; JNZ 0x2; XOR EBX, EBX}
.text ...
.text win32k.sys!EngSetPointerShape + 76 BF938C30 44 Bytes [01, 00, 00, 89, 9E, C4, 01, ...]
.text win32k.sys!EngSetPointerShape + A3 BF938C5D 5 Bytes [00, 89, 86, C0, 01]
.text win32k.sys!EngSetPointerShape + AA BF938C64 102 Bytes [39, BE, C4, 01, 00, 00, 72, ...]
.text win32k.sys!EngSetPointerShape + 111 BF938CCB 25 Bytes [7F, 10, 3B, FB, 75, EB, 8D, ...]
.text win32k.sys!EngSetPointerShape + 12B BF938CE5 25 Bytes [75, 14, FF, 75, 10, FF, 75, ...]
.text ...
.text win32k.sys!EngUnlockDriverObj + 6 BF939221 79 Bytes CALL BF8017AA \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngQueryPalette + 1E BF939271 10 Bytes [55, 0C, 83, E0, 0F, 89, 02, ...] {PUSH EBP; OR AL, 0x83; LOOPNZ 0x14; MOV [EDX], EAX; CMP [ECX+0x14], ESI}
.text win32k.sys!EngQueryPalette + 29 BF93927C 9 Bytes [18, 6A, 01, FF, 75, 14, 8D, ...] {SBB [EDX+0x1], CH; PUSH DWORD [EBP+0x14]; LEA ECX, [EBP+0x8]}
.text win32k.sys!EngQueryPalette + 33 BF939286 7 Bytes [75, 10, 56, E8, 33, D0, F7]
.text win32k.sys!EngQueryPalette + 3B BF93928E 96 Bytes [8B, 4D, 08, 8B, F0, EB, 28, ...]
.text win32k.sys!EngQueryPalette + 9C BF9392EF 166 Bytes [EC, 8B, 55, 10, 85, D2, 74, ...]
.text ...
.text win32k.sys!EngCreatePath + 38 BF93959D 3 Bytes CALL BF933958 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngCreatePath + 3C BF9395A1 54 Bytes CALL BF84BEAB \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngDeletePath + 24 BF9395D8 84 Bytes [55, 8B, EC, 83, EC, 14, 53, ...]
.text win32k.sys!EngDeletePath + 79 BF93962D 17 Bytes [4D, F0, 83, 45, F4, 08, EB, ...] {DEC EBP; LOCK ADD DWORD [EBP-0xc], 0x8; JMP 0x1a; PUSH EBX; LEA EAX, [EBP-0x14]; PUSH EAX; PUSH 0x0; MOV ECX, EDI}
.text win32k.sys!EngDeletePath + 8B BF93963F 3 Bytes CALL BF84BC88 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngDeletePath + 8F BF939643 138 Bytes [85, C0, 74, 45, 83, 7D, F0, ...]
.text win32k.sys!WNDOBJ_cEnumStart + 1 BF9396CE 31 Bytes [FF, 55, 8B, EC, FF, 75, 14, ...]
.text win32k.sys!WNDOBJ_vSetConsumer BF9396EE 146 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
.text win32k.sys!WNDOBJ_vSetConsumer + 93 BF939781 27 Bytes [B6, 94, 00, 00, 00, E8, 4C, ...]
.text win32k.sys!WNDOBJ_vSetConsumer + AF BF93979D 7 Bytes [8B, FF, 55, 8B, EC, 56, 57] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH ESI; PUSH EDI}
.text win32k.sys!WNDOBJ_vSetConsumer + B7 BF9397A5 51 Bytes [7D, 08, 8B, F1, 8D, 4F, 04, ...]
.text win32k.sys!WNDOBJ_vSetConsumer + EB BF9397D9 1 Byte [46]
.text ...
