a přikládám log 2, musím ho rozdělit , nevejde se do jednoho příspěvku
GMER 1.0.15.15227 - http://www.gmer.net
Rootkit scan 2009-11-17 15:44:03
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Michal\LOCALS~1\Temp\fxndypog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwClose [0xAEE1DF80]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xAEE1D552]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateKey [0xAEE19882]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xAEE1CA1A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xAEE1C910]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xAEE1CF2A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xAEE1E034]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xAEE19D54]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteValueKey [0xAEE19E70]
SSDT spzf.sys ZwEnumerateKey [0xB7EC5CA4]
SSDT spzf.sys ZwEnumerateValueKey [0xB7EC6032]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xAEC04F64]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xAEC0524A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xAEE1D906]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xAEE19B78]
SSDT spzf.sys ZwQueryKey [0xB7EC610A]
SSDT spzf.sys ZwQueryValueKey [0xB7EC5F8A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xAEE1D0DC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xAEE1DCE0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwSetValueKey [0xAEE1A038]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xAEE1DBB2]
INT 0x63 ? 8ACAFBF8
INT 0x73 ? 8ACAFBF8
INT 0xA4 ? 8AA72BF8
INT 0xB4 ? 8AA72BF8
---- Kernel code sections - GMER 1.0.15 ----
? spzf.sys Systém nemůže nalézt uvedený soubor. !
PAGENDSM NDIS.sys!NdisMIndicateStatus B7CDF9EF 6 Bytes JMP AEE11C5E \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
.text USBPORT.SYS!DllUnload B68078AC 5 Bytes JMP 8AA721D8
.text as8w2zz7.SYS B5F50386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text as8w2zz7.SYS B5F503AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text as8w2zz7.SYS B5F503C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text as8w2zz7.SYS B5F503C9 1 Byte [30]
.text as8w2zz7.SYS B5F503C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[128] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[128] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[128] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[128] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[128] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[128] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[128] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[128] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[128] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[128] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[128] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[128] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[128] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[180] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[180] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[180] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[180] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[180] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[180] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[180] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[180] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[180] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[180] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[180] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[180] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[180] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\CTsvcCDA.exe[212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\CTsvcCDA.exe[212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\CTsvcCDA.exe[212] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\CTsvcCDA.exe[212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\CTsvcCDA.exe[212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\CTsvcCDA.exe[212] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\CTsvcCDA.exe[212] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\CTsvcCDA.exe[212] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\CTsvcCDA.exe[212] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\CTsvcCDA.exe[212] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\CTsvcCDA.exe[212] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\CTsvcCDA.exe[212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\CTsvcCDA.exe[212] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\CTsvcCDA.exe[212] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\CTsvcCDA.exe[212] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\ScsiAccess.EXE[280] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\ScsiAccess.EXE[280] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\ScsiAccess.EXE[280] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\ScsiAccess.EXE[280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\ScsiAccess.EXE[280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\ScsiAccess.EXE[280] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\ScsiAccess.EXE[280] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\ScsiAccess.EXE[280] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\ScsiAccess.EXE[280] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\ScsiAccess.EXE[280] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\ScsiAccess.EXE[280] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\ScsiAccess.EXE[280] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\ScsiAccess.EXE[280] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[380] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[380] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[380] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[380] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[380] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[380] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[380] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[380] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[380] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[380] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[380] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[380] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[380] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[380] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\windows\system32\PnkBstrB.exe[400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\windows\system32\PnkBstrB.exe[400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\windows\system32\PnkBstrB.exe[400] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\windows\system32\PnkBstrB.exe[400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\windows\system32\PnkBstrB.exe[400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\windows\system32\PnkBstrB.exe[400] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\windows\system32\PnkBstrB.exe[400] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\windows\system32\PnkBstrB.exe[400] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\windows\system32\PnkBstrB.exe[400] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\windows\system32\PnkBstrB.exe[400] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\windows\system32\PnkBstrB.exe[400] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\windows\system32\PnkBstrB.exe[400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\windows\system32\PnkBstrB.exe[400] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\windows\system32\PnkBstrB.exe[400] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\windows\system32\PnkBstrB.exe[400] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\windows\system32\PnkBstrB.exe[400] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\windows\system32\PnkBstrB.exe[400] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\windows\system32\PnkBstrB.exe[400] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Messenger\msmsgs.exe[504] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\Program Files\Messenger\msmsgs.exe[504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\Program Files\Messenger\msmsgs.exe[504] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\Program Files\Messenger\msmsgs.exe[504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\Program Files\Messenger\msmsgs.exe[504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\Program Files\Messenger\msmsgs.exe[504] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\Program Files\Messenger\msmsgs.exe[504] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\Program Files\Messenger\msmsgs.exe[504] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\Program Files\Messenger\msmsgs.exe[504] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\Program Files\Messenger\msmsgs.exe[504] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\Program Files\Messenger\msmsgs.exe[504] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\Program Files\Messenger\msmsgs.exe[504] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\Program Files\Messenger\msmsgs.exe[504] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\Program Files\Messenger\msmsgs.exe[504] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\Program Files\Messenger\msmsgs.exe[504] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\Messenger\msmsgs.exe[504] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\Program Files\Messenger\msmsgs.exe[504] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\Program Files\Messenger\msmsgs.exe[504] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Messenger\msmsgs.exe[504] WININET.dll!InternetOpenW 771AAF45 5 Bytes JMP 00080DB0
.text C:\Program Files\Messenger\msmsgs.exe[504] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00080F54
.text C:\Program Files\Messenger\msmsgs.exe[504] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00080D24
.text C:\Program Files\Messenger\msmsgs.exe[504] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00080E3C
