GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-09 19:16:03
Windows 5.0.2195 Service Pack 4
Running: gmer.exe; Driver: C:\DOCUME~1\PIII~1.VE~\LOCALS~1\Temp\pwkiapod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                             ZwAssignProcessToJobObject [0xBEACF610]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                              ZwClose [0xBEA7B160]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                              ZwCreateFile [0xBEA7A868]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                              ZwCreateKey [0xBEA77320]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                              ZwCreateProcess [0xBEA79E90]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                              ZwCreateThread [0xBEA7A3FC]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                              ZwDeleteFile [0xBEA7B210]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                              ZwDeleteKey [0xBEA77786]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                              ZwDeleteValueKey [0xBEA77846]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                             ZwDuplicateObject [0xBEACF730]
SSDT            \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.)  ZwLoadDriver [0xED19201C]
SSDT            \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.)  ZwMapViewOfSection [0xED192168]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                              ZwOpenFile [0xBEA7AB54]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                              ZwOpenKey [0xBEA775CA]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                             ZwOpenProcess [0xBEACF4B0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                             ZwOpenThread [0xBEACF570]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                             ZwProtectVirtualMemory [0xBEACF6D0]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                              ZwResumeThread [0xBEA7A4EC]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                             ZwSetContextThread [0xBEACF690]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                              ZwSetInformationFile [0xBEA7AE8C]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                             ZwSetInformationThread [0xBEACF650]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                             ZwSetSecurityObject [0xBEACF7D0]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                              ZwSetValueKey [0xBEA779BC]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                             ZwSuspendThread [0xBEACF590]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                             ZwTerminateProcess [0xBEACF4D0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                             ZwTerminateThread [0xBEACF5D0]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                              ZwWriteFile [0xBEA7ADE0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                             ZwWriteVirtualMemory [0xBEACF750]

---- User code sections - GMER 1.0.15 ----

.text           C:\WINNT\system32\csrss.exe[164] USER32.dll!SetWindowsHookExA                                                                77E19BE4 5 Bytes  JMP 00160720 
.text           C:\WINNT\system32\csrss.exe[164] USER32.dll!SetWindowsHookExW                                                                77E39C81 5 Bytes  JMP 001607AC 
.text           C:\WINNT\system32\csrss.exe[164] KERNEL32.dll!CreateRemoteThread                                                             796DB412 5 Bytes  JMP 001604F0 
.text           C:\WINNT\system32\csrss.exe[164] KERNEL32.dll!VirtualAlloc                                                                   796EE8DD 5 Bytes  JMP 00160004 
.text           C:\WINNT\system32\csrss.exe[164] KERNEL32.dll!VirtualAllocEx                                                                 796EE90E 5 Bytes  JMP 0016011C 
.text           C:\WINNT\system32\csrss.exe[164] KERNEL32.dll!VirtualProtect                                                                 796EE9EE 5 Bytes  JMP 00160090 
.text           C:\WINNT\system32\csrss.exe[164] KERNEL32.dll!VirtualProtectEx                                                               796EEA08 5 Bytes  JMP 001601A8 
.text           C:\WINNT\system32\csrss.exe[164] KERNEL32.dll!CreateProcessInternalA                                                         796F4CE6 5 Bytes  JMP 0016034C 
.text           C:\WINNT\system32\csrss.exe[164] KERNEL32.dll!CreateProcessA                                                                 796F5040 5 Bytes  JMP 00160234 