.text win32k.sys!EngCreateWnd + 6D BF9398A5 18 Bytes [88, 00, 00, 00, 0F, 84, CE, ...] {MOV [EAX], AL; ADD [EAX], AL; JZ 0x1d8; MOV EAX, [EAX+0x80]; CMP EAX, ESI}
.text win32k.sys!EngCreateWnd + 80 BF9398B8 1 Byte [E7]
.text win32k.sys!EngCreateWnd + 80 BF9398B8 10 Bytes [E7, 8B, 49, 04, 3B, CE, 75, ...] {OUT 0x8b, EAX; DEC ECX; ADD AL, 0x3b; INTO ; JNZ 0xffffffffffffffe3; CMP EBX, ESI}
.text win32k.sys!EngCreateWnd + 8B BF9398C3 41 Bytes [1C, 39, 7B, 10, 75, 08, 8B, ...]
.text win32k.sys!EngCreateWnd + B5 BF9398ED 171 Bytes [D8, 3B, DE, 0F, 84, 2B, 02, ...]
.text ...
.text win32k.sys!EngDeleteWnd + 24 BF939C84 28 Bytes CALL BF939B3E \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngDeleteWnd + 41 BF939CA1 77 Bytes [9A, BF, 8D, 4D, F4, E8, A8, ...]
.text win32k.sys!EngDeleteWnd + 8F BF939CEF 15 Bytes [10, 75, 21, 8B, 7E, 0C, EB, ...]
.text win32k.sys!EngDeleteWnd + 9F BF939CFF 114 Bytes [6A, 00, 8D, 4D, F8, E8, 5E, ...]
.text win32k.sys!EngDeleteWnd + 112 BF939D72 8 Bytes CALL BF80D664 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text ...
.text win32k.sys!EngDitherColor + 29 BF93A9CD 35 Bytes [83, 7D, 0C, 02, 56, 74, 41, ...]
.text win32k.sys!EngDitherColor + 4D BF93A9F1 17 Bytes [C8, 8D, 55, E0, 2B, CA, C1, ...] {ENTER 0x558d, 0xe0; SUB ECX, EDX; SAR ECX, 0x3; CMP ESI, 0x3; PUSH ECX; PUSH EAX; MOV EAX, EDX; PUSH EAX}
.text win32k.sys!EngDitherColor + 5F BF93AA03 78 Bytes CALL BF93A53E \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngDitherColor + AE BF93AA52 163 Bytes [6F, B6, 99, BF, 48, 8D, 0C, ...]
.text win32k.sys!EngDitherColor + 152 BF93AAF6 7 Bytes [5E, 5D, C2, 04, 00, 90, 90] {POP ESI; POP EBP; RET 0x4; NOP ; NOP }
.text ...
.text win32k.sys!EngEnumForms + 2C BF93B264 155 Bytes [4A, 87, ED, FF, 8B, F0, 85, ...]
.text win32k.sys!EngEnumForms + C8 BF93B300 127 Bytes CALL BF802A5D \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngGetPrinter + 5B BF93B383 56 Bytes [FC, 54, BA, 99, BF, 53, 56, ...]
.text win32k.sys!EngGetPrinter + 94 BF93B3BC 3 Bytes CALL BF802AEA \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngGetPrinter + 98 BF93B3C0 11 Bytes [8B, F0, 89, 75, 0C, EB, 07, ...] {MOV ESI, EAX; MOV [EBP+0xc], ESI; JMP 0xe; AND DWORD [EBP+0xc], 0x0}
.text win32k.sys!EngGetPrinter + A4 BF93B3CC 102 Bytes [75, 0C, 85, F6, 74, 59, 6A, ...]
.text win32k.sys!EngGetPrinter + 10B BF93B433 14 Bytes [F8, 5F, 5E, 5B, C9, C2, 14, ...]
.text win32k.sys!EngGetForm + 2 BF93B442 108 Bytes [55, 8B, EC, 51, 56, 33, F6, ...]
.text win32k.sys!EngGetForm + 6F BF93B4AF 157 Bytes [CA, 83, E1, 03, F3, A4, 8D, ...]
.text win32k.sys!EngGetForm + 10D BF93B54D 3 Bytes [EC, 51, 8B]
.text win32k.sys!EngGetForm + 111 BF93B551 56 Bytes [1C, 56, 33, F6, 3B, C6, 89, ...]