.text C:\Program Files\Messenger\msmsgs.exe[504] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00080FE0
.text C:\Program Files\Messenger\msmsgs.exe[504] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00080EC8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] WS2_32.dll!socket 71A94211 5 Bytes JMP 000308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] WS2_32.dll!bind 71A94480 5 Bytes JMP 00030838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00030950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] WININET.dll!InternetOpenW 771AAF45 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[520] WININET.dll!InternetOpenUrlW
Kontrola HJT - problém s připojením na net Vyřešeno
Re: Kontrola HJT - problém s připojením na net
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001901A8
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00190090
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00190694
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001902C0
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00190234
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00190004
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0019011C
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001904F0
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0019057C
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001903D8
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0019034C
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00190464
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00190608
.text C:\windows\system32\drivers\KodakCCS.exe[524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001907AC
.text C:\windows\system32\drivers\KodakCCS.exe[524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00190720
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608
.text C:\windows\system32\csrss.exe[768] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001607AC
.text C:\windows\system32\csrss.exe[768] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00160720
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\windows\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\windows\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\windows\system32\winlogon.exe[792] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\windows\system32\winlogon.exe[792] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\windows\system32\winlogon.exe[792] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\windows\system32\services.exe[836] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\system32\services.exe[836] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\services.exe[836] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\services.exe[836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\services.exe[836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\services.exe[836] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\services.exe[836] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\services.exe[836] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\services.exe[836] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\services.exe[836] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\services.exe[836] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\services.exe[836] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\services.exe[836] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\services.exe[836] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\services.exe[836] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\system32\savedump.exe[848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\system32\savedump.exe[848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\savedump.exe[848] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\savedump.exe[848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\savedump.exe[848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\savedump.exe[848] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\savedump.exe[848] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\savedump.exe[848] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\savedump.exe[848] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\savedump.exe[848] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\savedump.exe[848] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\savedump.exe[848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\savedump.exe[848] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\savedump.exe[848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\savedump.exe[848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\system32\lsass.exe[856] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\system32\lsass.exe[856] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\lsass.exe[856] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\lsass.exe[856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\lsass.exe[856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\lsass.exe[856] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\lsass.exe[856] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\lsass.exe[856] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\lsass.exe[856] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\lsass.exe[856] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\lsass.exe[856] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\lsass.exe[856] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\lsass.exe[856] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\lsass.exe[856] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\lsass.exe[856] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\system32\lsass.exe[856] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\system32\lsass.exe[856] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\system32\lsass.exe[856] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] wininet.dll!InternetOpenW 771AAF45 5 Bytes JMP 00140DB0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] wininet.dll!InternetConnectA 771B345A 5 Bytes JMP 00140F54
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] wininet.dll!InternetOpenA 771B5796 5 Bytes JMP 00140D24
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] wininet.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00140E3C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] wininet.dll!InternetConnectW 771BEE40 5 Bytes JMP 00140FE0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] wininet.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00140EC8
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\windows\system32\nvsvc32.exe[1032] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\windows\system32\nvsvc32.exe[1032] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\system32\svchost.exe[1060] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\system32\svchost.exe[1060] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\system32\svchost.exe[1060] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] WININET.dll!InternetOpenW 771AAF45 5 Bytes JMP 00140DB0
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00140F54
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00140D24
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00140E3C
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00140FE0
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00140EC8
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\system32\svchost.exe[1112] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\system32\svchost.exe[1112] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\system32\svchost.exe[1112] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00190090
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00190694
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001902C0
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00190234
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00190004
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0019011C
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001904F0
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0019057C
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001903D8
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0019034C
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00190464
.text C:\windows\system32\drivers\KodakCCS.exe[524] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00190608
.text C:\windows\system32\drivers\KodakCCS.exe[524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001907AC
.text C:\windows\system32\drivers\KodakCCS.exe[524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00190720
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464
.text C:\windows\system32\csrss.exe[768] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608
.text C:\windows\system32\csrss.exe[768] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001607AC
.text C:\windows\system32\csrss.exe[768] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00160720
