Neidentifikovatelný virus (?)

bledulka · Příspěvekod **bledulka** » 28 črc 2010 20:43

Předpokládám, že se nic nezměnilo?

Stahni Gmer http://www.gmer.net/gmer.zip
-rozbal ho a spusť
-po prvním rychlém skenu klikni na tlačítko Save, uloží se log, který mi sem zkopíruješ.
-v pravém sloupci označ všechny položky fajfkou ve čtverečku a klikni na tlačítko scan
-až se sken dokončí, opět tlačítkem Save ulož log, který sem vložíš.

**********************************************

Stáhni MBR
http://www2.gmer.net/mbr/mbr.exe
-ulož ho na plochu
- start-spustit
do okénka zkopíruj
"%userprofile%\plocha\mbr" -t
ok
-na ploše se vytvoří log s názvem mbr.log, vlož ho sem

Reklama

La_miczka · Příspěvekod **La_miczka** » 29 črc 2010 01:11

GMER: první log - je to poněkud dlouhé...

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-28 23:09:31
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\WINDOWS\TEMP\kwlirpow.sys

---- System - GMER 1.0.15 ----

Code \??\C:\ComboFix\catchme.sys pIofCallDriver

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

*****************************************

GMER: druhý log: 1.část - je to poněkud dlouhé...

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-29 01:00:58
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\WINDOWS\TEMP\kwlirpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB25CE6B8]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xB27B2552]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB25CE574]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xB27B1A1A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xB27B1910]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xB27B1F2A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xB27B3034]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xB27AED54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB25CEA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB25CE14C]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xB260FF64]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xB261024A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xB27B2906]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB25CE64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB25CE08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB25CE0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB25CE76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB25CE72E]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xB27B20DC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xB27B2CE0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB25CE8AE]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xB27B2BB2]

Code \??\C:\ComboFix\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 150 804E27BC 4 Bytes JMP 83AAB25C
PAGENDSM NDIS.sys!NdisMIndicateStatus F74C99EF 6 Bytes JMP B27A6C5E \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
? Combo-Fix.sys Systém nemůže nalézt uvedený soubor. !
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF78B549E]
? C:\WINDOWS\TEMP\mbr.sys Systém nemůže nalézt uvedený soubor. !
? C:\ComboFix\catchme.sys Systém nemůže nalézt uvedenou cestu. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Saitek\Software\SaiSmart.exe[120] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Saitek\Software\SaiSmart.exe[120] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Saitek\Software\SaiSmart.exe[120] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Saitek\Software\SaiSmart.exe[120] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Saitek\Software\SaiSmart.exe[120] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Saitek\Software\SaiSmart.exe[120] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Saitek\Software\SaiSmart.exe[120] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Saitek\Software\SaiSmart.exe[120] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Saitek\Software\SaiSmart.exe[120] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Saitek\Software\SaiSmart.exe[120] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Saitek\Software\SaiSmart.exe[120] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Saitek\Software\SaiSmart.exe[120] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Saitek\Software\SaiSmart.exe[120] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Saitek\Software\SaiSmart.exe[120] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Saitek\Software\SaiSmart.exe[120] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Java\jre6\bin\jqs.exe[316] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jqs.exe[316] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jqs.exe[316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jqs.exe[316] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jqs.exe[316] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[316] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[316] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[316] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[316] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[316] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jqs.exe[316] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jqs.exe[316] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[316] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jqs.exe[316] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre6\bin\jqs.exe[316] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre6\bin\jqs.exe[316] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[360] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[360] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[360] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[360] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[360] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[360] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[360] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[360] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[360] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[360] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[360] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[436] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[436] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[436] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[436] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[436] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[436] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[436] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[436] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[436] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[436] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[436] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[436] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[436] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[436] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[436] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[436] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[436] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[436] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Saitek\Software\Profiler.exe[448] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Saitek\Software\Profiler.exe[448] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Saitek\Software\Profiler.exe[448] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Saitek\Software\Profiler.exe[448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Saitek\Software\Profiler.exe[448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Saitek\Software\Profiler.exe[448] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Saitek\Software\Profiler.exe[448] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Saitek\Software\Profiler.exe[448] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Saitek\Software\Profiler.exe[448] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Saitek\Software\Profiler.exe[448] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Saitek\Software\Profiler.exe[448] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Saitek\Software\Profiler.exe[448] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Saitek\Software\Profiler.exe[448] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Saitek\Software\Profiler.exe[448] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Saitek\Software\Profiler.exe[448] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\csrss.exe[464] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[464] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[464] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[464] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[464] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[464] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[464] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[464] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[464] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[464] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[464] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[464] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[464] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[464] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[464] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[488] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[488] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[488] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[488] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[488] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[488] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[488] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[488] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[488] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[488] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[488] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[488] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[488] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[488] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[488] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[488] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[488] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[532] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[532] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[532] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[532] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[532] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[532] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[532] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[532] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[532] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[532] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[532] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[532] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[532] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[532] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[532] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[544] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[544] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[544] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[544] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[544] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[712] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[712] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[712] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[772] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[772] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[772] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[832] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[832] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[832] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[832] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[832] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[832] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[832] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[832] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[832] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[832] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[832] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[832] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[832] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\svchost.exe[840] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[840] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[840] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[840] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[840] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[840] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[840] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[840] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[840] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[840] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[840] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[840] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[840] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[840] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[840] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[840] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[840] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[840] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[840] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[840] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[840] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[840] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00080EC8
.text C:\WINDOWS\System32\svchost.exe[892] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[892] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[892] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[892] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[892] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[892] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[892] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[892] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[892] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[892] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[892] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[892] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[892] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[892] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[892] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00130F54
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00130FE0
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00130D24
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00130DB0
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00130E3C
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00130EC8
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] ws2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] ws2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jusched.exe[928] ws2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[956] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[956] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[956] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[956] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[956] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[956] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[956] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[956] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[956] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[956] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[956] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[956] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[956] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[956] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1000] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1000] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1000] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1000] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1000] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1000] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00080EC8

