Prosím o kontrolu logu Vyřešeno
Re: Prosím o kontrolu logu
Este raz spust GMER, zaskrtaj vsetky stvorceky vpravo a spust scan. Po jeho skonceni vloz log.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Prosím o kontrolu logu
Ok ale musím to dát do více oken, nevejde se to:
GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-27 12:26:37
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: H:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\uwtdypod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF3F9A6B8]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xF4155868]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF3F9A574]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xF4154E90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xF4154D9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xF41553FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xF4156210]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0xF4152786]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF3F9AA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF3F9A14C]
SSDT sptd.sys ZwEnumerateKey [0xF7407A92]
SSDT sptd.sys ZwEnumerateValueKey [0xF7407E20]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xF6BD101C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xF6BD1168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xF4155B54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF3F9A64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF3F9A08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF3F9A0F0]
SSDT sptd.sys ZwQueryKey [0xF7407EF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF3F9A76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF3F9A72E]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xF41554EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xF4155E8C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF3F9A8AE]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xF4155DE0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF3FA3678]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!NtCreateSection 8059F4EA 7 Bytes JMP F3FA367C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? H:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.text USBPORT.SYS!DllUnload F65F962C 5 Bytes JMP 863BB780
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F654A4D0 16 Bytes [89, CC, EB, 0A, A6, 98, 5F, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F654A4E1 31 Bytes [90, 54, F6, B9, F9, 6E, A0, ...]
? H:\WINDOWS\System32\Drivers\dtscsi.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
---- User code sections - GMER 1.0.15 ----
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\Explorer.EXE[280] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\Explorer.EXE[280] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\Explorer.EXE[280] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00080DB0
.text H:\WINDOWS\Explorer.EXE[280] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00080F54
.text H:\WINDOWS\Explorer.EXE[280] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00080D24
.text H:\WINDOWS\Explorer.EXE[280] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00080E3C
.text H:\WINDOWS\Explorer.EXE[280] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00080FE0
.text H:\WINDOWS\Explorer.EXE[280] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00080EC8
.text H:\WINDOWS\Explorer.EXE[280] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\Explorer.EXE[280] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\Explorer.EXE[280] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\DAEMON Tools\daemon.exe[396] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\DAEMON Tools\daemon.exe[396] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00130DB0
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00130F54
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00130D24
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00130E3C
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00130FE0
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00130EC8
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\system32\spoolsv.exe[796] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\system32\spoolsv.exe[796] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\system32\spoolsv.exe[796] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\system32\spoolsv.exe[796] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\system32\spoolsv.exe[796] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00160608
.text H:\WINDOWS\system32\csrss.exe[984] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001607AC
.text H:\WINDOWS\system32\csrss.exe[984] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00160720
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text H:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000707AC
.text H:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00070720
.text H:\WINDOWS\system32\winlogon.exe[1008] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000708C4
.text H:\WINDOWS\system32\winlogon.exe[1008] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00070838
.text H:\WINDOWS\system32\winlogon.exe[1008] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00070950
.text H:\WINDOWS\system32\winlogon.exe[1008] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00070DB0
.text H:\WINDOWS\system32\winlogon.exe[1008] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00070F54
.text H:\WINDOWS\system32\winlogon.exe[1008] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00070D24
.text H:\WINDOWS\system32\winlogon.exe[1008] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00070E3C
.text H:\WINDOWS\system32\winlogon.exe[1008] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00070FE0
.text H:\WINDOWS\system32\winlogon.exe[1008] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00070EC8
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\system32\services.exe[1052] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\system32\services.exe[1052] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\system32\services.exe[1052] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-27 12:26:37
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: H:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\uwtdypod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF3F9A6B8]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xF4155868]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF3F9A574]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xF4154E90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xF4154D9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xF41553FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xF4156210]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0xF4152786]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF3F9AA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF3F9A14C]
SSDT sptd.sys ZwEnumerateKey [0xF7407A92]
SSDT sptd.sys ZwEnumerateValueKey [0xF7407E20]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xF6BD101C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xF6BD1168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xF4155B54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF3F9A64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF3F9A08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF3F9A0F0]
SSDT sptd.sys ZwQueryKey [0xF7407EF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF3F9A76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF3F9A72E]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xF41554EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xF4155E8C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF3F9A8AE]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xF4155DE0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF3FA3678]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!NtCreateSection 8059F4EA 7 Bytes JMP F3FA367C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? H:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.text USBPORT.SYS!DllUnload F65F962C 5 Bytes JMP 863BB780
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F654A4D0 16 Bytes [89, CC, EB, 0A, A6, 98, 5F, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F654A4E1 31 Bytes [90, 54, F6, B9, F9, 6E, A0, ...]