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\windows\system32\winlogon.exe[792] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\windows\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\windows\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\windows\system32\winlogon.exe[792] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\windows\system32\winlogon.exe[792] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\windows\system32\winlogon.exe[792] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\windows\system32\services.exe[836] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\system32\services.exe[836] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\services.exe[836] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\services.exe[836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\services.exe[836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\services.exe[836] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\services.exe[836] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\services.exe[836] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\services.exe[836] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\services.exe[836] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\services.exe[836] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\services.exe[836] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\services.exe[836] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\services.exe[836] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\services.exe[836] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\system32\savedump.exe[848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\system32\savedump.exe[848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\savedump.exe[848] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\savedump.exe[848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\savedump.exe[848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\savedump.exe[848] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\savedump.exe[848] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\savedump.exe[848] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\savedump.exe[848] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\savedump.exe[848] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\savedump.exe[848] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\savedump.exe[848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\savedump.exe[848] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\savedump.exe[848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\savedump.exe[848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\system32\lsass.exe[856] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\system32\lsass.exe[856] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\lsass.exe[856] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\lsass.exe[856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\lsass.exe[856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\lsass.exe[856] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\lsass.exe[856] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\lsass.exe[856] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\lsass.exe[856] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\lsass.exe[856] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\lsass.exe[856] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\lsass.exe[856] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\lsass.exe[856] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\lsass.exe[856] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\lsass.exe[856] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\system32\lsass.exe[856] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\system32\lsass.exe[856] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\system32\lsass.exe[856] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] wininet.dll!InternetOpenW 771AAF45 5 Bytes JMP 00140DB0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] wininet.dll!InternetConnectA 771B345A 5 Bytes JMP 00140F54
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] wininet.dll!InternetOpenA 771B5796 5 Bytes JMP 00140D24
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] wininet.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00140E3C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] wininet.dll!InternetConnectW 771BEE40 5 Bytes JMP 00140FE0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[932] wininet.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00140EC8
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\windows\system32\nvsvc32.exe[1032] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\windows\system32\nvsvc32.exe[1032] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\windows\system32\nvsvc32.exe[1032] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\svchost.exe[1060] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\system32\svchost.exe[1060] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\system32\svchost.exe[1060] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\system32\svchost.exe[1060] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] WININET.dll!InternetOpenW 771AAF45 5 Bytes JMP 00140DB0
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00140F54
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00140D24
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00140E3C
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00140FE0
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00140EC8
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\iTunes\iTunesHelper.exe[1092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\svchost.exe[1112] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\system32\svchost.exe[1112] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\system32\svchost.exe[1112] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\system32\svchost.exe[1112] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
Re: Kontrola HJT - problém s připojením na net
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Eset\nod32kui.exe[1168] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Eset\nod32kui.exe[1168] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\System32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\System32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\System32\svchost.exe[1220] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\System32\svchost.exe[1220] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\System32\svchost.exe[1220] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\windows\System32\svchost.exe[1220] WININET.dll!InternetOpenW 771AAF45 5 Bytes JMP 00080DB0
.text C:\windows\System32\svchost.exe[1220] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00080F54
.text C:\windows\System32\svchost.exe[1220] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00080D24
.text C:\windows\System32\svchost.exe[1220] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00080E3C
.text C:\windows\System32\svchost.exe[1220] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00080FE0
.text C:\windows\System32\svchost.exe[1220] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00080EC8
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\QuickTime\qttask.exe[1248] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\QuickTime\qttask.exe[1248] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\System32\svchost.exe[1304] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\System32\svchost.exe[1304] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\System32\svchost.exe[1304] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\System32\svchost.exe[1304] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\System32\svchost.exe[1304] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\RUNDLL32.EXE[1364] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\RUNDLL32.EXE[1364] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Eset\nod32krn.exe[1416] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Eset\nod32krn.exe[1416] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Eset\nod32krn.exe[1416] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Eset\nod32krn.exe[1416] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Eset\nod32krn.exe[1416] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\system32\svchost.exe[1536] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\system32\svchost.exe[1536] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\system32\svchost.exe[1536] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] WININET.DLL!InternetOpenW 771AAF45 5 Bytes JMP 00140DB0
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] WININET.DLL!InternetConnectA 771B345A 5 Bytes JMP 00140F54
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] WININET.DLL!InternetOpenA 771B5796 5 Bytes JMP 00140D24
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] WININET.DLL!InternetOpenUrlA 771B5A62 5 Bytes JMP 00140E3C
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] WININET.DLL!InternetConnectW 771BEE40 5 Bytes JMP 00140FE0
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] WININET.DLL!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00140EC8
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Eset\nod32kui.exe[1168] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Eset\nod32kui.exe[1168] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Eset\nod32kui.exe[1168] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1176] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1196] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\System32\svchost.exe[1220] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\System32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\System32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\System32\svchost.exe[1220] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\System32\svchost.exe[1220] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\System32\svchost.exe[1220] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\windows\System32\svchost.exe[1220] WININET.dll!InternetOpenW 771AAF45 5 Bytes JMP 00080DB0
.text C:\windows\System32\svchost.exe[1220] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00080F54
.text C:\windows\System32\svchost.exe[1220] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00080D24
.text C:\windows\System32\svchost.exe[1220] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00080E3C
.text C:\windows\System32\svchost.exe[1220] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00080FE0
.text C:\windows\System32\svchost.exe[1220] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00080EC8