La_miczka · Příspěvekod **La_miczka** » 29 črc 2010 01:22

GMER Druhý log: 2.část

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1040] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1040] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1040] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1040] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1040] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1040] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1040] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1040] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1040] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1040] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1040] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1040] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1040] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1040] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1040] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1124] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1124] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1124] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1124] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1124] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1124] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1124] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1124] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1124] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1124] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1124] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1124] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1124] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1124] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1124] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1228] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1228] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1228] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1228] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1228] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1228] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1228] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1228] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1228] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1228] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1228] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1228] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1228] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1228] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\HPZipm12.exe[1388] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\System32\HPZipm12.exe[1388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\System32\HPZipm12.exe[1388] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\System32\HPZipm12.exe[1388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\System32\HPZipm12.exe[1388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\System32\HPZipm12.exe[1388] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\System32\HPZipm12.exe[1388] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\System32\HPZipm12.exe[1388] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\System32\HPZipm12.exe[1388] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\System32\HPZipm12.exe[1388] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\System32\HPZipm12.exe[1388] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\System32\HPZipm12.exe[1388] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\System32\HPZipm12.exe[1388] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\System32\HPZipm12.exe[1388] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\WINDOWS\System32\HPZipm12.exe[1388] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\WINDOWS\System32\HPZipm12.exe[1388] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\HPZipm12.exe[1388] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\System32\HPZipm12.exe[1388] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1856] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1856] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[2012] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[2012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[2012] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[2012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[2012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[2012] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[2012] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[2012] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[2012] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[2012] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[2012] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[2012] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[2012] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[2012] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[2012] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[2012] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[2012] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[2012] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[2012] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[2012] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[2012] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00080EC8
.text C:\WINDOWS\System32\svchost.exe[2012] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[2012] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[2012] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2088] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2088] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2088] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2088] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2088] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2088] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2088] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2088] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2088] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2088] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2088] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2088] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2088] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2088] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2088] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2088] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\explorer.exe[2672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\explorer.exe[2672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\explorer.exe[2672] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\explorer.exe[2672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\explorer.exe[2672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\explorer.exe[2672] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\explorer.exe[2672] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\explorer.exe[2672] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\explorer.exe[2672] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\explorer.exe[2672] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\explorer.exe[2672] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\explorer.exe[2672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\explorer.exe[2672] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\explorer.exe[2672] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\explorer.exe[2672] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\explorer.exe[2672] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\explorer.exe[2672] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\explorer.exe[2672] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00080D24
