Prosím o kontrolu logu Vyřešeno

[Seky97]

ComboFix 10-06-20.06 - Admin 21.06.2010 19:25:02.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.530 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Kerio Personal Firewall *disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}

FILE ::
"c:\windows\system32\drivers\CFRMD.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetUrl.htm

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_CFRMD


((((((((((((((((((((((((( Soubory vytvořené od 2010-05-21 do 2010-06-21 )))))))))))))))))))))))))))))))
.

2010-06-21 14:46 . 2010-06-21 14:49 -------- d-----w- c:\windows\system32\NtmsData
2010-06-17 17:48 . 2010-06-20 18:18 -------- d-----w- c:\program files\Picasa2
2010-06-17 15:55 . 2010-06-17 16:02 -------- d-----w- c:\program files\Fraps
2010-06-16 15:13 . 2008-11-13 14:20 602624 -c----w- c:\windows\system32\dllcache\crypt32.dll
2010-06-16 15:13 . 2008-11-13 14:20 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2010-06-16 14:40 . 2010-06-16 15:18 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-16 14:30 . 2010-06-16 14:30 -------- d-----w- c:\windows\system32\xlive
2010-06-16 14:30 . 2010-06-16 14:30 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-06-16 13:50 . 2008-04-14 06:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-06-15 02:16 . 2010-06-15 02:16 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-14 13:57 . 2010-06-14 13:57 -------- d-----w- c:\program files\TopStyle 4
2010-06-14 13:55 . 2010-06-14 13:55 -------- d-----w- c:\program files\PSPad editor
2010-06-13 11:28 . 2010-06-13 11:28 -------- d-----w- C:\ATI
2010-06-10 22:28 . 2010-06-10 22:28 -------- d-----w- c:\program files\uTorrent
2010-06-09 14:33 . 2010-06-09 14:33 -------- d-----w- c:\program files\Counter-Strike Source
2010-06-08 14:25 . 2010-06-09 12:26 -------- d-----w- c:\program files\Mass Downloader
2010-06-08 14:19 . 2003-12-15 21:16 81920 ----a-w- c:\windows\system32\eSellerateControl350.dll
2010-06-08 14:19 . 2003-12-15 21:16 348160 ----a-w- c:\windows\system32\eSellerateEngine.dll
2010-06-08 14:19 . 2010-06-08 14:21 -------- d-----w- c:\program files\Star Downloader
2010-06-04 18:33 . 2010-06-04 18:33 -------- d-----w- c:\program files\CDBurnerXP
2010-06-01 18:29 . 2008-07-11 00:28 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2010-06-01 18:29 . 2008-07-11 00:28 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2010-06-01 18:28 . 2010-06-01 18:28 -------- d-----w- c:\windows\system32\RsFx
2010-06-01 17:42 . 2010-06-01 18:28 -------- d-----w- c:\program files\Microsoft SQL Server
2010-06-01 17:42 . 2010-06-18 12:45 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 17:42 . 2010-06-01 17:42 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-06-01 17:42 . 2010-06-01 17:42 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-01 17:37 . 2010-06-01 17:42 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-06-01 17:37 . 2010-06-01 17:37 -------- d-----w- c:\program files\Microsoft SDKs
2010-05-28 16:54 . 2007-10-12 13:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-05-28 12:51 . 2010-05-28 12:51 -------- d-----w- c:\program files\Opera
2010-05-27 13:51 . 2010-05-27 13:51 -------- d-sh--w- c:\windows\ftpcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 11:49 . 2010-05-07 18:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-20 08:05 . 2010-06-06 10:55 7003 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-06-17 12:40 . 2010-05-07 14:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-16 14:02 . 2001-10-25 14:00 497316 ----a-w- c:\windows\system32\perfh005.dat
2010-06-16 14:02 . 2001-10-25 14:00 103464 ----a-w- c:\windows\system32\perfc005.dat
2010-06-16 13:56 . 2010-05-07 14:12 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-16 13:56 . 2010-05-07 14:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-13 17:24 . 2010-05-07 14:23 -------- d-----w- c:\program files\ATI Technologies
2010-06-13 12:02 . 2010-05-09 09:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-08 13:04 . 2010-05-07 16:45 -------- d-----w- c:\program files\IrfanView
2010-06-06 11:59 . 2010-05-15 17:00 -------- d-----w- c:\program files\AviSynth 2.5
2010-06-06 11:58 . 2010-05-15 16:59 -------- d-----w- c:\program files\AVI ReComp
2010-06-01 18:26 . 2010-05-07 16:29 -------- d-----w- c:\program files\Microsoft.NET
2010-05-29 10:01 . 2010-05-13 14:10 -------- d-----w- c:\program files\RapidDown
2010-05-21 16:41 . 2010-05-21 16:41 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-05-20 13:25 . 2010-05-20 13:25 -------- d-----w- c:\program files\PDF-Convert
2010-05-20 13:18 . 2010-05-20 13:18 -------- d-----w- c:\program files\Ghostscript
2010-05-19 19:02 . 2010-05-19 18:56 -------- d-----w- c:\program files\Full Tilt Poker
2010-05-19 16:22 . 2010-05-19 16:15 -------- d-----w- c:\program files\Terasoft
2010-05-16 16:29 . 2010-05-11 17:22 -------- d-----w- c:\program files\Guitar Pro 5
2010-05-16 08:06 . 2010-05-09 10:37 -------- d-----w- c:\program files\Avidemux 2.5
2010-05-16 07:58 . 2010-05-16 07:58 -------- d-----w- c:\program files\X2Xsoft
2010-05-15 17:35 . 2010-05-15 17:23 -------- d-----w- c:\program files\BIAS
2010-05-15 17:01 . 2010-05-15 17:01 -------- d-----w- c:\program files\Gabest
2010-05-15 17:00 . 2010-05-15 08:04 -------- d-----w- c:\program files\Xvid
2010-05-15 16:31 . 2010-05-15 16:31 -------- d-----w- c:\program files\COMODO
2010-05-15 11:53 . 2010-05-15 11:47 -------- d-----w- c:\program files\lg_fwupdate