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\QuickTime\qttask.exe[1248] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\QuickTime\qttask.exe[1248] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\QuickTime\qttask.exe[1248] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\svchost.exe[1260] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\System32\svchost.exe[1304] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\System32\svchost.exe[1304] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\System32\svchost.exe[1304] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\System32\svchost.exe[1304] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\System32\svchost.exe[1304] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\System32\svchost.exe[1304] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\RUNDLL32.EXE[1364] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\RUNDLL32.EXE[1364] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\RUNDLL32.EXE[1364] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Eset\nod32krn.exe[1416] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Eset\nod32krn.exe[1416] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Eset\nod32krn.exe[1416] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Eset\nod32krn.exe[1416] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Eset\nod32krn.exe[1416] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Eset\nod32krn.exe[1416] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[1456] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1460] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\svchost.exe[1536] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\system32\svchost.exe[1536] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\system32\svchost.exe[1536] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\system32\svchost.exe[1536] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1576] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] WININET.DLL!InternetOpenW 771AAF45 5 Bytes JMP 00140DB0
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] WININET.DLL!InternetConnectA 771B345A 5 Bytes JMP 00140F54
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] WININET.DLL!InternetOpenA 771B5796 5 Bytes JMP 00140D24
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] WININET.DLL!InternetOpenUrlA 771B5A62 5 Bytes JMP 00140E3C
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] WININET.DLL!InternetConnectW 771BEE40 5 Bytes JMP 00140FE0
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[1628] WININET.DLL!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00140EC8
Re: Kontrola HJT - problém s připojením na net
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\spoolsv.exe[1660] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\spoolsv.exe[1660] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\system32\spoolsv.exe[1660] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\system32\spoolsv.exe[1660] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\system32\spoolsv.exe[1660] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\wuauclt.exe[1692] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\wuauclt.exe[1692] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\system32\wuauclt.exe[1692] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\system32\wuauclt.exe[1692] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\system32\wuauclt.exe[1692] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\System32\svchost.exe[1752] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\System32\svchost.exe[1752] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\System32\svchost.exe[1752] WININET.dll!InternetOpenW 771AAF45 5 Bytes JMP 00080DB0
.text C:\windows\System32\svchost.exe[1752] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00080F54
.text C:\windows\System32\svchost.exe[1752] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00080D24
.text C:\windows\System32\svchost.exe[1752] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00080E3C
.text C:\windows\System32\svchost.exe[1752] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00080FE0
.text C:\windows\System32\svchost.exe[1752] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00080EC8
.text C:\windows\System32\svchost.exe[1752] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\System32\svchost.exe[1752] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\System32\svchost.exe[1752] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\windows\system32\PnkBstrA.exe[1764] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\windows\system32\PnkBstrA.exe[1764] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\windows\system32\PnkBstrA.exe[1764] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\windows\system32\PnkBstrA.exe[1764] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\windows\system32\PnkBstrA.exe[1764] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] WININET.dll!InternetOpenW 771AAF45 5 Bytes JMP 00140DB0
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00140F54
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00140D24
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00140E3C
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00140FE0
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00140EC8
.text C:\windows\Explorer.EXE[2000] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\Explorer.EXE[2000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\Explorer.EXE[2000] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\Explorer.EXE[2000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\Explorer.EXE[2000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\Explorer.EXE[2000] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\Explorer.EXE[2000] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\Explorer.EXE[2000] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\Explorer.EXE[2000] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\Explorer.EXE[2000] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\Explorer.EXE[2000] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\Explorer.EXE[2000] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\Explorer.EXE[2000] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\Explorer.EXE[2000] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\Explorer.EXE[2000] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\Explorer.EXE[2000] WININET.dll!InternetOpenW 771AAF45 5 Bytes JMP 00080DB0
.text C:\windows\Explorer.EXE[2000] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00080F54
.text C:\windows\Explorer.EXE[2000] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00080D24
.text C:\windows\Explorer.EXE[2000] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00080E3C
.text C:\windows\Explorer.EXE[2000] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00080FE0
.text C:\windows\Explorer.EXE[2000] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00080EC8
.text C:\windows\Explorer.EXE[2000] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\Explorer.EXE[2000] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\Explorer.EXE[2000] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\System32\svchost.exe[2072] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\System32\svchost.exe[2072] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\windows\system32\wscntfy.exe[2092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\windows\system32\wscntfy.exe[2092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\spoolsv.exe[1660] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\spoolsv.exe[1660] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\system32\spoolsv.exe[1660] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\system32\spoolsv.exe[1660] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\system32\spoolsv.exe[1660] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\system32\wuauclt.exe[1692] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\system32\wuauclt.exe[1692] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\system32\wuauclt.exe[1692] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\system32\wuauclt.exe[1692] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\system32\wuauclt.exe[1692] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\system32\wuauclt.exe[1692] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1712] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\System32\svchost.exe[1752] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\System32\svchost.exe[1752] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\System32\svchost.exe[1752] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\System32\svchost.exe[1752] WININET.dll!InternetOpenW 771AAF45 5 Bytes JMP 00080DB0
.text C:\windows\System32\svchost.exe[1752] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00080F54
.text C:\windows\System32\svchost.exe[1752] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00080D24
.text C:\windows\System32\svchost.exe[1752] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00080E3C
.text C:\windows\System32\svchost.exe[1752] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00080FE0
.text C:\windows\System32\svchost.exe[1752] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00080EC8
.text C:\windows\System32\svchost.exe[1752] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\System32\svchost.exe[1752] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\System32\svchost.exe[1752] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\windows\system32\PnkBstrA.exe[1764] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\windows\system32\PnkBstrA.exe[1764] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\windows\system32\PnkBstrA.exe[1764] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\windows\system32\PnkBstrA.exe[1764] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\windows\system32\PnkBstrA.exe[1764] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\windows\system32\PnkBstrA.exe[1764] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] WININET.dll!InternetOpenW 771AAF45 5 Bytes JMP 00140DB0
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00140F54
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00140D24
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00140E3C
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00140FE0
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1876] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00140EC8