.text C:\WINDOWS\explorer.exe[2672] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\explorer.exe[2672] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\explorer.exe[2672] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00080EC8
.text C:\WINDOWS\explorer.exe[2672] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\explorer.exe[2672] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\explorer.exe[2672] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[2860] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[2860] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[2860] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[2860] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[2860] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\ctfmon.exe[3348] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[3348] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[3348] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[3348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[3348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[3348] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[3348] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[3348] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[3348] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[3348] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[3348] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[3348] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[3348] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[3348] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[3348] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3524] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3524] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3524] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3524] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3524] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3524] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3524] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3524] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3524] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3524] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3524] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3524] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3524] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3524] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3524] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] WS2_32.dll!socket 71A94211 5 Bytes JMP 000308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] WS2_32.dll!bind 71A94480 5 Bytes JMP 00030838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00030950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3744] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00030EC8
.text C:\Program Files\Antiviry\gmer.exe[3888] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Antiviry\gmer.exe[3888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Antiviry\gmer.exe[3888] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Antiviry\gmer.exe[3888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Antiviry\gmer.exe[3888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Antiviry\gmer.exe[3888] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Antiviry\gmer.exe[3888] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Antiviry\gmer.exe[3888] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Antiviry\gmer.exe[3888] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Antiviry\gmer.exe[3888] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Antiviry\gmer.exe[3888] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Antiviry\gmer.exe[3888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Antiviry\gmer.exe[3888] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Antiviry\gmer.exe[3888] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Antiviry\gmer.exe[3888] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B27A6B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B27A6B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B27A6B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B27A6B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B27A6B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B27A6B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B27A6B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[532] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003E0002
IAT C:\WINDOWS\system32\services.exe[532] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003E0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x77 0xEB 0x94 0x88 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x47 0x12 0x1E 0x32 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFA 0x72 0x41 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x77 0xEB 0x94 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x47 0x12 0x1E 0x32 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFA 0x72 0x41 0x9A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x77 0xEB 0x94 0x88 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x47 0x12 0x1E 0x32 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFA 0x72 0x41 0x9A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x77 0xEB 0x94 0x88 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x47 0x12 0x1E 0x32 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFA 0x72 0x41 0x9A ...

---- EOF - GMER 1.0.15 ----

La_miczka · Příspěvekod **La_miczka** » 29 črc 2010 01:28

MBR log:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x873737AC]<<
kernel: MBR read successfully
user & kernel MBR OK

Příspěvekod **jaro3** » 29 črc 2010 10:00

Vlož sem ještě také log z LopFind
Stáhni, vybal a spusť LopFind - Po jeho spuštění se během chvíle zobrazí textový dokument, jinak také uložený na disku pod umístěním C:\lop.txt, zkopíruj celý jeho obsah sem.

Stáhni si a spusť pod účtem administrátoraAvenger

Tlačítkem OK potvrď, že vše, co děláš v tomto programu, děláš na vlastní riziko
Zvol možnost "Load script from internet URL"
Do řádku pod tím zkopíruj následující adresu:

Kód: Vybrat vše

http://ne-e.eu/stration/script.txt

Klikni na Execute ke spuštění programu, nakonec klikni na OK a Tvůj počítač se restartuje

stáhni si fl.zip

Rozbal si ho na svojí plochu. Otevři složku a poklepej na fl.bat.
Po skončení činnosti najdeš zprávu v C:\findlop.txt.
Prosím zkopíruj sem celý obsah toho textu.

bledulka · Příspěvekod **bledulka** » 29 črc 2010 10:10

Jen doplním kolegu
Ještě otestuj na www.virustotal.com
C:\WINDOWS\system32\drivers\nvax.sys
-dej procházet, a do spodního okénka zkopíruj cestu k souboru.
-až bude test hotový, vlož sem link ke stránce s výsledky.