.text win32k.sys!EngGetForm + 14A BF93B58A 3 Bytes CALL BF8139B3 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text ...
.text win32k.sys!EngGetPrinterData + 53 BF93B729 50 Bytes [8B, 4D, 18, 89, 38, 89, 48, ...]
.text win32k.sys!EngGetPrinterData + 86 BF93B75C 106 Bytes CALL BF802AE9 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngGetPrinterData + F1 BF93B7C7 3 Bytes CALL BF802A61 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngGetPrinterData + F5 BF93B7CB 16 Bytes CALL BF802A5C \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngGetPrinterData + 106 BF93B7DC 1 Byte [18]
.text win32k.sys!EngSetPrinterData + 5 BF93B7E8 28 Bytes [51, 51, 83, 7D, 0C, 00, 53, ...]
.text win32k.sys!EngSetPrinterData + 22 BF93B805 29 Bytes [02, 59, 89, 7D, FC, EB, 07, ...]
.text win32k.sys!EngSetPrinterData + 40 BF93B823 160 Bytes CALL BF8139AE \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngSetPrinterData + E1 BF93B8C4 60 Bytes [90, 90, 90, 90, 90, 6A, 10, ...]
.text win32k.sys!EngWritePrinter + 38 BF93B901 43 Bytes [FF, 15, 68, CB, 98, BF, 8B, ...]
.text win32k.sys!EngWritePrinter + 66 BF93B92F 68 Bytes [00, C7, 43, 6C, 10, 00, 00, ...]
.text win32k.sys!EngWritePrinter + AB BF93B974 69 Bytes [89, 7D, FC, 8D, 0C, 16, 3B, ...]
.text win32k.sys!EngWritePrinter + F1 BF93B9BA 42 Bytes [83, 67, 08, 00, C7, 43, 70, ...]
.text win32k.sys!EngWritePrinter + 11C BF93B9E5 57 Bytes [89, 7B, 74, C7, 83, 84, 00, ...]
.text ...
.text win32k.sys!EngFileWrite + 1 BF93BB1D 25 Bytes [FF, 55, 8B, EC, 57, 8B, 7D, ...]
.text win32k.sys!EngFileWrite + 1B BF93BB37 46 Bytes [85, C0, 8B, 45, 14, 7D, 05, ...]
.text win32k.sys!EngFileIoControl + 17 BF93BB66 111 Bytes [75, 14, FF, 75, 10, FF, 75, ...]
.text win32k.sys!EngGetTickCount + 4F BF93BBD6 91 Bytes [74, 77, 53, 56, 8B, 75, 08, ...]
.text win32k.sys!EngGetTickCount + AB BF93BC32 7 Bytes [6A, 01, 57, E8, 61, FF, FF]
.text win32k.sys!EngGetTickCount + B3 BF93BC3A 1 Byte [66]
.text win32k.sys!EngGetTickCount + B3 BF93BC3A 74 Bytes [66, 8B, 47, 02, 66, 89, 46, ...]
.text win32k.sys!EngGetTickCount + FE BF93BC85 49 Bytes JMP BF93C82A \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text ...
.text win32k.sys!EngHangNotification + 1B BF93E418 5 Bytes [8B, B7, 74, 05, 00]
.text win32k.sys!EngHangNotification + 21 BF93E41E 6 Bytes [83, FE, FC, 0F, 84, B9]
.text win32k.sys!EngHangNotification + 28 BF93E425 7 Bytes [00, 00, 85, F6, 0F, 84, B1]
.text win32k.sys!EngHangNotification + 30 BF93E42D 44 Bytes [00, 00, 53, 8D, 46, 20, 50, ...]
.text win32k.sys!EngHangNotification + 5D BF93E45A 382 Bytes [8A, CB, 02, C8, 80, C1, 28, ...]
.text ...
.text win32k.sys!EngFntCacheFault + 4 BF93EE93 32 Bytes [EC, 51, A1, 74, 56, 9A, BF, ...]
.text win32k.sys!EngFntCacheFault + 25 BF93EEB4 98 Bytes [76, 27, 83, 7D, 0C, 02, 77, ...]