2010-05-15 11:46 . 2010-05-15 11:35 -------- d-----w- c:\program files\CyberLink
2010-05-15 11:43 . 2010-05-15 11:41 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-15 11:41 . 2010-05-15 11:41 -------- d-----w- c:\program files\Nero
2010-05-15 09:07 . 2010-05-15 09:07 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-15 09:07 . 2010-05-15 09:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-15 09:05 . 2010-05-07 16:29 -------- d-----w- c:\program files\MSBuild
2010-05-15 09:05 . 2010-05-15 09:05 -------- d-----w- c:\program files\Reference Assemblies
2010-05-15 09:01 . 2010-05-15 09:01 -------- d-----w- c:\program files\MSXML 6.0
2010-05-15 08:05 . 2010-05-15 08:05 -------- d-----w- c:\program files\FDRLab
2010-05-12 15:59 . 2010-05-12 15:59 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-12 15:59 . 2010-05-12 15:59 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-12 15:58 . 2010-05-12 15:58 -------- d-----w- c:\program files\IVT Corporation
2010-05-12 15:12 . 2010-05-12 15:11 -------- d-----w- c:\program files\Google
2010-05-11 14:30 . 2010-05-11 14:30 -------- d-----w- c:\program files\Common Files\Protexis
2010-05-11 14:29 . 2010-05-11 14:29 -------- d-----w- c:\program files\Common Files\Corel
2010-05-11 14:28 . 2010-05-11 14:28 -------- d-----w- c:\program files\Corel
2010-05-09 20:24 . 2010-05-07 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-09 15:32 . 2010-05-09 15:12 -------- d-----w- c:\program files\SopCast
2010-05-08 19:06 . 2010-05-07 14:12 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-05-08 16:55 . 2010-05-08 16:53 -------- d-----w- c:\program files\QuickTime
2010-05-08 16:52 . 2010-05-08 16:52 -------- d-----w- c:\program files\Apple Software Update
2010-05-07 18:30 . 2010-05-07 18:30 -------- d-----w- c:\program files\Trend Micro
2010-05-07 18:28 . 2010-05-07 18:28 -------- d-----w- c:\program files\xp-AntiSpy
2010-05-07 18:11 . 2010-05-07 18:11 -------- d-----w- c:\program files\QIP
2010-05-07 17:58 . 2010-05-07 17:58 -------- d-----w- c:\program files\VideoReDoTVSuite
2010-05-07 17:56 . 2010-05-07 17:55 -------- d-----w- c:\program files\JetAudio
2010-05-07 17:56 . 2010-05-07 17:55 -------- d-----w- c:\program files\Common Files\COWON
2010-05-07 17:43 . 2010-05-07 17:43 -------- d-----w- c:\program files\Webteh
2010-05-07 17:25 . 2010-05-07 17:25 -------- d-----w- c:\program files\MuseScore 0.9
2010-05-07 17:00 . 2010-05-07 17:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-05-07 17:00 . 2010-05-07 17:00 -------- d-----w- c:\program files\Java
2010-05-07 16:57 . 2010-05-07 16:57 -------- d-----w- c:\program files\CCleaner
2010-05-07 16:43 . 2010-05-07 16:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-07 16:33 . 2010-05-07 16:33 -------- d-----w- c:\program files\Sunbelt Software
2010-05-07 16:29 . 2010-05-07 16:29 -------- d-----w- c:\program files\Microsoft Works
2010-05-07 16:27 . 2010-05-07 16:27 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-07 16:23 . 2010-05-07 16:15 127768 ----a-w- c:\windows\hpoins11.dat
2010-05-07 16:22 . 2010-05-07 16:22 -------- d-----w- c:\program files\Common Files\HP
2010-05-07 16:22 . 2010-05-07 16:18 -------- d-----w- c:\program files\HP
2010-05-07 16:21 . 2010-05-07 16:20 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-07 16:20 . 2010-05-07 16:20 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-05-07 16:13 . 2010-05-07 16:13 0 ----a-w- c:\windows\nsreg.dat
2010-05-07 14:33 . 2010-05-07 14:33 -------- d-----w- c:\program files\ESET
2010-05-07 14:27 . 2010-05-07 14:17 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-07 14:26 . 2010-05-07 14:26 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-05-07 14:18 . 2010-05-07 14:18 -------- d-----w- c:\program files\Realtek
2010-05-07 14:12 . 2010-05-07 14:12 -------- d-----w- c:\program files\microsoft frontpage
2010-05-07 14:10 . 2010-05-07 14:10 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-29 13:39 . 2010-05-07 18:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-05-07 18:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-06-20_12.03.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-21 17:34 . 2010-06-21 17:34 16384 c:\windows\Temp\Perflib_Perfdata_29c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2006-03-15 23:07 421888 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 12:35 305064 ----a-r- d:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-28 06:54 16248320 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\HRY\\Steam\\Steam.exe"=
"d:\\HRY\\EA GAMES\\Battlefield 2\\BF2.exe"=
"d:\\HRY\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\HRY\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"d:\\HRY\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\HRY\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\HRY\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.5.2010 17:59 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 10:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.3.2010 10:13 95872]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18.7.2006 12:02 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18.7.2006 12:02 91672]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 10:13 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.5.2010 20:43 304464]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.5.2010 20:43 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.5.2010 17:11 136176]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-06-21 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 13:12]