La_miczka · Příspěvekod **La_miczka** » 29 črc 2010 15:52

bledulka:test pro nvax.sys:

http://www.virustotal.com/cs/analisis/8 ... 1280410498

jaro3: log z LopFind

LopFind v4 © Čas: 15:31:22,48 Datum: čt 29.07.2010

******************************************

1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:

Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 5C60-CB9B.

Výpis adresáře C:\Documents and Settings\Administrator\DATAAP~1

16.09.2004 05:12 62 desktop.ini
16.09.2004 05:12 <DIR> ..
16.09.2004 05:12 <DIR> Microsoft
16.09.2004 05:12 <DIR> .
1 souborů, 62 bajtů
Adresářů: 3, Volných bajtů: 3179921408
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 5C60-CB9B.

Výpis adresáře C:\Documents and Settings\All Users\DATAAP~1

26.07.2010 17:41 <DIR> Malwarebytes
15.03.2010 17:14 <DIR> Real
18.01.2009 14:27 <DIR> Windows Genuine Advantage
18.10.2008 00:41 <DIR> Azureus
17.07.2008 21:41 <DIR> nView_Profiles
28.05.2008 18:37 <DIR> TEMP
09.03.2008 14:52 <DIR> Lavasoft
31.01.2007 17:46 <DIR> SmartSound Software Inc
31.01.2007 17:30 <DIR> QuickTime
01.12.2006 19:14 <DIR> InstallShield
13.07.2006 11:47 <DIR> Google
20.11.2005 20:32 <DIR> HP
20.11.2005 20:28 <DIR> Sonic
20.11.2005 20:10 7610 hpzinstall.log
03.11.2005 11:10 <DIR> Skype
07.01.2005 19:33 <DIR> Macrovision
20.10.2004 09:33 <DIR> Spybot - Search & Destroy
17.09.2004 13:24 <DIR> Propellerhead Software
16.09.2004 04:51 62 desktop.ini
16.09.2004 04:51 <DIR> Microsoft
16.09.2004 04:51 <DIR> .
16.09.2004 04:51 <DIR> ..
2 souborů, 7672 bajtů
Adresářů: 20, Volných bajtů: 3179917312
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 5C60-CB9B.

Výpis adresáře C:\Documents and Settings\Maik2\DATAAP~1

26.07.2010 17:41 <DIR> Malwarebytes
10.07.2010 11:10 <DIR> Solveig Multimedia
22.06.2010 18:42 <DIR> skypePM
24.02.2010 23:55 <DIR> InstallShield
16.09.2009 18:57 <DIR> dvdcss
16.09.2009 18:57 <DIR> vlc
06.05.2009 22:52 <DIR> BSplayer Pro
06.05.2009 22:52 <DIR> BSplayer
17.10.2008 20:12 <DIR> uTorrent
10.09.2008 16:17 <DIR> Ahead
14.08.2008 12:34 2032 HPSU_48BitScanUpdate.log
08.01.2008 16:00 0 HelpFilesUpdatePatch_HELPFILEREPLACE.log
08.01.2008 16:00 330 HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
08.01.2008 15:59 2780 PatchUpdate_InstantShareJPG.log
08.01.2008 15:59 3503 PatchUpdate_IZClosingDiscError.log
08.01.2008 15:56 74170 Update_HP_RedboxHprblog_HPSU.log
01.01.2007 11:56 4021 Hewlett-PackardHP PSC 1500 series1132511564_PROTOCOL.log
01.01.2007 11:56 210 Hewlett-PackardHP PSC 1500 series1132511564_API.log
01.01.2007 11:56 1136 Hewlett-PackardHP PSC 1500 series1132511564_UI.log
05.12.2006 22:39 <DIR> SecuROM
29.09.2006 19:38 <DIR> ATI
03.02.2006 21:52 <DIR> CyberLink
20.11.2005 20:07 <DIR> HP
14.11.2005 22:00 <DIR> atitray
22.10.2005 18:58 <DIR> Real
09.09.2005 13:11 <DIR> Google
23.06.2005 16:46 <DIR> Media Player Classic
21.11.2004 12:44 32168 GDIPFONTCACHEV1.DAT
20.10.2004 09:51 <DIR> Sun
18.10.2004 10:06 <DIR> Skype
18.10.2004 09:47 <DIR> Macromedia
18.09.2004 20:00 <DIR> teamspeak2
17.09.2004 18:23 <DIR> Adobe
17.09.2004 18:22 <DIR> InterTrust
17.09.2004 13:25 <DIR> Propellerhead Software
16.09.2004 04:04 <DIR> InterVideo
16.09.2004 03:55 <DIR> Sonic Foundry
16.09.2004 03:50 <DIR> Lavasoft
16.09.2004 03:44 <DIR> Talkback
16.09.2004 03:44 <DIR> Mozilla
16.09.2004 03:41 <DIR> Help
16.09.2004 03:05 <DIR> Identities
16.09.2004 03:05 62 desktop.ini
16.09.2004 03:05 <DIR> ..
16.09.2004 03:05 <DIR> .
16.09.2004 03:05 <DIR> Microsoft
11 souborů, 120412 bajtů
Adresářů: 35, Volných bajtů: 3179913216
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 5C60-CB9B.