.text win32k.sys!EngFntCacheFault + 88 BF93EF17 1 Byte [75]
.text win32k.sys!EngFntCacheFault + 88 BF93EF17 89 Bytes [75, 08, 89, 55, FC, 8B, 50, ...]
.text win32k.sys!EngFntCacheFault + E2 BF93EF71 10 Bytes [89, 48, 04, A1, 6C, 56, 9A, ...] {MOV [EAX+0x4], ECX; MOV EAX, [0xbf9a566c]; MOV EAX, [EAX]}
.text ...
.text win32k.sys!EngMapModule + D BF93F0EF 38 Bytes [0C, 89, 0A, 8B, 40, 08, 5D, ...]
.text win32k.sys!EngUnmapFile + 18 BF93F116 83 Bytes [4E, 14, 8B, F8, FF, 15, 3C, ...]
.text win32k.sys!EngUnmapFile + 6C BF93F16A 46 Bytes [F9, 08, 75, 05, 33, C0, 40, ...]
.text win32k.sys!EngUnmapFile + 9B BF93F199 3 Bytes [BE, 00, 00]
.text win32k.sys!EngUnmapFile + 9F BF93F19D 7 Bytes [10, 39, 75, 0C, 0F, 87, AB]
.text win32k.sys!EngUnmapFile + A9 BF93F1A7 48 Bytes [83, 7D, 0C, 0C, 0F, 82, A1, ...]
.text ...
.text win32k.sys!EngMapFile + 6 BF93F82D 34 Bytes [57, 68, 47, 66, 69, 6C, 6A, ...]
.text win32k.sys!EngMapFile + 29 BF93F850 6 Bytes [75, 08, E8, 23, 6E, F6]
.text win32k.sys!EngMapFile + 30 BF93F857 152 Bytes [85, C0, 8B, 45, 10, 74, 07, ...]
.text win32k.sys!EngMapFile + C9 BF93F8F0 86 Bytes [39, 5D, F8, 74, 7E, 39, 5D, ...]
.text win32k.sys!EngMapFile + 120 BF93F947 16 Bytes [75, F8, 8D, 45, D8, 53, 50, ...] {JNZ 0xfffffffffffffffa; LEA EAX, [EBP-0x28]; PUSH EBX; PUSH EAX; PUSH ESI; CALL 0xfffffffffff76b9b; MOV [EBP+0x14], EAX}
.text ...
.text win32k.sys!EngGetPrinterDataFileName + 12 BF93F9B0 15 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text win32k.sys!EngGetDriverName + B BF93F9C0 1 Byte [03]
.text win32k.sys!EngGetDriverName + B BF93F9C0 47 Bytes [03, 00, 00, 8B, 40, 08, 8B, ...]
.text win32k.sys!EngQueryDeviceAttribute + 1E BF93F9F0 19 Bytes [80, 8C, 05, 00, 00, 89, 01, ...] {OR BYTE [EBP+EAX+0x1890000], 0x33; ROL BYTE [EAX+0x5d], 0xc2; SBB [EAX], AL; NOP ; NOP ; NOP ; NOP ; NOP }
.text win32k.sys!EngQueryDeviceAttribute + 32 BF93FA04 108 Bytes [FF, 55, 8B, EC, 83, EC, 10, ...]
.text win32k.sys!EngQueryDeviceAttribute + 9F BF93FA71 24 Bytes [03, 00, 00, 8B, 03, 89, 40, ...]
.text win32k.sys!EngQueryDeviceAttribute + B8 BF93FA8A 30 Bytes [00, 8B, 03, 89, 88, E0, 02, ...]
.text win32k.sys!EngQueryDeviceAttribute + D8 BF93FAAA 62 Bytes CALL 4A93FAB1
.text ...
.text win32k.sys!EngPlgBlt + 2 BF941FC9 117 Bytes [55, 8B, EC, 81, EC, 10, 02, ...]
.text win32k.sys!EngPlgBlt + 79 BF942040 15 Bytes [FA, 08, 0F, 84, AA, 0C, 00, ...]