.text C:\windows\Explorer.EXE[2000] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\Explorer.EXE[2000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\Explorer.EXE[2000] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\Explorer.EXE[2000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\Explorer.EXE[2000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\Explorer.EXE[2000] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\Explorer.EXE[2000] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\Explorer.EXE[2000] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\Explorer.EXE[2000] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\Explorer.EXE[2000] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\Explorer.EXE[2000] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\Explorer.EXE[2000] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\Explorer.EXE[2000] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\Explorer.EXE[2000] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\Explorer.EXE[2000] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\Explorer.EXE[2000] WININET.dll!InternetOpenW 771AAF45 5 Bytes JMP 00080DB0
.text C:\windows\Explorer.EXE[2000] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00080F54
.text C:\windows\Explorer.EXE[2000] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00080D24
.text C:\windows\Explorer.EXE[2000] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00080E3C
.text C:\windows\Explorer.EXE[2000] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00080FE0
.text C:\windows\Explorer.EXE[2000] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00080EC8
.text C:\windows\Explorer.EXE[2000] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\Explorer.EXE[2000] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\Explorer.EXE[2000] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\System32\svchost.exe[2072] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\System32\svchost.exe[2072] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\System32\svchost.exe[2072] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\windows\system32\wscntfy.exe[2092] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\windows\system32\wscntfy.exe[2092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\windows\system32\wscntfy.exe[2092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[2124] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
Re: Kontrola HJT - problém s připojením na net
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\windows\System32\alg.exe[2348] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\System32\alg.exe[2348] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\System32\alg.exe[2348] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\System32\alg.exe[2348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\System32\alg.exe[2348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\System32\alg.exe[2348] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\System32\alg.exe[2348] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\System32\alg.exe[2348] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\System32\alg.exe[2348] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\System32\alg.exe[2348] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\System32\alg.exe[2348] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\System32\alg.exe[2348] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\System32\alg.exe[2348] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\System32\alg.exe[2348] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\System32\alg.exe[2348] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\System32\alg.exe[2348] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\System32\alg.exe[2348] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\System32\alg.exe[2348] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] WININET.dll!InternetOpenW 771AAF45 5 Bytes JMP 00140DB0
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00140F54
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00140D24
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00140E3C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00140FE0
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00140EC8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] WININET.dll!InternetOpenW 771AAF45 5 Bytes JMP 00140DB0
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00140F54
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00140D24
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00140E3C
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00140FE0
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00140EC8
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\iPod\bin\iPodService.exe[3800] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\iPod\bin\iPodService.exe[3800] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA8042] spzf.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA813E] spzf.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA80C0] spzf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA8800] spzf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA86D6] spzf.sys
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB7E9C] spzf.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AEE11B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AEE11B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AEE11B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AEE11B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AEE11B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AEE11B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AEE11B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClCloseCall] [AEE125D8] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClMakeCall] [AEE12540] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoDeleteVc] [AEE1249E] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoCreateVc] [AEE123BA] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [AEE11B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [AEE11B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClOpenAddressFamily] [AEE12B14] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClCloseAddressFamily] [AEE12D3C] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoSendPackets] [AEE12286] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [AEE11B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [AEE11B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AEE11B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AEE11B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AEE11B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AEE11B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8ACAE1F8
AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
Device \Driver\usbohci \Device\USBPDO-0 8AA711F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8ACB01F8
Device \Driver\dmio \Device\DmControl\DmConfig 8ACB01F8
Device \Driver\dmio \Device\DmControl\DmPnP 8ACB01F8
Device \Driver\dmio \Device\DmControl\DmInfo 8ACB01F8
Device \Driver\usbehci \Device\USBPDO-1 8AA811F8
Device \Driver\PCI_PNP0322 \Device\00000054 spzf.sys
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AC411F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AC411F8
Device \Driver\Cdrom \Device\CdRom0 8AA801F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AC411F8
Device \Driver\Cdrom \Device\CdRom1 8AA801F8
Device \Driver\atapi \Device\Ide\IdePort0 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 89C5A1F8
Device \Driver\nvata \Device\00000079 8ACAF1F8
Device \Driver\nvata \Device\00000079 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetbiosSmb 89C5A1F8
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
Device \Driver\usbohci \Device\USBFDO-0 8AA711F8
Device \Driver\usbehci \Device\USBFDO-1 8AA811F8
Device \Driver\nvata \Device\NvAta0 8ACAF1F8
Device \Driver\nvata \Device\NvAta0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\0000007b 8ACAF1F8
Device \Driver\nvata \Device\0000007b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89C511F8
Device \Driver\nvata \Device\NvAta1 8ACAF1F8
Device \Driver\nvata \Device\NvAta1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89C511F8
Device \Driver\nvata \Device\0000007c 8ACAF1F8
Device \Driver\nvata \Device\0000007c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\sptd \Device\3148807822 spzf.sys
Device \Driver\Ftdisk \Device\FtControl 8AC411F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{4B2BEA8F-F74F-405C-833D-6534B6E3E0F5} 89C5A1F8
Device \Driver\as8w2zz7 \Device\Scsi\as8w2zz71 8A9CA500
Device \Driver\as8w2zz7 \Device\Scsi\as8w2zz71 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\as8w2zz7 \Device\Scsi\as8w2zz71Port4Path0Target0Lun0 8A9CA500
Device \Driver\as8w2zz7 \Device\Scsi\as8w2zz71Port4Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 8A88D500
Device \Driver\nvata -> \Driver\nvata \Device\Harddisk0\DR0 8ACAF1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x84 0x43 0xF4 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x44 0x46 0xBE 0x2B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x39 0xB8 0x97 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x53 0xCB 0xA1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3D 0x19 0xEB 0xBD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x02 0x70 0xB3 0xDD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCB 0x8A 0x05 0x95 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x84 0x43 0xF4 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x44 0x46 0xBE 0x2B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x39 0xB8 0x97 0x7D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x53 0xCB 0xA1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3D 0x19 0xEB 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x02 0x70 0xB3 0xDD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCB 0x8A 0x05 0x95 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB1 0x95 0xE3 0xE5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3D 0x7E 0x5D 0xE3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC5 0x69 0xA0 0x43 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3D 0x19 0xEB 0xBD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x02 0x70 0xB3 0xDD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x08 0xDF 0x8D 0x1F ...