Výpis adresáře C:\Documents and Settings\Default User\DATAAP~1

16.09.2004 04:51 62 desktop.ini
16.09.2004 04:51 <DIR> ..
16.09.2004 04:51 <DIR> Microsoft
16.09.2004 04:51 <DIR> .
1 souborů, 62 bajtů
Adresářů: 3, Volných bajtů: 3179933696
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 5C60-CB9B.

Výpis adresáře C:\Documents and Settings\LocalService\DATAAP~1

16.09.2004 03:04 <DIR> ..
16.09.2004 03:04 <DIR> Microsoft
16.09.2004 03:04 <DIR> .
0 souborů, 0 bajtů
Adresářů: 3, Volných bajtů: 3179913216
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 5C60-CB9B.

Výpis adresáře C:\Documents and Settings\NetworkService\DATAAP~1

16.09.2004 03:04 <DIR> ..
16.09.2004 03:04 <DIR> Microsoft
16.09.2004 03:04 <DIR> .
0 souborů, 0 bajtů
Adresářů: 3, Volných bajtů: 3179913216
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 5C60-CB9B.

Výpis adresáře C:\Documents and Settings\Maik2\Application Data

05.10.2004 21:21 <DIR> ..
05.10.2004 21:21 <DIR> Microsoft
05.10.2004 21:21 <DIR> .
0 souborů, 0 bajtů
Adresářů: 3, Volných bajtů: 3179917312

******************************************

2) Zjišťování přítomnosti ve složce Program Files:

a) Výpis obsahu Program Files složky pro zjištění duplicitních kopií podezřelých adresářů:

Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 5C60-CB9B.