.text           C:\WINNT\system32\csrss.exe[164] KERNEL32.dll!CreateProcessInternalW                                                         796F50B3 5 Bytes  JMP 001603D8 
.text           C:\WINNT\system32\csrss.exe[164] KERNEL32.dll!CreateProcessW                                                                 796F6981 5 Bytes  JMP 001602C0 
.text           C:\WINNT\system32\csrss.exe[164] KERNEL32.dll!WinExec                                                                        796F752A 5 Bytes  JMP 00160464 
.text           C:\WINNT\system32\csrss.exe[164] KERNEL32.dll!WriteProcessMemory                                                             796F7990 5 Bytes  JMP 00160694 
.text           C:\WINNT\system32\csrss.exe[164] KERNEL32.dll!CreateThread                                                                   796FB87C 5 Bytes  JMP 0016057C 
.text           C:\WINNT\system32\csrss.exe[164] KERNEL32.dll!SetThreadContext                                                               796FBBED 5 Bytes  JMP 00160608 
.text           C:\WINNT\system32\winlogon.exe[184] KERNEL32.dll!CreateRemoteThread                                                          796DB412 5 Bytes  JMP 000704F0 
.text           C:\WINNT\system32\winlogon.exe[184] KERNEL32.dll!VirtualAlloc                                                                796EE8DD 5 Bytes  JMP 00070004 
.text           C:\WINNT\system32\winlogon.exe[184] KERNEL32.dll!VirtualAllocEx                                                              796EE90E 5 Bytes  JMP 0007011C 
.text           C:\WINNT\system32\winlogon.exe[184] KERNEL32.dll!VirtualProtect                                                              796EE9EE 5 Bytes  JMP 00070090 
.text           C:\WINNT\system32\winlogon.exe[184] KERNEL32.dll!VirtualProtectEx                                                            796EEA08 5 Bytes  JMP 000701A8 
.text           C:\WINNT\system32\winlogon.exe[184] KERNEL32.dll!CreateProcessInternalA                                                      796F4CE6 5 Bytes  JMP 0007034C 
.text           C:\WINNT\system32\winlogon.exe[184] KERNEL32.dll!CreateProcessA                                                              796F5040 5 Bytes  JMP 00070234 
.text           C:\WINNT\system32\winlogon.exe[184] KERNEL32.dll!CreateProcessInternalW                                                      796F50B3 5 Bytes  JMP 000703D8 
.text           C:\WINNT\system32\winlogon.exe[184] KERNEL32.dll!CreateProcessW                                                              796F6981 5 Bytes  JMP 000702C0 
.text           C:\WINNT\system32\winlogon.exe[184] KERNEL32.dll!WinExec                                                                     796F752A 5 Bytes  JMP 00070464 
.text           C:\WINNT\system32\winlogon.exe[184] KERNEL32.dll!WriteProcessMemory                                                          796F7990 5 Bytes  JMP 00070694 
.text           C:\WINNT\system32\winlogon.exe[184] KERNEL32.dll!CreateThread                                                                796FB87C 5 Bytes  JMP 0007057C 
.text           C:\WINNT\system32\winlogon.exe[184] KERNEL32.dll!SetThreadContext                                                            796FBBED 5 Bytes  JMP 00070608 
.text           C:\WINNT\system32\winlogon.exe[184] USER32.dll!SetWindowsHookExA                                                             77E19BE4 5 Bytes  JMP 00070720 
.text           C:\WINNT\system32\winlogon.exe[184] USER32.dll!SetWindowsHookExW                                                             77E39C81 5 Bytes  JMP 000707AC 
.text           C:\WINNT\system32\winlogon.exe[184] WS2_32.DLL!socket                                                                        74FD353D 5 Bytes  JMP 000708C4 
.text           C:\WINNT\system32\winlogon.exe[184] WS2_32.DLL!bind                                                                          74FD361B 5 Bytes  JMP 00070838 
.text           C:\WINNT\system32\winlogon.exe[184] WS2_32.DLL!connect                                                                       74FDC1B9 5 Bytes  JMP 00070950 
.text           C:\WINNT\system32\services.exe[212] KERNEL32.dll!CreateRemoteThread                                                          796DB412 5 Bytes  JMP 000704F0 
.text           C:\WINNT\system32\services.exe[212] KERNEL32.dll!VirtualAlloc                                                                796EE8DD 5 Bytes  JMP 00070004 
.text           C:\WINNT\system32\services.exe[212] KERNEL32.dll!VirtualAllocEx                                                              796EE90E 5 Bytes  JMP 0007011C 
.text           C:\WINNT\system32\services.exe[212] KERNEL32.dll!VirtualProtect                                                              796EE9EE 5 Bytes  JMP 00070090 