---- EOF - GMER 1.0.15 ----
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2268] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\windows\System32\alg.exe[2348] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\windows\System32\alg.exe[2348] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\windows\System32\alg.exe[2348] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\windows\System32\alg.exe[2348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\windows\System32\alg.exe[2348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\windows\System32\alg.exe[2348] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\windows\System32\alg.exe[2348] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\windows\System32\alg.exe[2348] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\windows\System32\alg.exe[2348] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\windows\System32\alg.exe[2348] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\windows\System32\alg.exe[2348] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\windows\System32\alg.exe[2348] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\windows\System32\alg.exe[2348] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\windows\System32\alg.exe[2348] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\windows\System32\alg.exe[2348] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\windows\System32\alg.exe[2348] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\windows\System32\alg.exe[2348] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\windows\System32\alg.exe[2348] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2648] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2772] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2836] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2996] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] WININET.dll!InternetOpenW 771AAF45 5 Bytes JMP 00140DB0
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00140F54
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00140D24
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00140E3C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00140FE0
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3076] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00140EC8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3360] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] WININET.dll!InternetOpenW 771AAF45 5 Bytes JMP 00140DB0
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00140F54
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00140D24
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00140E3C
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 00140FE0
.text C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe[3580] WININET.dll!InternetOpenUrlW 771C5BB2 5 Bytes JMP 00140EC8
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\iPod\bin\iPodService.exe[3800] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\iPod\bin\iPodService.exe[3800] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\iPod\bin\iPodService.exe[3800] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Documents and Settings\Michal\Plocha\gmer.exe[4000] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA8042] spzf.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA813E] spzf.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA80C0] spzf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA8800] spzf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA86D6] spzf.sys
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\as8w2zz7.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB7E9C] spzf.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AEE11B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AEE11B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AEE11B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AEE11B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AEE11B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AEE11B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AEE11B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClCloseCall] [AEE125D8] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClMakeCall] [AEE12540] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoDeleteVc] [AEE1249E] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoCreateVc] [AEE123BA] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [AEE11B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [AEE11B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClOpenAddressFamily] [AEE12B14] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClCloseAddressFamily] [AEE12D3C] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoSendPackets] [AEE12286] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [AEE11B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [AEE11B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AEE11B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AEE11B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AEE11B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AEE11B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8ACAE1F8
AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
Device \Driver\usbohci \Device\USBPDO-0 8AA711F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8ACB01F8
Device \Driver\dmio \Device\DmControl\DmConfig 8ACB01F8
Device \Driver\dmio \Device\DmControl\DmPnP 8ACB01F8
Device \Driver\dmio \Device\DmControl\DmInfo 8ACB01F8
Device \Driver\usbehci \Device\USBPDO-1 8AA811F8
Device \Driver\PCI_PNP0322 \Device\00000054 spzf.sys
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AC411F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AC411F8
Device \Driver\Cdrom \Device\CdRom0 8AA801F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AC411F8
Device \Driver\Cdrom \Device\CdRom1 8AA801F8
Device \Driver\atapi \Device\Ide\IdePort0 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 89C5A1F8
Device \Driver\nvata \Device\00000079 8ACAF1F8
Device \Driver\nvata \Device\00000079 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetbiosSmb 89C5A1F8
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
Device \Driver\usbohci \Device\USBFDO-0 8AA711F8
Device \Driver\usbehci \Device\USBFDO-1 8AA811F8
Device \Driver\nvata \Device\NvAta0 8ACAF1F8
Device \Driver\nvata \Device\NvAta0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\0000007b 8ACAF1F8
Device \Driver\nvata \Device\0000007b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89C511F8
Device \Driver\nvata \Device\NvAta1 8ACAF1F8
Device \Driver\nvata \Device\NvAta1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89C511F8
Device \Driver\nvata \Device\0000007c 8ACAF1F8
Device \Driver\nvata \Device\0000007c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\sptd \Device\3148807822 spzf.sys
Device \Driver\Ftdisk \Device\FtControl 8AC411F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{4B2BEA8F-F74F-405C-833D-6534B6E3E0F5} 89C5A1F8
Device \Driver\as8w2zz7 \Device\Scsi\as8w2zz71 8A9CA500
Device \Driver\as8w2zz7 \Device\Scsi\as8w2zz71 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\as8w2zz7 \Device\Scsi\as8w2zz71Port4Path0Target0Lun0 8A9CA500
Device \Driver\as8w2zz7 \Device\Scsi\as8w2zz71Port4Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 8A88D500
Device \Driver\nvata -> \Driver\nvata \Device\Harddisk0\DR0 8ACAF1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x84 0x43 0xF4 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x44 0x46 0xBE 0x2B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x39 0xB8 0x97 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x53 0xCB 0xA1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3D 0x19 0xEB 0xBD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x02 0x70 0xB3 0xDD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCB 0x8A 0x05 0x95 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x84 0x43 0xF4 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x44 0x46 0xBE 0x2B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x39 0xB8 0x97 0x7D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x53 0xCB 0xA1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3D 0x19 0xEB 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x02 0x70 0xB3 0xDD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCB 0x8A 0x05 0x95 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB1 0x95 0xE3 0xE5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3D 0x7E 0x5D 0xE3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC5 0x69 0xA0 0x43 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3D 0x19 0xEB 0xBD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x02 0x70 0xB3 0xDD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x08 0xDF 0x8D 0x1F ...
---- EOF - GMER 1.0.15 ----
Re: Kontrola HJT - problém s připojením na net
Snad nie...
Stiahni SystemLook. Uloz na plochu a spust. Do okna skopiruj:
Klikni na "Look" a nechaj program dokoncit scan. Po jeho skonceni sa ti zobrazi log, ktory potrebujem vidiet. V pripade problemov sa nachadza aj na ploche.