Výpis adresáře C:\Program Files

28.07.2010 20:15 <DIR> .
28.07.2010 20:15 <DIR> ..
17.09.2004 18:23 <DIR> Adobe
23.04.2006 17:05 <DIR> Ahead
16.09.2004 03:58 <DIR> Alwil Software
29.07.2010 15:30 <DIR> Antiviry
09.11.2007 19:08 <DIR> ASIO4ALL v2
21.11.2004 15:14 <DIR> Audacity
07.10.2004 19:04 <DIR> BrightWindow
06.05.2009 22:52 <DIR> BS
23.06.2005 10:59 <DIR> Canon
22.01.2007 19:15 <DIR> CDex_150
04.05.2005 17:49 <DIR> CDS
13.07.2006 20:21 <DIR> Codec Pack - All In 1
28.07.2010 20:03 <DIR> Common Files
26.10.2008 23:41 <DIR> CosmoSoftware
16.09.2004 04:03 <DIR> Creative
31.01.2007 17:45 <DIR> CyberLink
05.12.2006 21:20 <DIR> DAEMON Tools
28.12.2007 23:15 <DIR> DivX
14.04.2006 00:30 <DIR> DVD Solution
24.02.2010 23:56 <DIR> EasyReminder
14.04.2008 11:41 <DIR> f4
24.01.2008 03:20 <DIR> ffdshow
13.04.2006 18:40 <DIR> FMS
28.05.2008 21:35 <DIR> Fonty
06.07.2006 18:24 <DIR> GIMP-2.0
11.03.2009 22:09 <DIR> Google
16.11.2005 14:44 <DIR> G-VISTA
20.11.2005 20:26 <DIR> HP
28.11.2009 20:28 <DIR> HyperLobbyPro3
06.03.2005 21:48 <DIR> CH Products
24.02.2010 23:55 <DIR> InstallShield Installation Information
15.06.2010 20:02 <DIR> Internet Explorer
25.02.2006 13:27 <DIR> InterVideo
06.07.2008 10:28 <DIR> IrfanView
02.03.2010 23:22 <DIR> Java
16.09.2004 03:58 <DIR> Kerio
12.07.2010 11:40 <DIR> Lavasoft
25.03.2005 19:31 <DIR> LizardTech
05.04.2005 15:15 <DIR> Macmillan
21.08.2008 00:58 <DIR> Messenger
16.09.2004 03:02 <DIR> microsoft frontpage
17.09.2004 18:29 <DIR> Microsoft Office
17.09.2004 18:29 <DIR> Microsoft Visual Studio
24.02.2010 23:47 <DIR> Miranda
13.03.2010 16:32 <DIR> Movie Maker
29.07.2010 15:30 <DIR> Mozilla Firefox
30.11.2006 17:42 <DIR> MP4 Transcoder
16.09.2004 02:58 <DIR> MSN
16.09.2004 02:58 <DIR> MSN Gaming Zone
21.08.2008 00:54 <DIR> MSXML 4.0
17.07.2008 21:25 <DIR> NetMeeting
20.07.2005 22:37 <DIR> NetRadio 2.01
16.09.2004 02:58 <DIR> Online Services
15.06.2010 19:58 <DIR> Outlook Express
26.10.2008 23:54 <DIR> ParallelGraphics
06.05.2007 14:03 <DIR> Real
06.02.2006 21:55 <DIR> RealVNC
22.10.2005 18:57 <DIR> RMconvertor
07.10.2004 20:51 <DIR> Saitek
18.11.2004 13:40 <DIR> SereneScreen
22.06.2010 18:41 <DIR> Skype
31.01.2007 17:46 <DIR> SmartSound Software
17.09.2004 18:56 <DIR> SPSS
13.07.2010 11:03 <DIR> Spybot - Search & Destroy
25.11.2004 19:52 <DIR> Steinberg
18.10.2008 00:32 <DIR> Sun
21.05.2007 12:09 <DIR> Sunbelt Software
25.05.2006 12:40 <DIR> TC PowerPack
18.09.2004 20:00 <DIR> teamspeak2_RC2
05.04.2005 15:16 <DIR> TEXTware
12.10.2007 22:33 <DIR> The All-Seeing Eye
11.04.2006 14:53 <DIR> totalcmd
16.09.2004 03:05 <DIR> Uninstall Information
20.06.2010 22:46 <DIR> uTorrent
11.09.2006 19:00 <DIR> Winamp
18.01.2009 14:30 <DIR> Windows Media Connect 2
18.01.2009 14:30 <DIR> Windows Media Player
17.07.2008 21:25 <DIR> Windows NT
18.10.2004 10:09 <DIR> WindowsUpdate
16.05.2010 20:02 <DIR> WinRAR
16.09.2004 03:02 <DIR> xerox
28.07.2006 16:12 <DIR> XoftSpy
14.06.2005 19:09 <DIR> XviD
0 souborů, 0 bajtů
Adresářů: 85, Volných bajtů: 3 179 913 216

b) Vyhledávání podvodných sponzorovaných programů ve složce Program Files:

Nebyly nalezeny žádné podvodné programy.

******************************************

3) Vyhledávání a odstranění podezřelých .job souborů:

a) Soubory přítomné v C:\WINDOWS\tasks\ adresáři:

Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 5C60-CB9B.

Výpis adresáře C:\WINDOWS\Tasks

16.09.2004 03:01 6 SA.DAT
16.09.2004 03:00 65 desktop.ini
16.09.2004 02:59 <DIR> ..
16.09.2004 02:59 <DIR> .
2 souborů, 71 bajtů
Adresářů: 2, Volných bajtů: 3 179 913 216

––––––––––––––––––––––––––––––––––––––––––

b) Zjišťování vlastností přítomných .job souborů:

Nebyly nalezeny žádné soubory představující naplánované úlohy.