2010-06-21 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-01-26 14:28]

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]
.
.
------- Doplňkový sken -------
.
IE: ????3?? - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetAllUrl.htm
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\as9zb8ym.default\
FF - prefs.js: browser.search.selectedEngine - Mapy.cz
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 7070
FF - prefs.js: network.proxy.type - 5
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-21 19:35
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86F571F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7586f28
\Driver\ACPI -> ACPI.sys @ 0xf730ecb8
\Driver\atapi -> atapi.sys @ 0xf72a3b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578fa2
ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578fa2
ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="c:\\Documents and Settings\\Admin\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\Admin\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:12,de,fa,d4,ae,69,fc,e3,6d,68,c9,be,3d,b0,d6,58,9a,37,cd,5d,04,
46,4c,c4,0c,65,df,01,75,c9,6d,2b,0c,75,9f,51,e0,3d,4c,0a,34,00,58,e2,f7,4a,\
"rkeysecu"=hex:e3,b7,9d,79,2e,64,2e,40,a8,c0,f9,7e,53,d8,ac,b8
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3524)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wscntfy.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2010-06-21 19:40:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-21 17:40
ComboFix2.txt 2010-06-20 12:06

Před spuštěním: 6 269 145 088
Po spuštění: 6 153 412 608

- - End Of File - - 3BEAF2ED4273F72B2EAC8F7068019389

[Reklama]

[Seky97]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:15, on 21.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 4598 bytes

[bledulka]

Ještě si pro jsitotu něco ověřím, jestli nejsi proti.
Jak to vypadá s počítačem?

Odinstaluj všechny virtuální jednotky (Daemon nebo alcohol)

Stáhni SPTD http://www.duplexsecure.com/en/downloads
-vyber verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-ulož na plochu a spusť
- zvol možnost Uninstall
- restart PC



**********************************************

Stahni Gmer http://www.gmer.net/gmer.zip
-rozbal ho a spusť
-po prvním rychlém skenu klikni na tlačítko Save, uloží se log, který mi sem zkopíruješ.
-v pravém sloupci označ všechny položky fajfkou ve čtverečku a klikni na tlačítko scan
-až se sken dokončí, opět tlačítkem Save ulož log, který sem vložíš.

[jaro3]

Ještě script v CF:

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\d3d9caps.dat
c:\\Documents and Settings\\Admin\\Data aplikací\\FlashGetBHO\\GetUrl.htm
c:\\Documents and Settings\\Admin\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm

Firefox::
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\as9zb8ym.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 7070
FF - prefs.js: network.proxy.type - 5

RegLock::
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*
N}Ź]
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*
N}ŹhQčţ”Ąc]


Potom log z CF , z HJT už nemusíš.

[Seky97]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-22 14:42:25
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pgediaob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

[bledulka]