? H:\WINDOWS\System32\Drivers\dtscsi.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
---- User code sections - GMER 1.0.15 ----
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\Explorer.EXE[280] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\Explorer.EXE[280] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\Explorer.EXE[280] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\Explorer.EXE[280] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00080DB0
.text H:\WINDOWS\Explorer.EXE[280] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00080F54
.text H:\WINDOWS\Explorer.EXE[280] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00080D24
.text H:\WINDOWS\Explorer.EXE[280] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00080E3C
.text H:\WINDOWS\Explorer.EXE[280] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00080FE0
.text H:\WINDOWS\Explorer.EXE[280] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00080EC8
.text H:\WINDOWS\Explorer.EXE[280] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\Explorer.EXE[280] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\Explorer.EXE[280] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\DAEMON Tools\daemon.exe[396] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\DAEMON Tools\daemon.exe[396] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\DAEMON Tools\daemon.exe[396] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[408] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[464] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00130DB0
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00130F54
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00130D24
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00130E3C
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00130FE0
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00130EC8
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\Java\jre6\bin\jusched.exe[484] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[508] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Documents and Settings\Martin Eliáš\Plocha\gmer\gmer.exe[784] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\system32\spoolsv.exe[796] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\system32\spoolsv.exe[796] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\system32\spoolsv.exe[796] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\system32\spoolsv.exe[796] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\system32\spoolsv.exe[796] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\system32\spoolsv.exe[796] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[916] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464
.text H:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00160608
.text H:\WINDOWS\system32\csrss.exe[984] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001607AC
.text H:\WINDOWS\system32\csrss.exe[984] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00160720
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text H:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text H:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000707AC
.text H:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00070720
.text H:\WINDOWS\system32\winlogon.exe[1008] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000708C4
.text H:\WINDOWS\system32\winlogon.exe[1008] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00070838
.text H:\WINDOWS\system32\winlogon.exe[1008] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00070950
.text H:\WINDOWS\system32\winlogon.exe[1008] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00070DB0
.text H:\WINDOWS\system32\winlogon.exe[1008] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00070F54
.text H:\WINDOWS\system32\winlogon.exe[1008] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00070D24
.text H:\WINDOWS\system32\winlogon.exe[1008] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00070E3C
.text H:\WINDOWS\system32\winlogon.exe[1008] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00070FE0
.text H:\WINDOWS\system32\winlogon.exe[1008] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00070EC8
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\system32\services.exe[1052] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\system32\services.exe[1052] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\system32\services.exe[1052] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\system32\services.exe[1052] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
Re: Prosím o kontrolu logu
text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\system32\lsass.exe[1064] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\system32\lsass.exe[1064] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\system32\lsass.exe[1064] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\system32\svchost.exe[1224] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\system32\svchost.exe[1224] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\system32\svchost.exe[1224] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\system32\svchost.exe[1300] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\system32\svchost.exe[1300] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\system32\svchost.exe[1300] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000707AC
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00070720
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000708C4
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00070838
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00070950
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\System32\svchost.exe[1464] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\System32\svchost.exe[1464] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\System32\svchost.exe[1464] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\System32\svchost.exe[1464] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\System32\svchost.exe[1464] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\WINDOWS\System32\svchost.exe[1464] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00080DB0
.text H:\WINDOWS\System32\svchost.exe[1464] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00080F54