.text           C:\WINNT\system32\services.exe[212] KERNEL32.dll!VirtualProtectEx                                                            796EEA08 5 Bytes  JMP 000701A8 
.text           C:\WINNT\system32\services.exe[212] KERNEL32.dll!CreateProcessInternalA                                                      796F4CE6 5 Bytes  JMP 0007034C 
.text           C:\WINNT\system32\services.exe[212] KERNEL32.dll!CreateProcessA                                                              796F5040 5 Bytes  JMP 00070234 
.text           C:\WINNT\system32\services.exe[212] KERNEL32.dll!CreateProcessInternalW                                                      796F50B3 5 Bytes  JMP 000703D8 
.text           C:\WINNT\system32\services.exe[212] KERNEL32.dll!CreateProcessW                                                              796F6981 5 Bytes  JMP 000702C0 
.text           C:\WINNT\system32\services.exe[212] KERNEL32.dll!WinExec                                                                     796F752A 5 Bytes  JMP 00070464 
.text           C:\WINNT\system32\services.exe[212] KERNEL32.dll!WriteProcessMemory                                                          796F7990 5 Bytes  JMP 00070694 
.text           C:\WINNT\system32\services.exe[212] KERNEL32.dll!CreateThread                                                                796FB87C 5 Bytes  JMP 0007057C 
.text           C:\WINNT\system32\services.exe[212] KERNEL32.dll!SetThreadContext                                                            796FBBED 5 Bytes  JMP 00070608 
.text           C:\WINNT\system32\services.exe[212] WS2_32.DLL!socket                                                                        74FD353D 5 Bytes  JMP 000708C4 
.text           C:\WINNT\system32\services.exe[212] WS2_32.DLL!bind                                                                          74FD361B 5 Bytes  JMP 00070838 
.text           C:\WINNT\system32\services.exe[212] WS2_32.DLL!connect                                                                       74FDC1B9 5 Bytes  JMP 00070950 
.text           C:\WINNT\system32\services.exe[212] USER32.dll!SetWindowsHookExA                                                             77E19BE4 5 Bytes  JMP 00070720 
.text           C:\WINNT\system32\services.exe[212] USER32.dll!SetWindowsHookExW                                                             77E39C81 5 Bytes  JMP 000707AC 
.text           C:\WINNT\system32\lsass.exe[224] KERNEL32.dll!CreateRemoteThread                                                             796DB412 5 Bytes  JMP 000704F0 
.text           C:\WINNT\system32\lsass.exe[224] KERNEL32.dll!VirtualAlloc                                                                   796EE8DD 5 Bytes  JMP 00070004 
.text           C:\WINNT\system32\lsass.exe[224] KERNEL32.dll!VirtualAllocEx                                                                 796EE90E 5 Bytes  JMP 0007011C 
.text           C:\WINNT\system32\lsass.exe[224] KERNEL32.dll!VirtualProtect                                                                 796EE9EE 5 Bytes  JMP 00070090 
.text           C:\WINNT\system32\lsass.exe[224] KERNEL32.dll!VirtualProtectEx                                                               796EEA08 5 Bytes  JMP 000701A8 
.text           C:\WINNT\system32\lsass.exe[224] KERNEL32.dll!CreateProcessInternalA                                                         796F4CE6 5 Bytes  JMP 0007034C 
.text           C:\WINNT\system32\lsass.exe[224] KERNEL32.dll!CreateProcessA                                                                 796F5040 5 Bytes  JMP 00070234 
.text           C:\WINNT\system32\lsass.exe[224] KERNEL32.dll!CreateProcessInternalW                                                         796F50B3 5 Bytes  JMP 000703D8 
.text           C:\WINNT\system32\lsass.exe[224] KERNEL32.dll!CreateProcessW                                                                 796F6981 5 Bytes  JMP 000702C0 
.text           C:\WINNT\system32\lsass.exe[224] KERNEL32.dll!WinExec                                                                        796F752A 5 Bytes  JMP 00070464 
.text           C:\WINNT\system32\lsass.exe[224] KERNEL32.dll!WriteProcessMemory                                                             796F7990 5 Bytes  JMP 00070694 
.text           C:\WINNT\system32\lsass.exe[224] KERNEL32.dll!CreateThread                                                                   796FB87C 5 Bytes  JMP 0007057C 
.text           C:\WINNT\system32\lsass.exe[224] KERNEL32.dll!SetThreadContext                                                               796FBBED 5 Bytes  JMP 00070608 
.text           C:\WINNT\system32\lsass.exe[224] USER32.dll!SetWindowsHookExA                                                                77E19BE4 5 Bytes  JMP 00070720 