Ještě poprosím o ten druhý lo z gmeru

[Seky97]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-22 15:30:40
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pgediaob.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\VideoFilesContentSniffer@RelPattern *.asf?*.avi?*.divx?*.mov?*.mpeg?*.mpg?*.ogm?*.qt?*.rm?*.wmv?*.mkv?*.vob?*.m1v?*.m2v?*.swf?*.fli?*.flc?*.flic?*.dat?*.mp4?*.mpe?*.3gp?*.3g2?*.ts?*.tp?*.trp?*.k3g?*.flv?*.m4v?*.mpg?VIDEO\*.mpg?*.
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x0F 0x43 0xCA 0xBE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x0F 0x43 0xCA 0xBE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x3A 0xCE 0xA9 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x3A 0xCE 0xA9 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x57 0xC4 0x3E 0xF6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x57 0xC4 0x3E 0xF6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x61 0x02 0x13 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x61 0x76 0xA9 0x57 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x61 0x76 0xA9 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x81 0xBE 0xFE 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA5 0x58 0x34 0xA8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xBA 0x29 0x7D 0xC3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC6 0x7E 0x35 0xC9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC6 0x7E 0x35 0xC9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xDB 0x16 0x18 0x2D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xDB 0x16 0x18 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE4 0x0B 0xE4 0x03 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xFA 0xAB 0x51 0x05 ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] WS2_32.dll!socket 71A94211 5 Bytes JMP 000308C4
.text C:\WINDOWS\system32\winlogon.exe[1112] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\svchost.exe[272] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[384] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[680] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[1188] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1200] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1380] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1684] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1804] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[2308] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2636] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wuauclt.exe[2700] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[848] WS2_32.dll!socket 71A94211 5 Bytes JMP 000B08C4
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1064] WS2_32.dll!socket 71A94211 5 Bytes JMP 000B08C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[416] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1636] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1916] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2644] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2816] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] WS2_32.dll!bind 71A94480 5 Bytes JMP 00030838
.text C:\WINDOWS\system32\winlogon.exe[1112] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\svchost.exe[272] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[384] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[680] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[1188] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1200] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1380] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1684] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1804] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[2308] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2636] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wuauclt.exe[2700] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[848] WS2_32.dll!bind 71A94480 5 Bytes JMP 000B0838
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1064] WS2_32.dll!bind 71A94480 5 Bytes JMP 000B0838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[416] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1636] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jqs.exe[1916] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2644] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2816] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00030950
.text C:\WINDOWS\system32\winlogon.exe[1112] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\svchost.exe[272] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\Explorer.EXE[384] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\spoolsv.exe[680] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\services.exe[1188] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\lsass.exe[1200] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1380] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1684] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1804] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\alg.exe[2308] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2636] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\wuauclt.exe[2700] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[848] WS2_32.dll!connect 71A94A07 5 Bytes JMP 000B0950
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1064] WS2_32.dll!connect 71A94A07 5 Bytes JMP 000B0950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[416] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1636] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre6\bin\jqs.exe[1916] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2644] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2816] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] WININET.dll!InternetOpenW 771AAF29 5 Bytes JMP 00030DB0
.text C:\WINDOWS\Explorer.EXE[384] WININET.dll!InternetOpenW 771AAF29 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1684] WININET.dll!InternetOpenW 771AAF29 5 Bytes JMP 00080DB0
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] WININET.dll!InternetOpenW 771AAF29 5 Bytes JMP 00130DB0
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] WININET.dll!InternetOpenW 771AAF29 5 Bytes JMP 00130DB0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] WININET.dll!InternetOpenW 771AAF29 5 Bytes JMP 00130DB0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] WININET.dll!InternetOpenW 771AAF29 5 Bytes JMP 00130DB0
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] WININET.dll!InternetOpenW 771AAF29 5 Bytes JMP 00130DB0
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] WININET.dll!InternetOpenW 771AAF29 5 Bytes JMP 00130DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] WININET.dll!InternetConnectA 771B3452 5 Bytes JMP 00030F54
.text C:\WINDOWS\Explorer.EXE[384] WININET.dll!InternetConnectA 771B3452 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1684] WININET.dll!InternetConnectA 771B3452 5 Bytes JMP 00080F54
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] WININET.dll!InternetConnectA 771B3452 5 Bytes JMP 00130F54
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] WININET.dll!InternetConnectA 771B3452 5 Bytes JMP 00130F54
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] WININET.dll!InternetConnectA 771B3452 5 Bytes JMP 00130F54
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] WININET.dll!InternetConnectA 771B3452 5 Bytes JMP 00130F54
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] WININET.dll!InternetConnectA 771B3452 5 Bytes JMP 00130F54
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] WININET.dll!InternetConnectA 771B3452 5 Bytes JMP 00130F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] WININET.dll!InternetOpenA 771B578E 5 Bytes JMP 00030D24
.text C:\WINDOWS\Explorer.EXE[384] WININET.dll!InternetOpenA 771B578E 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1684] WININET.dll!InternetOpenA 771B578E 5 Bytes JMP 00080D24
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] WININET.dll!InternetOpenA 771B578E 5 Bytes JMP 00130D24
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] WININET.dll!InternetOpenA 771B578E 5 Bytes JMP 00130D24
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] WININET.dll!InternetOpenA 771B578E 5 Bytes JMP 00130D24
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] WININET.dll!InternetOpenA 771B578E 5 Bytes JMP 00130D24
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] WININET.dll!InternetOpenA 771B578E 5 Bytes JMP 00130D24
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] WININET.dll!InternetOpenA 771B578E 5 Bytes JMP 00130D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] WININET.dll!InternetOpenUrlA 771B5A5A 5 Bytes JMP 00030E3C
.text C:\WINDOWS\Explorer.EXE[384] WININET.dll!InternetOpenUrlA 771B5A5A 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1684] WININET.dll!InternetOpenUrlA 771B5A5A 5 Bytes JMP 00080E3C
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] WININET.dll!InternetOpenUrlA 771B5A5A 5 Bytes JMP 00130E3C
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] WININET.dll!InternetOpenUrlA 771B5A5A 5 Bytes JMP 00130E3C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] WININET.dll!InternetOpenUrlA 771B5A5A 5 Bytes JMP 00130E3C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] WININET.dll!InternetOpenUrlA 771B5A5A 5 Bytes JMP 00130E3C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] WININET.dll!InternetOpenUrlA 771B5A5A 5 Bytes JMP 00130E3C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] WININET.dll!InternetOpenUrlA 771B5A5A 5 Bytes JMP 00130E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00030FE0
.text C:\WINDOWS\Explorer.EXE[384] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1684] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00080FE0
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00130FE0
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00130FE0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00130FE0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00130FE0
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00130FE0
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00130FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] WININET.dll!InternetOpenUrlW 771C5B72 5 Bytes JMP 00030EC8
.text C:\WINDOWS\Explorer.EXE[384] WININET.dll!InternetOpenUrlW 771C5B72 5 Bytes JMP 00080EC8
.text C:\WINDOWS\System32\svchost.exe[1684] WININET.dll!InternetOpenUrlW 771C5B72 5 Bytes JMP 00080EC8
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] WININET.dll!InternetOpenUrlW 771C5B72 5 Bytes JMP 00130EC8
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] WININET.dll!InternetOpenUrlW 771C5B72 5 Bytes JMP 00130EC8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] WININET.dll!InternetOpenUrlW 771C5B72 5 Bytes JMP 00130EC8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] WININET.dll!InternetOpenUrlW 771C5B72 5 Bytes JMP 00130EC8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] WININET.dll!InternetOpenUrlW 771C5B72 5 Bytes JMP 00130EC8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] WININET.dll!InternetOpenUrlW 771C5B72 5 Bytes JMP 00130EC8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\WINDOWS\system32\wscntfy.exe[316] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1112] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[680] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1188] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[2308] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2636] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[2664] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000B01A8
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000B01A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[416] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[904] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[992] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1636] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1916] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2644] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2816] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\csrss.exe[1072] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\WINDOWS\system32\wscntfy.exe[316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[2308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[2664] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 000B0090
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 000B0090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[992] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jqs.exe[1916] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2644] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\csrss.exe[1072] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00230090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\WINDOWS\system32\wscntfy.exe[316] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1112] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[680] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1188] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[2308] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2636] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[2664] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[848] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 000B0694
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1064] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 000B0694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[416] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[904] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[992] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1636] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jqs.exe[1916] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2644] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2816] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\csrss.exe[1072] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2652] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00230694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\WINDOWS\system32\wscntfy.exe[316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[2308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[2664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000B02C0
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000B02C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\csrss.exe[1072] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2652] kernel32.dll!CreateProcessW