.text H:\WINDOWS\System32\svchost.exe[1464] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00080D24
.text H:\WINDOWS\System32\svchost.exe[1464] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00080E3C
.text H:\WINDOWS\System32\svchost.exe[1464] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00080FE0
.text H:\WINDOWS\System32\svchost.exe[1464] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00080EC8
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\system32\svchost.exe[1568] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\system32\svchost.exe[1568] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00030608
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000307AC
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00030720
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00030DB0
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00030F54
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00030D24
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00030E3C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00030FE0
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00030EC8
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\system32\svchost.exe[1760] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\system32\svchost.exe[1760] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\system32\svchost.exe[1760] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\system32\svchost.exe[1760] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\system32\svchost.exe[1760] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00080DB0
.text H:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00080F54
.text H:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00080D24
.text H:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00080E3C
.text H:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00080FE0
.text H:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00080EC8
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\system32\lsass.exe[1064] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\system32\lsass.exe[1064] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\system32\lsass.exe[1064] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\system32\svchost.exe[1224] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\system32\svchost.exe[1224] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\system32\svchost.exe[1224] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\system32\svchost.exe[1300] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\system32\svchost.exe[1300] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\system32\svchost.exe[1300] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000707AC
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00070720
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000708C4
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00070838
.text H:\Program Files\Windows Defender\MsMpEng.exe[1424] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00070950
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\System32\svchost.exe[1464] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\System32\svchost.exe[1464] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\System32\svchost.exe[1464] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\System32\svchost.exe[1464] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\System32\svchost.exe[1464] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\WINDOWS\System32\svchost.exe[1464] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00080DB0
.text H:\WINDOWS\System32\svchost.exe[1464] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00080F54
.text H:\WINDOWS\System32\svchost.exe[1464] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00080D24
.text H:\WINDOWS\System32\svchost.exe[1464] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00080E3C
.text H:\WINDOWS\System32\svchost.exe[1464] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00080FE0
.text H:\WINDOWS\System32\svchost.exe[1464] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00080EC8
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\system32\svchost.exe[1568] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\system32\svchost.exe[1568] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[1604] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Bonjour\mDNSResponder.exe[1616] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00030608
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000307AC
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00030720
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00030DB0
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00030F54
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00030D24
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00030E3C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00030FE0
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1684] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00030EC8
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Java\jre6\bin\jqs.exe[1708] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\system32\svchost.exe[1760] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\system32\svchost.exe[1760] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\system32\svchost.exe[1760] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\system32\svchost.exe[1760] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\system32\svchost.exe[1760] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00080DB0
.text H:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00080F54
.text H:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00080D24
.text H:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00080E3C
.text H:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00080FE0
.text H:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00080EC8
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1784] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
Re: Prosím o kontrolu logu
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\system32\svchost.exe[1800] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\system32\svchost.exe[1800] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text H:\WINDOWS\system32\wdfmgr.exe[1868] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000707AC