––––––––––––––––––––––––––––––––––––––––––

c) Nalezené a odstraněné nežádoucí soubory:

Nebyly nalezeny žádné nežádoucí soubory.

––––––––––––––––––––––––––––––––––––––––––

d) Soubory přítomné v adresáři po vymazání:

Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 5C60-CB9B.

Výpis adresáře C:\WINDOWS\Tasks

16.09.2004 03:01 6 SA.DAT
16.09.2004 03:00 65 desktop.ini
16.09.2004 02:59 <DIR> ..
16.09.2004 02:59 <DIR> .
2 souborů, 71 bajtů
Adresářů: 2, Volných bajtů: 3 179 909 120

******************************************

4) Zjišťování přítomnosti v registru:

a) Vyhledávání spouštěcích bodů v registru:

Nebyly nalezeny žádné spouštěcí body v registru.

b) Export výjimek IE pop-up blockeru:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow]
"PopupMgr"="yes"

c) Export povolení Windows firewallu:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

»»»»»»»»»»»»» Konec výpisu «««««««««««««««

Ohledně Avengera: stačí jej v XP spustit z účtu s admin právy?
Pokud je třeba vlézt přímo do Administrátora pak mám problém: neznám heslo (instalaci OS jsem nedělal já). Co v takovém případě dělat dál?

Děkuji oběma za pomoc.

Příspěvekod **jaro3** » 29 črc 2010 18:32

Zkus Avenger spustit jako správce.

Potom ještě fl.

La_miczka · Příspěvekod **La_miczka** » 29 črc 2010 21:40

stránka zřejmě nefunguje - program vyhodil hlášku:
Could not open input URL: http://ne-e.eu/stration/script.txt (error 11001: není znám žádný takový hostitel)

faktem je že když jsem zkopíroval adresu do prohlížeče, žádná se nenačetla

bledulka · Příspěvekod **bledulka** » 29 črc 2010 22:14

Prosím Tě, ten hlas se ozývá až po přihlášení do Tvého učtu?
Odkdy to dělá, neinstaloval jsi nějaký nový program?

Příspěvekod **jaro3** » 30 črc 2010 10:21

Udělej ještě fl, ten Avenger vynech.

+
Stáhni AVP Tools
na svojí plochu.
Zaškrtni :
System Memory
Startup Objects
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Pokračuj podle instrukcí.Poté vlož log .(save log)

La_miczka · Příspěvekod **La_miczka** » 30 črc 2010 13:33

log z fl

Svazek v jednotce C nem § dnou jmenovku.
Seriove cislo svazku je 5C60-CB9B.

Věpis adres ýe C:\Documents and Settings\Maik2\Application Data

05.10.2004 21:21 <DIR> .
05.10.2004 21:21 <DIR> ..
05.10.2004 21:21 <DIR> Microsoft
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 3˙203˙809˙280

log z AVP tool udělám až večer - musim dnes na PC pracovat.

bledulka: dělá to už měsíc, soft jsem sice instaloval (freeware konverze formátů a stříhání), ale neobjevilo se to spolu s nimi, až později.Jedná se o SMMVSplitter a Avi to Mpeg. První je údajně bezpečný, ten druhý jsem odinstaloval.
Po startu XP se rovnou ocitám ve svém účtu -tzn. mám nastavit heslo a zkusit, jestli to otravuje před nalogováním do mého účtu?

Také se mi zdá, že ho dráždí spuštění aplikací přehrávající video či hudbu a to nejen offline ale i online (youtube). Je to pro mne obtížně identifikovatelné, protože hlas se objevuje zcela nepravidelně. Nicméně faktem je, že intenzita v takových situacích trochu stoupá, respektive když je pár minut klid, tak brzo skončí pokud takovou aplikaci spustím...

první dva tři dny se ozýval velmi sporadicky -právě jen když jsem si pouštěl film a nejdříve jsem si myslel, že to je softwarová hláška upozorňující buď na chybu nebo na , ehm, aut. práva.

Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Re: Neidentifikovatelný virus (?)

Kdo je online