[Seky97]

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\WINDOWS\system32\wscntfy.exe[316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[2308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[2664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000B0234
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000B0234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[992] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jqs.exe[1916] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\csrss.exe[1072] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00230234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00030004
.text C:\WINDOWS\system32\wscntfy.exe[316] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1112] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[680] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1188] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[2308] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2636] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[2664] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[848] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 000B0004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1064] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 000B0004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[416] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[904] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[992] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1636] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1916] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2644] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2816] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\csrss.exe[1072] KERNEL32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00160004
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2652] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00230004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0003011C
.text C:\WINDOWS\system32\wscntfy.exe[316] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1112] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[680] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1188] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[2308] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2636] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[2664] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[848] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 000B011C
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1064] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 000B011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[416] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[904] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[992] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1636] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1916] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2644] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2816] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\csrss.exe[1072] KERNEL32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0016011C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2652] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0023011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000304F0
.text C:\WINDOWS\system32\wscntfy.exe[316] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1112] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[680] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1188] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[2308] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2636] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[2664] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[848] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000B04F0
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1064] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000B04F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[416] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[904] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[992] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1636] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1916] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2644] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2816] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\csrss.exe[1072] KERNEL32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001604F0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2652] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 002304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0003057C
.text C:\WINDOWS\system32\wscntfy.exe[316] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1112] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[680] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1188] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[2308] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2636] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[2664] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[848] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 000B057C
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1064] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 000B057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[416] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[904] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[992] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1636] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1916] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2644] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2816] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\csrss.exe[1072] KERNEL32.dll!CreateThread 7C8106C7 5 Bytes JMP 0016057C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2652] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0023057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000303D8
.text C:\WINDOWS\system32\wscntfy.exe[316] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1112] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[680] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1188] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[2308] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2636] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[2664] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[848] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000B03D8
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1064] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000B03D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[416] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[904] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[992] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1636] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1916] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2644] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2816] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\csrss.exe[1072] KERNEL32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001603D8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2652] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 002303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0003034C
.text C:\WINDOWS\system32\wscntfy.exe[316] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1112] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[680] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1188] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[2308] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2636] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[2664] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[848] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 000B034C
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1064] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 000B034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[416] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[904] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[992] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C

[Seky97]