.text H:\WINDOWS\system32\wdfmgr.exe[1868] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00070720
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\WINDOWS\system32\nvsvc32.exe[2008] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\WINDOWS\system32\nvsvc32.exe[2008] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\WINDOWS\system32\nvsvc32.exe[2008] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\WINDOWS\system32\nvsvc32.exe[2008] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\WINDOWS\system32\nvsvc32.exe[2008] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text H:\WINDOWS\system32\wscntfy.exe[2604] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000707AC
.text H:\WINDOWS\system32\wscntfy.exe[2604] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00070720
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\System32\alg.exe[3160] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\System32\alg.exe[3160] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\System32\alg.exe[3160] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\System32\alg.exe[3160] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\System32\alg.exe[3160] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00130DB0
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00130F54
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00130D24
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00130E3C
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00130FE0
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00130EC8
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7402AB4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7402BFA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7402B7C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7403728] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74035FE] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7415C5A] sptd.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT H:\WINDOWS\system32\services.exe[1052] @ H:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT H:\WINDOWS\system32\services.exe[1052] @ H:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 867501E8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-0 863B81E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 867521E8
Device \Driver\dmio \Device\DmControl\DmConfig 867521E8
Device \Driver\dmio \Device\DmControl\DmPnP 867521E8
Device \Driver\dmio \Device\DmControl\DmInfo 867521E8
Device \Driver\usbuhci \Device\USBPDO-1 863B81E8
Device \Driver\usbehci \Device\USBPDO-2 86460980
Device \Driver\usbuhci \Device\USBPDO-3 863B81E8
Device \Driver\usbuhci \Device\USBPDO-4 863B81E8
Device \Driver\PCI_NTPNP4504 \Device\00000048 sptd.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
Device \Driver\usbuhci \Device\USBPDO-5 863B81E8
Device \Driver\usbehci \Device\USBPDO-6 86460980
Device \Driver\Ftdisk \Device\HarddiskVolume1 867BF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 867BF1E8
Device \Driver\Cdrom \Device\CdRom0 86395980
Device \Driver\Ftdisk \Device\HarddiskVolume3 867BF1E8
Device \Driver\Cdrom \Device\CdRom1 86395980
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 867BE1E8
Device \Driver\atapi \Device\Ide\IdePort0 867BE1E8
Device \Driver\atapi \Device\Ide\IdePort1 867BE1E8
Device \Driver\atapi \Device\Ide\IdePort2 867BE1E8
Device \Driver\atapi \Device\Ide\IdePort3 867BE1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 867BE1E8
Device \Driver\usbstor \Device\00000080 86350980
Device \Driver\usbstor \Device\00000081 86350980
Device \Driver\NetBT \Device\NetBt_Wins_Export 85BDE1E8
Device \Driver\NetBT \Device\NetbiosSmb 85BDE1E8
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBFDO-0 863B81E8
Device \Driver\usbuhci \Device\USBFDO-1 863B81E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85BA51E8
Device \Driver\usbehci \Device\USBFDO-2 86460980
Device \Driver\NetBT \Device\NetBT_Tcpip_{2EA62BFF-AFF0-4BFB-88BE-7314A5F78EA8} 85BDE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85BA51E8
Device \Driver\usbuhci \Device\USBFDO-3 863B81E8
Device \Driver\usbstor \Device\0000007d 86350980
Device \Driver\usbuhci \Device\USBFDO-4 863B81E8
Device \Driver\Ftdisk \Device\FtControl 867BF1E8
Device \Driver\usbstor \Device\0000007e 86350980
Device \Driver\usbuhci \Device\USBFDO-5 863B81E8
Device \Driver\usbstor \Device\0000007f 86350980
Device \Driver\usbehci \Device\USBFDO-6 86460980
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 862A43A0
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 867511E8
Device \Driver\JRAID \Device\Scsi\JRAID1 867511E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 862A43A0
Device \FileSystem\Cdfs \Cdfs 85BDD1E8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1005427521
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1031698075
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x18 0xE4 0x6F 0x7C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 H:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x32 0x8F 0x3B 0xB9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8A 0xF7 0xF9 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x18 0xE4 0x6F 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 H:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x32 0x8F 0x3B 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8A 0xF7 0xF9 0x21 ...
END
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\system32\svchost.exe[1800] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\system32\svchost.exe[1800] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\CDBurnerXP\NMSAccessU.exe[1852] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text H:\WINDOWS\system32\wdfmgr.exe[1868] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text H:\WINDOWS\system32\wdfmgr.exe[1868] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000707AC
.text H:\WINDOWS\system32\wdfmgr.exe[1868] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00070720