Stiahni SystemLook. Uloz na plochu a spust. Do okna skopiruj:
Kód: Vybrat vše
:filefind
nvata.sysKlikni na "Look" a nechaj program dokoncit scan. Po jeho skonceni sa ti zobrazi log, ktory potrebujem vidiet. V pripade problemov sa nachadza aj na ploche.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Kontrola HJT - problém s připojením na net
tady je log
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 22:44 on 17/11/2009 by Michal (Administrator - Elevation successful)
========== filefind ==========
Searching for "nvata.sys"
C:\WINDOWS\system32\drivers\nvata.sys -ra--- 93568 bytes [10:24 26/05/2007] [08:52 18/08/2005] 0344AA9113DC16EEC379F4652020849D
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\nvata.sys -ra--c 93568 bytes [10:05 26/07/2007] [08:52 18/08/2005] 0344AA9113DC16EEC379F4652020849D
C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvata.sys -ra--c 93568 bytes [10:05 26/07/2007] [08:52 18/08/2005] 0344AA9113DC16EEC379F4652020849D
-=End Of File=-
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 22:44 on 17/11/2009 by Michal (Administrator - Elevation successful)
========== filefind ==========
Searching for "nvata.sys"
C:\WINDOWS\system32\drivers\nvata.sys -ra--- 93568 bytes [10:24 26/05/2007] [08:52 18/08/2005] 0344AA9113DC16EEC379F4652020849D
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\nvata.sys -ra--c 93568 bytes [10:05 26/07/2007] [08:52 18/08/2005] 0344AA9113DC16EEC379F4652020849D
C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvata.sys -ra--c 93568 bytes [10:05 26/07/2007] [08:52 18/08/2005] 0344AA9113DC16EEC379F4652020849D
-=End Of File=-
Re: Kontrola HJT - problém s připojením na net
Dooobre...mam 2 spravy - dobru a zlu. Dobra je ta, ze ten novy TDL3 rootkit sa nepotvrdil. Zla je, ze tym padom nemam ani sajnu o to, co by mohlo sposobit spomalenie netu. Napada ta nieco? Co nastavenie FW?
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Kontrola HJT - problém s připojením na net
no mám sunbelt personal, no dřív to problémy nedělalo a v nastavení jsem se nehrabal. No problém mi dělá i stahování z netu. Tahám soubor třeba přes mozillu a po chvilce se stahování zastaví jako že není připojení, ale stačí dát ten soubot pauznout a znovu pustit a pokračuje se dál. Jenže to udělá třeba 6x během stahování souboru, což je dost o nervy 
nic jiného mě nenapadá. Ještě to konzultuji s poskytovatelem,ale ten se taky netváří, že by to bylo na jejich straně. Nemám od nich definitvní vyjádření.
nic jiného mě nenapadá. Ještě to konzultuji s poskytovatelem,ale ten se taky netváří, že by to bylo na jejich straně. Nemám od nich definitvní vyjádření.Re: Kontrola HJT - problém s připojením na net
Tak to teda mozme este skusit:
1) Odinstaluj Daemon (Start -> Ovl. Panel -> Pridat/Odstranit Programy).
Ak by to neslo, pouzi Revo Uninstaller.
2) Stiahni SPTD, uloz na plochu a spust. Zvol moznost "Uninstall" a restartuj PC.
3) Start -> Spustit -> (napis) cmd
Enter.
Do otvoreneho okna skopiruj:
Enter.
4) Stiahni Avenger. Spust ho a suhlas s podmienkami atd.
Do bieleho pola v strede programu vloz skript:
Stlac "Execute" -> "Yes". Restart a vloz log.
4) Spust znova ComboFix a sprav z neho log.
5) Spust znova Gmer a daj z neho log (ten velky) :)
1) Odinstaluj Daemon (Start -> Ovl. Panel -> Pridat/Odstranit Programy).
Ak by to neslo, pouzi Revo Uninstaller.
2) Stiahni SPTD, uloz na plochu a spust. Zvol moznost "Uninstall" a restartuj PC.
3) Start -> Spustit -> (napis) cmd
Enter.
Do otvoreneho okna skopiruj:
Kód: Vybrat vše
copy C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\nvata.sys C:\Enter.
4) Stiahni Avenger. Spust ho a suhlas s podmienkami atd.
Do bieleho pola v strede programu vloz skript:
Kód: Vybrat vše
Files to move:
C:\nvata.sys | C:\WINDOWS\system32\drivers\nvata.sysStlac "Execute" -> "Yes". Restart a vloz log.
4) Spust znova ComboFix a sprav z neho log.
5) Spust znova Gmer a daj z neho log (ten velky) :)
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Kontrola HJT - problém s připojením na net
log z avengeru
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File move operation "C:\nvata.sys|C:\WINDOWS\system32\drivers\nvata.sys" completed successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File move operation "C:\nvata.sys|C:\WINDOWS\system32\drivers\nvata.sys" completed successfully.
Completed script processing.
*******************
Finished! Terminate.
Re: Kontrola HJT - problém s připojením na net
combo fix
ComboFix 09-11-14.03 - Michal 18.11.2009 22:48.4.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2565 [GMT 1:00]
Spuštěný z: c:\documents and settings\Michal\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *disabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-18 do 2009-11-18 )))))))))))))))))))))))))))))))
.