.text win32k.sys!EngPlgBlt + 89 BF942050 11 Bytes [00, 8B, 4B, 3C, 83, F9, 09, ...]
.text win32k.sys!EngPlgBlt + 95 BF94205C 66 Bytes [00, 83, FA, 0A, 0F, 84, 8C, ...]
.text win32k.sys!EngPlgBlt + D8 BF94209F 12 Bytes [8D, 4D, D4, 89, 45, BC, 89, ...]
.text ...
.text win32k.sys!STROBJ_fxBreakExtra + 22 BF9447E9 22 Bytes [EC, 83, EC, 18, 53, 8B, 5D, ...]
.text win32k.sys!STROBJ_fxBreakExtra + 39 BF944800 123 Bytes CALL 6539EDAA
.text win32k.sys!STROBJ_fxBreakExtra + B5 BF94487C 48 Bytes [4D, EC, 8B, 4D, 0C, 50, 89, ...]
.text win32k.sys!STROBJ_fxBreakExtra + E6 BF9448AD 116 Bytes [10, 10, 74, 3E, FF, 75, 38, ...]
.text win32k.sys!STROBJ_fxBreakExtra + 164 BF94492B 41 Bytes [8B, 55, 10, 4A, 8B, 4D, 08, ...]
.text ...
.text win32k.sys!FONTOBJ_cGetAllGlyphHandles + 2 BF945D75 48 Bytes [55, 8B, EC, 8B, 45, 08, 56, ...]
.text win32k.sys!FONTOBJ_pvTrueTypeFontFile + 2 BF945DA6 29 Bytes [55, 8B, EC, 8B, 4D, 0C, 8B, ...]
.text win32k.sys!FONTOBJ_pvTrueTypeFontFile + 20 BF945DC4 14 Bytes [8B, F0, 83, 65, 0C, 00, 8D, ...] {MOV ESI, EAX; AND DWORD [EBP+0xc], 0x0; LEA ECX, [EBP+0xc]; CALL 0xffffffffffebeb4c}
.text win32k.sys!FONTOBJ_pvTrueTypeFontFile + 2F BF945DD3 5 Bytes [C6, 5E, 5D, C2, 08]
.text win32k.sys!FONTOBJ_pvTrueTypeFontFile + 35 BF945DD9 30 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text win32k.sys!FONTOBJ_pvTrueTypeFontFile + 54 BF945DF8 101 Bytes [74, 0E, 51, 52, 8D, 4D, 10, ...]
.text win32k.sys!FONTOBJ_pwszFontFilePaths + 2 BF945E5E 6 Bytes [55, 8B, EC, 8B, 4D, 0C] {PUSH EBP; MOV EBP, ESP; MOV ECX, [EBP+0xc]}
.text win32k.sys!FONTOBJ_pwszFontFilePaths + 9 BF945E65 140 Bytes [45, 08, 56, 33, F6, 21, 31, ...]
.text win32k.sys!FONTOBJ_pQueryGlyphAttrs + 4F BF945EF2 65 Bytes [FF, 55, 8B, EC, 0F, B6, 4D, ...]
.text win32k.sys!FONTOBJ_pQueryGlyphAttrs + 91 BF945F34 13 Bytes [CA, 25, E0, 03, 00, 00, 81, ...] {RETF 0xe025; ADD EAX, [EAX]; ADD [ECX+0xfc00e1], AL; ADD [EBX], CL}
.text win32k.sys!FONTOBJ_pQueryGlyphAttrs + 9F BF945F42 55 Bytes [81, E2, F8, 00, 00, 00, C1, ...]
.text win32k.sys!FONTOBJ_pQueryGlyphAttrs + D9 BF945F7C 28 Bytes CALL BF8E173C \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!FONTOBJ_pQueryGlyphAttrs + F6 BF945F99 64 Bytes [FF, 55, 8B, EC, 8B, 55, 0C, ...]
.text ...
.text win32k.sys!XLATEOBJ_cGetPalette + 40 BF94746C 132 Bytes [EB, 38, 8B, 49, 24, EB, 03, ...]