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1920] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\WINDOWS\system32\nvsvc32.exe[2008] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\WINDOWS\system32\nvsvc32.exe[2008] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\WINDOWS\system32\nvsvc32.exe[2008] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\WINDOWS\system32\nvsvc32.exe[2008] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\WINDOWS\system32\nvsvc32.exe[2008] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\WINDOWS\system32\nvsvc32.exe[2008] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2420] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2448] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2508] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text H:\WINDOWS\system32\wscntfy.exe[2604] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text H:\WINDOWS\system32\wscntfy.exe[2604] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000707AC
.text H:\WINDOWS\system32\wscntfy.exe[2604] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00070720
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3104] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text H:\WINDOWS\System32\alg.exe[3160] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text H:\WINDOWS\System32\alg.exe[3160] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text H:\WINDOWS\System32\alg.exe[3160] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text H:\WINDOWS\System32\alg.exe[3160] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text H:\WINDOWS\System32\alg.exe[3160] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text H:\WINDOWS\System32\alg.exe[3160] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00130DB0
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00130F54
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00130D24
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00130E3C
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00130FE0
.text H:\Program Files\ICQ6.5\ICQ.exe[3464] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00130EC8
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7402AB4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7402BFA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7402B7C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7403728] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74035FE] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7415C5A] sptd.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT H:\WINDOWS\system32\services.exe[1052] @ H:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT H:\WINDOWS\system32\services.exe[1052] @ H:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 867501E8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-0 863B81E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 867521E8
Device \Driver\dmio \Device\DmControl\DmConfig 867521E8
Device \Driver\dmio \Device\DmControl\DmPnP 867521E8
Device \Driver\dmio \Device\DmControl\DmInfo 867521E8
Device \Driver\usbuhci \Device\USBPDO-1 863B81E8
Device \Driver\usbehci \Device\USBPDO-2 86460980
Device \Driver\usbuhci \Device\USBPDO-3 863B81E8
Device \Driver\usbuhci \Device\USBPDO-4 863B81E8
Device \Driver\PCI_NTPNP4504 \Device\00000048 sptd.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
Device \Driver\usbuhci \Device\USBPDO-5 863B81E8
Device \Driver\usbehci \Device\USBPDO-6 86460980
Device \Driver\Ftdisk \Device\HarddiskVolume1 867BF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 867BF1E8
Device \Driver\Cdrom \Device\CdRom0 86395980
Device \Driver\Ftdisk \Device\HarddiskVolume3 867BF1E8
Device \Driver\Cdrom \Device\CdRom1 86395980
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 867BE1E8
Device \Driver\atapi \Device\Ide\IdePort0 867BE1E8
Device \Driver\atapi \Device\Ide\IdePort1 867BE1E8
Device \Driver\atapi \Device\Ide\IdePort2 867BE1E8
Device \Driver\atapi \Device\Ide\IdePort3 867BE1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 867BE1E8
Device \Driver\usbstor \Device\00000080 86350980
Device \Driver\usbstor \Device\00000081 86350980
Device \Driver\NetBT \Device\NetBt_Wins_Export 85BDE1E8
Device \Driver\NetBT \Device\NetbiosSmb 85BDE1E8
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBFDO-0 863B81E8
Device \Driver\usbuhci \Device\USBFDO-1 863B81E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85BA51E8
Device \Driver\usbehci \Device\USBFDO-2 86460980
Device \Driver\NetBT \Device\NetBT_Tcpip_{2EA62BFF-AFF0-4BFB-88BE-7314A5F78EA8} 85BDE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85BA51E8
Device \Driver\usbuhci \Device\USBFDO-3 863B81E8
Device \Driver\usbstor \Device\0000007d 86350980
Device \Driver\usbuhci \Device\USBFDO-4 863B81E8
Device \Driver\Ftdisk \Device\FtControl 867BF1E8
Device \Driver\usbstor \Device\0000007e 86350980
Device \Driver\usbuhci \Device\USBFDO-5 863B81E8
Device \Driver\usbstor \Device\0000007f 86350980
Device \Driver\usbehci \Device\USBFDO-6 86460980
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 862A43A0
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 867511E8
Device \Driver\JRAID \Device\Scsi\JRAID1 867511E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 862A43A0
Device \FileSystem\Cdfs \Cdfs 85BDD1E8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1005427521
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1031698075
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x18 0xE4 0x6F 0x7C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 H:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x32 0x8F 0x3B 0xB9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8A 0xF7 0xF9 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x18 0xE4 0x6F 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 H:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x32 0x8F 0x3B 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8A 0xF7 0xF9 0x21 ...
END
Re: Prosím o kontrolu logu
Nic skodliveho tam navidim...
1) Docistime to:
2) Vloz log z HJT.
V pripade nezrovnalosti sa tu nachadza navod.
1) Docistime to:
- Odinstaluj Combofix:
Start -> Spustit -> (napis) combofix /u
- Pouzi T-Cleaner (ak by ho antivirus hlasil ako smejda, nic sa netreba bat, ide len o paranoju AV programu).
- Precisti PC CCleanerom (vratane registrov).
- Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).
2) Vloz log z HJT.