.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1636] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1916] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2644] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2816] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\csrss.exe[1072] KERNEL32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0016034C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2652] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0023034C
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00030464
.text C:\WINDOWS\system32\wscntfy.exe[316] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1112] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[680] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1188] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[2308] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2636] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[2664] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[848] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 000B0464
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1064] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 000B0464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[416] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[904] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[992] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1636] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jqs.exe[1916] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2644] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2816] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\csrss.exe[1072] KERNEL32.dll!WinExec 7C8623AD 5 Bytes JMP 00160464
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2652] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00230464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00030608
.text C:\WINDOWS\system32\wscntfy.exe[316] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1112] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[680] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1188] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[2308] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2636] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[2664] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[848] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 000B0608
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1064] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 000B0608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[416] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[904] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[992] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1636] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jqs.exe[1916] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2644] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2816] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\csrss.exe[1072] KERNEL32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00160608
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2652] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00230608
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000307AC
.text C:\WINDOWS\system32\wscntfy.exe[316] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[1112] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\svchost.exe[272] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[384] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[680] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[1188] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1684] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1804] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[2308] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2636] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[2664] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wuauclt.exe[2700] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000B07AC
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1064] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000B07AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[416] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[904] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[992] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1636] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1916] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2644] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2816] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\csrss.exe[1072] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001607AC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2652] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1968] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00030720
.text C:\WINDOWS\system32\wscntfy.exe[316] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[1112] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\svchost.exe[272] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[384] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[680] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[1188] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1684] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1804] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[2308] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2636] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\ctfmon.exe[2664] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wuauclt.exe[2700] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 000B0720
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1064] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 000B0720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[416] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[904] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[992] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[1636] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1676] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.531\gmer.exe[1876] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Java\jre6\bin\jqs.exe[1916] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2020] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Mozilla Firefox\firefox.exe[2276] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2644] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2816] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3536] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\csrss.exe[1072] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00160720
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2652] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00230720

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2421 80501C49 7 Bytes [4F, 2C, AA, 90, 4D, 2C, AA] {DEC EDI; SUB AL, 0xaa; NOP ; DEC EBP; SUB AL, 0xaa}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AA2B9CE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AA2B9CE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [AA2B9CE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AA2B9CE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AA2B9D00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AA2B9D00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [AA2B9D00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AA2B9D00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AA2B9D90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AA2B9D90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [AA2B9D90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AA2B9D90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AA2B9DC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [AA2B9DC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AA2B9DC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

---- Kernel code sections - GMER 1.0.15 ----

PAGENDSM NDIS.sys!NdisMIndicateStatus F727D9EF 6 Bytes JMP AA2B9ED0 \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xAA39E610]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwClose [0xAA2C6110]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xAA2C5920]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateKey [0xAA2C1EE0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xAA2C4F20]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xAA2C4D90]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xAA2C5480]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xAA39EC10]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xAA2C6190]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xAA2C2320]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteValueKey [0xAA2C23C0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xAA39E730]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xAA0AA9A0]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xAA0AAB30]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xAA2C5BF0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xAA2C2140]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xAA39E4B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xAA39E570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xAA39E6D0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xAA2C5510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xAA39E690]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xAA2C5F00]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xAA39E650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xAA39E7D0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetValueKey [0xAA2C24D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xAA39E510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xAA39E590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xAA39E4D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xAA39E5D0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xAA2C5E50]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xAA39E750]

---- EOF - GMER 1.0.15 ----

[bledulka]

Gmer je ok, ještě spusť combofix se skriptem, jak psal Jaro3.

[Seky97]

ComboFix 10-06-22.03 - Admin 23.06.2010 17:15:26.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.528 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}

FILE ::
"c:\\Documents and Settings\\Admin\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"c:\\Documents and Settings\\Admin\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"c:\windows\system32\d3d9caps.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\d3d9caps.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-23 do 2010-06-23 )))))))))))))))))))))))))))))))
.