.text win32k.sys!XLATEOBJ_hGetColorTransform + 42 BF9474F1 100 Bytes [8B, FF, 55, 8B, EC, 33, C9, ...]
.text win32k.sys!XLATEOBJ_hGetColorTransform + A7 BF947556 5 Bytes [90, 90, 90, 90, 90] {NOP ; NOP ; NOP ; NOP ; NOP }
.text win32k.sys!XLATEOBJ_hGetColorTransform + AD BF94755C 17 Bytes [FF, 55, 8B, EC, 33, C9, 8A, ...]
.text win32k.sys!XLATEOBJ_hGetColorTransform + BF BF94756E 22 Bytes [00, 23, C8, C1, E1, 05, 23, ...]
.text win32k.sys!XLATEOBJ_hGetColorTransform + D6 BF947585 8 Bytes [45, 0C, 8A, 04, 01, 8B, 4D, ...] {INC EBP; OR AL, 0x8a; ADD AL, 0x1; MOV ECX, [EBP+0x8]}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1708] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2788] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 823742D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8446C4C] spdg.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8446CA0] spdg.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8416042] spdg.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F841613E] spdg.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84160C0] spdg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8416800] spdg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84166D6] spdg.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 821E85E0
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8425E9C] spdg.sys
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!swprintf] 001CB286
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IofCallDriver] 001CB986
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoStartTimer] 00002230
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!PoCallDriver] 002157E8
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aoi60j5g.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 823DD1F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \FatCdrom 820CE500
Device \Driver\sptd \Device\914287612 spdg.sys
Device \Driver\PCI_PNP0112 \Device\00000043 spdg.sys
Device \Driver\usbuhci \Device\USBPDO-0 821BA500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 823721F8
Device \Driver\dmio \Device\DmControl\DmConfig 823721F8
Device \Driver\dmio \Device\DmControl\DmPnP 823721F8
Device \Driver\dmio \Device\DmControl\DmInfo 823721F8
Device \Driver\usbuhci \Device\USBPDO-1 821BA500
Device \Driver\usbuhci \Device\USBPDO-2 821BA500
Device \Driver\usbuhci \Device\USBPDO-3 821BA500
Device \Driver\usbehci \Device\USBPDO-4 8218C1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F6DECE4D-5255-4B06-BDA3-A161CA43E114} 81DF51F8

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device \Driver\Ftdisk \Device\HarddiskVolume1 823DF1F8
Device \Driver\Cdrom \Device\CdRom0 8213B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 823DF1F8
Device \Driver\Cdrom \Device\CdRom1 8213B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F8369B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F8369B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F8369B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e [F8369B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBT_Tcpip_{0D36ADD3-ED4B-4F67-86DE-43B5749EA7EF} 81DF51F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 81DF51F8
Device \Driver\NetBT \Device\NetbiosSmb 81DF51F8
Device \Driver\usbuhci \Device\USBFDO-0 821BA500
Device \Driver\usbuhci \Device\USBFDO-1 821BA500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81C841F8
Device \Driver\usbuhci \Device\USBFDO-2 821BA500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 81C841F8
Device \Driver\usbuhci \Device\USBFDO-3 821BA500
Device \Driver\usbehci \Device\USBFDO-4 8218C1F8
Device \Driver\Ftdisk \Device\FtControl 823DF1F8
Device \Driver\aoi60j5g \Device\Scsi\aoi60j5g1Port2Path0Target0Lun0 81FB61F8
Device \Driver\aoi60j5g \Device\Scsi\aoi60j5g1 81FB61F8
Device \FileSystem\Fastfat \Fat 820CE500

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Cdfs \Cdfs 821EA500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA7 0xF7 0xCC 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE2 0x0D 0x7A 0x2B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x06 0xBE 0x9D 0x5F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA7 0xF7 0xCC 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE2 0x0D 0x7A 0x2B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x06 0xBE 0x9D 0x5F ...

---- EOF - GMER 1.0.15 ----

Akamai používáš, nebo ho můžu smazat?
Jak to teď vypadá s počítačem?