V pripade nezrovnalosti sa tu nachadza navod.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Prosím o kontrolu logu
Přijde mi to PC nějaký pomalý ted:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:20, on 28.9.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\CDBurnerXP\NMSAccessU.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\DAEMON Tools\daemon.exe
H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
H:\WINDOWS\system32\wscntfy.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
H:\Documents and Settings\Martin Eliáš\Plocha\Utility\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinPatrol] H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Task Catcher] H:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "H:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2446888218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2448678593
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - H:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
--
End of file - 6761 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:20, on 28.9.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\CDBurnerXP\NMSAccessU.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\DAEMON Tools\daemon.exe
H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
H:\WINDOWS\system32\wscntfy.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
H:\Documents and Settings\Martin Eliáš\Plocha\Utility\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinPatrol] H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Task Catcher] H:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "H:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2446888218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2448678593
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - H:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
--
End of file - 6761 bytes
Re: Prosím o kontrolu logu
Eli píše:Přijde mi to PC nějaký pomalý ted:
To je od kedy?
1) Fixni v HJT (zasrktni stvorcek pri danom riadku a stlac "Fix Checked"):
Kód: Vybrat vše
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2446888218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 24486785932) Pojdes sem a das si spravit scan. Tu je navod (by sundavis):
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Prosím o kontrolu logu
KAspersky se mi nesputí tvrdí že potřebuje Javu, tu já sice mám, ale nějak to s ní prostě nefachčí:-(
Re: Prosím o kontrolu logu
Pouzi JavaRa a nainstaluj novu.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Prosím o kontrolu logu
Vůbec:-( ani po přeinstalu Javy se to nespustí...
Re: Prosím o kontrolu logu
Stiahni a spust AVPTool. Vypracuj log podla navodu a vloz ho.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Prosím o kontrolu logu
Scan
----
Scanned: 424429
Detected: 1
Untreated: 0
Start time: 30.9.2009 19:08:54
Duration: 03:15:46
Finish time: 30.9.2009 22:24:40
Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan-Downloader.HTML.Agent.c File: H:\Eliáš Martin\Data aplikací\Opera\Opera\profile\cache4\opr04XLQ.htm
---moc dat----
30.9.2009 22:24:13 File: K:\System Volume Information\ skipped by rights
30.9.2009 22:24:14 File: h:\eliáš martin\data aplikací\opera\opera\profile\cache4\opr04xlq.htm detected Trojan program 'Trojan-Downloader.HTML.Agent.c'
30.9.2009 22:24:26 File: h:\eliáš martin\data aplikací\opera\opera\profile\cache4\opr04xlq.htm backed up
30.9.2009 22:24:40 File: h:\eliáš martin\data aplikací\opera\opera\profile\cache4\opr04xlq.htm deleted
Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
All objects 184587 1 1 0 0 5086 2048 466 0
System memory 4092 0 0 0 0 2 2 0 0
Startup objects 774 0 0 0 0 1 132 0 0
Disk boot sectors 5 0 0 0 0 0 0 0 0
Tento počítač 179716 1 1 0 0 5083 1914 466 0
Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes
Quarantine
----------
Status Object Size Added
------ ------ ---- -----
Backup
------
Status Object Size
------ ------ ----
----
Scanned: 424429
Detected: 1
Untreated: 0
Start time: 30.9.2009 19:08:54
Duration: 03:15:46
Finish time: 30.9.2009 22:24:40
Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan-Downloader.HTML.Agent.c File: H:\Eliáš Martin\Data aplikací\Opera\Opera\profile\cache4\opr04XLQ.htm
---moc dat----
30.9.2009 22:24:13 File: K:\System Volume Information\ skipped by rights
30.9.2009 22:24:14 File: h:\eliáš martin\data aplikací\opera\opera\profile\cache4\opr04xlq.htm detected Trojan program 'Trojan-Downloader.HTML.Agent.c'
30.9.2009 22:24:26 File: h:\eliáš martin\data aplikací\opera\opera\profile\cache4\opr04xlq.htm backed up
30.9.2009 22:24:40 File: h:\eliáš martin\data aplikací\opera\opera\profile\cache4\opr04xlq.htm deleted
Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
All objects 184587 1 1 0 0 5086 2048 466 0
System memory 4092 0 0 0 0 2 2 0 0
Startup objects 774 0 0 0 0 1 132 0 0
Disk boot sectors 5 0 0 0 0 0 0 0 0
Tento počítač 179716 1 1 0 0 5083 1914 466 0
Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes
Quarantine
----------
Status Object Size Added
------ ------ ---- -----
Backup
------
Status Object Size
------ ------ ----
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 96 hostů