2010-06-21 14:46 . 2010-06-21 14:49 -------- d-----w- c:\windows\system32\NtmsData
2010-06-17 17:48 . 2010-06-20 18:18 -------- d-----w- c:\program files\Picasa2
2010-06-17 15:55 . 2010-06-17 16:02 -------- d-----w- c:\program files\Fraps
2010-06-16 15:13 . 2008-11-13 14:20 602624 -c----w- c:\windows\system32\dllcache\crypt32.dll
2010-06-16 15:13 . 2008-11-13 14:20 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2010-06-16 14:30 . 2010-06-16 14:30 -------- d-----w- c:\windows\system32\xlive
2010-06-16 14:30 . 2010-06-16 14:30 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-06-16 13:50 . 2008-04-14 06:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-06-15 02:16 . 2010-06-15 02:16 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-14 13:57 . 2010-06-14 13:57 -------- d-----w- c:\program files\TopStyle 4
2010-06-14 13:55 . 2010-06-14 13:55 -------- d-----w- c:\program files\PSPad editor
2010-06-13 11:28 . 2010-06-13 11:28 -------- d-----w- C:\ATI
2010-06-10 22:28 . 2010-06-10 22:28 -------- d-----w- c:\program files\uTorrent
2010-06-09 14:33 . 2010-06-09 14:33 -------- d-----w- c:\program files\Counter-Strike Source
2010-06-08 14:25 . 2010-06-09 12:26 -------- d-----w- c:\program files\Mass Downloader
2010-06-08 14:19 . 2003-12-15 21:16 81920 ----a-w- c:\windows\system32\eSellerateControl350.dll
2010-06-08 14:19 . 2003-12-15 21:16 348160 ----a-w- c:\windows\system32\eSellerateEngine.dll
2010-06-08 14:19 . 2010-06-08 14:21 -------- d-----w- c:\program files\Star Downloader
2010-06-04 18:33 . 2010-06-04 18:33 -------- d-----w- c:\program files\CDBurnerXP
2010-06-01 18:29 . 2008-07-11 00:28 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2010-06-01 18:29 . 2008-07-11 00:28 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2010-06-01 18:28 . 2010-06-01 18:28 -------- d-----w- c:\windows\system32\RsFx
2010-06-01 17:42 . 2010-06-01 18:28 -------- d-----w- c:\program files\Microsoft SQL Server
2010-06-01 17:42 . 2010-06-18 12:45 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 17:42 . 2010-06-01 17:42 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-06-01 17:42 . 2010-06-01 17:42 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-01 17:37 . 2010-06-01 17:42 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-06-01 17:37 . 2010-06-01 17:37 -------- d-----w- c:\program files\Microsoft SDKs
2010-05-28 16:54 . 2007-10-12 13:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-05-28 12:51 . 2010-05-28 12:51 -------- d-----w- c:\program files\Opera
2010-05-27 13:51 . 2010-05-27 13:51 -------- d-sh--w- c:\windows\ftpcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 11:49 . 2010-05-07 18:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-20 08:05 . 2010-06-06 10:55 7003 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-06-17 12:40 . 2010-05-07 14:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-16 14:02 . 2001-10-25 14:00 497316 ----a-w- c:\windows\system32\perfh005.dat
2010-06-16 14:02 . 2001-10-25 14:00 103464 ----a-w- c:\windows\system32\perfc005.dat
2010-06-16 13:56 . 2010-05-07 14:12 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-16 13:56 . 2010-05-07 14:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-13 17:24 . 2010-05-07 14:23 -------- d-----w- c:\program files\ATI Technologies
2010-06-13 12:02 . 2010-05-09 09:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-08 13:04 . 2010-05-07 16:45 -------- d-----w- c:\program files\IrfanView
2010-06-06 11:59 . 2010-05-15 17:00 -------- d-----w- c:\program files\AviSynth 2.5
2010-06-06 11:58 . 2010-05-15 16:59 -------- d-----w- c:\program files\AVI ReComp
2010-06-01 18:26 . 2010-05-07 16:29 -------- d-----w- c:\program files\Microsoft.NET
2010-05-29 10:01 . 2010-05-13 14:10 -------- d-----w- c:\program files\RapidDown
2010-05-21 16:41 . 2010-05-21 16:41 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-05-20 13:25 . 2010-05-20 13:25 -------- d-----w- c:\program files\PDF-Convert
2010-05-20 13:18 . 2010-05-20 13:18 -------- d-----w- c:\program files\Ghostscript
2010-05-19 19:02 . 2010-05-19 18:56 -------- d-----w- c:\program files\Full Tilt Poker
2010-05-19 16:22 . 2010-05-19 16:15 -------- d-----w- c:\program files\Terasoft
2010-05-16 16:29 . 2010-05-11 17:22 -------- d-----w- c:\program files\Guitar Pro 5
2010-05-16 08:06 . 2010-05-09 10:37 -------- d-----w- c:\program files\Avidemux 2.5
2010-05-16 07:58 . 2010-05-16 07:58 -------- d-----w- c:\program files\X2Xsoft
2010-05-15 17:35 . 2010-05-15 17:23 -------- d-----w- c:\program files\BIAS
2010-05-15 17:01 . 2010-05-15 17:01 -------- d-----w- c:\program files\Gabest
2010-05-15 17:00 . 2010-05-15 08:04 -------- d-----w- c:\program files\Xvid
2010-05-15 16:31 . 2010-05-15 16:31 -------- d-----w- c:\program files\COMODO
2010-05-15 11:53 . 2010-05-15 11:47 -------- d-----w- c:\program files\lg_fwupdate
2010-05-15 11:46 . 2010-05-15 11:35 -------- d-----w- c:\program files\CyberLink
2010-05-15 11:43 . 2010-05-15 11:41 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-15 11:41 . 2010-05-15 11:41 -------- d-----w- c:\program files\Nero
2010-05-15 09:07 . 2010-05-15 09:07 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-15 09:07 . 2010-05-15 09:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-15 09:05 . 2010-05-07 16:29 -------- d-----w- c:\program files\MSBuild
2010-05-15 09:05 . 2010-05-15 09:05 -------- d-----w- c:\program files\Reference Assemblies
2010-05-15 09:01 . 2010-05-15 09:01 -------- d-----w- c:\program files\MSXML 6.0
2010-05-15 08:05 . 2010-05-15 08:05 -------- d-----w- c:\program files\FDRLab
2010-05-12 15:59 . 2010-05-12 15:59 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-12 15:58 . 2010-05-12 15:58 -------- d-----w- c:\program files\IVT Corporation
2010-05-12 15:12 . 2010-05-12 15:11 -------- d-----w- c:\program files\Google
2010-05-11 14:30 . 2010-05-11 14:30 -------- d-----w- c:\program files\Common Files\Protexis
2010-05-11 14:29 . 2010-05-11 14:29 -------- d-----w- c:\program files\Common Files\Corel
2010-05-11 14:28 . 2010-05-11 14:28 -------- d-----w- c:\program files\Corel
2010-05-09 20:24 . 2010-05-07 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-09 15:32 . 2010-05-09 15:12 -------- d-----w- c:\program files\SopCast
2010-05-08 19:06 . 2010-05-07 14:12 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-05-08 16:55 . 2010-05-08 16:53 -------- d-----w- c:\program files\QuickTime
2010-05-08 16:52 . 2010-05-08 16:52 -------- d-----w- c:\program files\Apple Software Update
2010-05-07 18:30 . 2010-05-07 18:30 -------- d-----w- c:\program files\Trend Micro
2010-05-07 18:28 . 2010-05-07 18:28 -------- d-----w- c:\program files\xp-AntiSpy
2010-05-07 18:11 . 2010-05-07 18:11 -------- d-----w- c:\program files\QIP
2010-05-07 17:58 . 2010-05-07 17:58 -------- d-----w- c:\program files\VideoReDoTVSuite
2010-05-07 17:56 . 2010-05-07 17:55 -------- d-----w- c:\program files\JetAudio
2010-05-07 17:56 . 2010-05-07 17:55 -------- d-----w- c:\program files\Common Files\COWON
2010-05-07 17:43 . 2010-05-07 17:43 -------- d-----w- c:\program files\Webteh
2010-05-07 17:25 . 2010-05-07 17:25 -------- d-----w- c:\program files\MuseScore 0.9
2010-05-07 17:00 . 2010-05-07 17:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-05-07 17:00 . 2010-05-07 17:00 -------- d-----w- c:\program files\Java
2010-05-07 16:57 . 2010-05-07 16:57 -------- d-----w- c:\program files\CCleaner
2010-05-07 16:43 . 2010-05-07 16:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-07 16:33 . 2010-05-07 16:33 -------- d-----w- c:\program files\Sunbelt Software
2010-05-07 16:29 . 2010-05-07 16:29 -------- d-----w- c:\program files\Microsoft Works
2010-05-07 16:27 . 2010-05-07 16:27 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-07 16:23 . 2010-05-07 16:15 127768 ----a-w- c:\windows\hpoins11.dat
2010-05-07 16:22 . 2010-05-07 16:22 -------- d-----w- c:\program files\Common Files\HP
2010-05-07 16:22 . 2010-05-07 16:18 -------- d-----w- c:\program files\HP
2010-05-07 16:21 . 2010-05-07 16:20 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-07 16:20 . 2010-05-07 16:20 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-05-07 16:13 . 2010-05-07 16:13 0 ----a-w- c:\windows\nsreg.dat
2010-05-07 14:33 . 2010-05-07 14:33 -------- d-----w- c:\program files\ESET
2010-05-07 14:27 . 2010-05-07 14:17 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-07 14:26 . 2010-05-07 14:26 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-05-07 14:18 . 2010-05-07 14:18 -------- d-----w- c:\program files\Realtek
2010-05-07 14:12 . 2010-05-07 14:12 -------- d-----w- c:\program files\microsoft frontpage
2010-05-07 14:10 . 2010-05-07 14:10 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-29 13:39 . 2010-05-07 18:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-05-07 18:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-06-20_12.03.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-23 15:22 . 2010-06-23 15:22 16384 c:\windows\temp\Perflib_Perfdata_318.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2006-03-15 23:07 421888 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 12:35 305064 ----a-r- d:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-28 06:54 16248320 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\HRY\\Steam\\Steam.exe"=
"d:\\HRY\\EA GAMES\\Battlefield 2\\BF2.exe"=
"d:\\HRY\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\HRY\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"d:\\HRY\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\HRY\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\HRY\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 10:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.3.2010 10:13 95872]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18.7.2006 12:02 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18.7.2006 12:02 91672]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 10:13 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.5.2010 20:43 304464]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.5.2010 20:43 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.5.2010 17:11 136176]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-06-23 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 13:12]