2009-11-18 21:22 . 2009-11-18 21:22 -------- d-----w- c:\program files\VS Revo Group
2009-11-10 21:11 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-10 21:11 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-10 21:11 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-10 21:11 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-10 21:11 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-10 21:11 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-10 21:11 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-10-28 09:26 . 2009-10-28 09:26 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-18 21:18 . 2007-11-12 20:02 711845 ----a-w- c:\windows\system32\drivers\fwdrv.err
2009-11-14 15:17 . 2009-06-14 09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-11 22:52 . 2008-03-14 19:34 -------- d-----w- c:\program files\CCleaner
2009-11-10 20:58 . 2007-05-26 12:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 09:26 . 2007-07-26 18:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-25 16:47 . 2001-10-25 13:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 16:47 . 2001-10-25 13:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2009-09-27 17:34 . 2007-07-26 18:46 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-10 13:54 . 2009-06-14 09:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-06-14 09:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 16:44 . 2009-05-31 12:20 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-30 19:15 . 2007-09-11 20:35 139072 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-30 19:15 . 2007-09-11 20:35 189672 ----a-w- c:\windows\system32\PnkBstrB.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-11-14_13.51.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-18 21:36 . 2009-11-18 21:36 16384 c:\windows\Temp\Perflib_Perfdata_e98.dat
- 2009-11-10 21:11 . 2009-11-10 21:11 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-02 257088]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-11-13 949376]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-29 198160]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-12-13 630915]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-6-8 16432]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Hry\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Hry\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"e:\\Hry\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 10:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 10:21 72624]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [13.11.2007 22:47 15424]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 10:21 1234480]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [26.5.2007 11:25 1310720]
S2 gupdate1c98a03c5fc91ee;Google Update Service (gupdate1c98a03c5fc91ee);c:\program files\Google\Update\GoogleUpdate.exe [8.2.2009 16:41 133104]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [9.3.2008 23:04 65536]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [18.12.2007 20:33 16512]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Obsah adresáře 'Naplánované úlohy'
2009-11-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-08 18:38]
2009-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 15:41]
2009-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 15:41]
2009-11-18 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-03 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\kidq8r39.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-18 22:56
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-73586283-963894560-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:95,00,33,56,37,6b,ed,75,40,3a,1e,95,0a,a1,ee,1f,f3,c8,c6,53,c5,ba,1e,
bc,4b,76,a0,0a,39,04,36,33,49,02,86,b8,6d,3d,dd,10,34,d6,6d,4a,66,0a,0e,51,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74
[HKEY_USERS\S-1-5-21-73586283-963894560-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:c3,b0,8c,fd,1c,21,53,c9,2e,ae,24,9e,ef,af,3f,45,d3,02,72,18,92,
29,ca,1f,03,20,7b,87,29,b3,cd,e7,ce,56,63,d9,eb,a4,4a,e6,dc,63,ee,19,d0,69,\
"rkeysecu"=hex:a4,ba,3b,5f,28,9b,8d,cb,03,f1,13,d9,34,8f,e8,8f
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(1628)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-11-18 22:59
ComboFix-quarantined-files.txt 2009-11-18 21:59
ComboFix2.txt 2009-11-14 13:54
Před spuštěním: Volných bajtů: 15 061 262 336
Po spuštění: Volných bajtů: 15 051 071 488
- - End Of File - - FA628F2C311AFABFB9B52AF5B68A1466
ComboFix 09-11-14.03 - Michal 18.11.2009 22:48.4.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2565 [GMT 1:00]
Spuštěný z: c:\documents and settings\Michal\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *disabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-18 do 2009-11-18 )))))))))))))))))))))))))))))))
.
2009-11-18 21:22 . 2009-11-18 21:22 -------- d-----w- c:\program files\VS Revo Group
2009-11-10 21:11 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-10 21:11 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-10 21:11 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-10 21:11 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-10 21:11 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-10 21:11 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-10 21:11 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-10-28 09:26 . 2009-10-28 09:26 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-18 21:18 . 2007-11-12 20:02 711845 ----a-w- c:\windows\system32\drivers\fwdrv.err
2009-11-14 15:17 . 2009-06-14 09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-11 22:52 . 2008-03-14 19:34 -------- d-----w- c:\program files\CCleaner
2009-11-10 20:58 . 2007-05-26 12:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 09:26 . 2007-07-26 18:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-25 16:47 . 2001-10-25 13:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 16:47 . 2001-10-25 13:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2009-09-27 17:34 . 2007-07-26 18:46 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-10 13:54 . 2009-06-14 09:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-06-14 09:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 16:44 . 2009-05-31 12:20 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-30 19:15 . 2007-09-11 20:35 139072 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-30 19:15 . 2007-09-11 20:35 189672 ----a-w- c:\windows\system32\PnkBstrB.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-11-14_13.51.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-18 21:36 . 2009-11-18 21:36 16384 c:\windows\Temp\Perflib_Perfdata_e98.dat
- 2009-11-10 21:11 . 2009-11-10 21:11 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 23:25 . 2009-11-14 23:25 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-10 21:11 . 2009-11-10 21:11 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-02 257088]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-11-13 949376]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-29 198160]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-12-13 630915]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-6-8 16432]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Hry\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Hry\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"e:\\Hry\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 10:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 10:21 72624]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [13.11.2007 22:47 15424]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 10:21 1234480]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [26.5.2007 11:25 1310720]
S2 gupdate1c98a03c5fc91ee;Google Update Service (gupdate1c98a03c5fc91ee);c:\program files\Google\Update\GoogleUpdate.exe [8.2.2009 16:41 133104]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [9.3.2008 23:04 65536]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [18.12.2007 20:33 16512]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Obsah adresáře 'Naplánované úlohy'
2009-11-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-08 18:38]
2009-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 15:41]
2009-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 15:41]
2009-11-18 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-03 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\kidq8r39.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-18 22:56
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-73586283-963894560-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:95,00,33,56,37,6b,ed,75,40,3a,1e,95,0a,a1,ee,1f,f3,c8,c6,53,c5,ba,1e,
bc,4b,76,a0,0a,39,04,36,33,49,02,86,b8,6d,3d,dd,10,34,d6,6d,4a,66,0a,0e,51,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74
[HKEY_USERS\S-1-5-21-73586283-963894560-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:c3,b0,8c,fd,1c,21,53,c9,2e,ae,24,9e,ef,af,3f,45,d3,02,72,18,92,
29,ca,1f,03,20,7b,87,29,b3,cd,e7,ce,56,63,d9,eb,a4,4a,e6,dc,63,ee,19,d0,69,\
"rkeysecu"=hex:a4,ba,3b,5f,28,9b,8d,cb,03,f1,13,d9,34,8f,e8,8f
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(1628)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-11-18 22:59
ComboFix-quarantined-files.txt 2009-11-18 21:59
ComboFix2.txt 2009-11-14 13:54
Před spuštěním: Volných bajtů: 15 061 262 336
Po spuštění: Volných bajtů: 15 051 071 488
- - End Of File - - FA628F2C311AFABFB9B52AF5B68A1466
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 5 hostů