2010-06-22 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-01-26 14:28]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]
.
.
------- Doplňkový sken -------
.
IE: ????3?? - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetAllUrl.htm
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\as9zb8ym.default\
FF - prefs.js: browser.search.selectedEngine - Mapy.cz
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 17:22
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="c:\\Documents and Settings\\Admin\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\Admin\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:12,de,fa,d4,ae,69,fc,e3,6d,68,c9,be,3d,b0,d6,58,9a,37,cd,5d,04,
46,4c,c4,0c,65,df,01,75,c9,6d,2b,0c,75,9f,51,e0,3d,4c,0a,34,00,58,e2,f7,4a,\
"rkeysecu"=hex:e3,b7,9d,79,2e,64,2e,40,a8,c0,f9,7e,53,d8,ac,b8
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1132)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1904)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Celkový čas: 2010-06-23 17:27:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-23 15:26
ComboFix2.txt 2010-06-21 17:40
ComboFix3.txt 2010-06-20 12:06

Před spuštěním: 6 105 169 920
Po spuštění: 6 089 801 728

- - End Of File - - F70708A4EF67143C4996834854596C18

[jaro3]

Ještě script v CF :

Kód: Vybrat vše

RegLock::
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*
N}Ź]
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*
N}ŹhQčţ”Ąc]

Stejný postup , nezapomeň pak log z CF i nový log z HJT.