.text           C:\WINNT\system32\lsass.exe[224] USER32.dll!SetWindowsHookExW                                                                77E39C81 5 Bytes  JMP 000707AC 
.text           C:\WINNT\system32\lsass.exe[224] WS2_32.DLL!socket                                                                           74FD353D 5 Bytes  JMP 000708C4 
.text           C:\WINNT\system32\lsass.exe[224] WS2_32.DLL!bind                                                                             74FD361B 5 Bytes  JMP 00070838 
.text           C:\WINNT\system32\lsass.exe[224] WS2_32.DLL!connect                                                                          74FDC1B9 5 Bytes  JMP 00070950 
.text           C:\WINNT\system32\svchost.exe[404] KERNEL32.dll!CreateRemoteThread                                                           796DB412 5 Bytes  JMP 000704F0 
.text           C:\WINNT\system32\svchost.exe[404] KERNEL32.dll!VirtualAlloc                                                                 796EE8DD 5 Bytes  JMP 00070004 
.text           C:\WINNT\system32\svchost.exe[404] KERNEL32.dll!VirtualAllocEx                                                               796EE90E 5 Bytes  JMP 0007011C 
.text           C:\WINNT\system32\svchost.exe[404] KERNEL32.dll!VirtualProtect                                                               796EE9EE 5 Bytes  JMP 00070090 
.text           C:\WINNT\system32\svchost.exe[404] KERNEL32.dll!VirtualProtectEx                                                             796EEA08 5 Bytes  JMP 000701A8 
.text           C:\WINNT\system32\svchost.exe[404] KERNEL32.dll!CreateProcessInternalA                                                       796F4CE6 5 Bytes  JMP 0007034C 
.text           C:\WINNT\system32\svchost.exe[404] KERNEL32.dll!CreateProcessA                                                               796F5040 5 Bytes  JMP 00070234 
.text           C:\WINNT\system32\svchost.exe[404] KERNEL32.dll!CreateProcessInternalW                                                       796F50B3 5 Bytes  JMP 000703D8 
.text           C:\WINNT\system32\svchost.exe[404] KERNEL32.dll!CreateProcessW                                                               796F6981 5 Bytes  JMP 000702C0 
.text           C:\WINNT\system32\svchost.exe[404] KERNEL32.dll!WinExec                                                                      796F752A 5 Bytes  JMP 00070464 
.text           C:\WINNT\system32\svchost.exe[404] KERNEL32.dll!WriteProcessMemory                                                           796F7990 5 Bytes  JMP 00070694 
.text           C:\WINNT\system32\svchost.exe[404] KERNEL32.dll!CreateThread                                                                 796FB87C 5 Bytes  JMP 0007057C 
.text           C:\WINNT\system32\svchost.exe[404] KERNEL32.dll!SetThreadContext                                                             796FBBED 5 Bytes  JMP 00070608 
.text           C:\WINNT\system32\svchost.exe[404] USER32.dll!SetWindowsHookExA                                                              77E19BE4 5 Bytes  JMP 00070720 
.text           C:\WINNT\system32\svchost.exe[404] USER32.dll!SetWindowsHookExW                                                              77E39C81 5 Bytes  JMP 000707AC 
.text           C:\WINNT\system32\svchost.exe[404] WS2_32.dll!socket                                                                         74FD353D 5 Bytes  JMP 000708C4 
.text           C:\WINNT\system32\svchost.exe[404] WS2_32.dll!bind                                                                           74FD361B 5 Bytes  JMP 00070838 
.text           C:\WINNT\system32\svchost.exe[404] WS2_32.dll!connect                                                                        74FDC1B9 5 Bytes  JMP 00070950 
.text           C:\WINNT\system32\spoolsv.exe[436] KERNEL32.dll!CreateRemoteThread                                                           796DB412 5 Bytes  JMP 000704F0 
.text           C:\WINNT\system32\spoolsv.exe[436] KERNEL32.dll!VirtualAlloc                                                                 796EE8DD 5 Bytes  JMP 00070004 
.text           C:\WINNT\system32\spoolsv.exe[436] KERNEL32.dll!VirtualAllocEx                                                               796EE90E 5 Bytes  JMP 0007011C 
.text           C:\WINNT\system32\spoolsv.exe[436] KERNEL32.dll!VirtualProtect                                                               796EE9EE 5 Bytes  JMP 00070090 
.text           C:\WINNT\system32\spoolsv.exe[436] KERNEL32.dll!VirtualProtectEx                                                             796EEA08 5 Bytes  JMP 000701A8 
.text           C:\WINNT\system32\spoolsv.exe[436] KERNEL32.dll!CreateProcessInternalA                                                       796F4CE6 5 Bytes  JMP 0007034C 
.text           C:\WINNT\system32\spoolsv.exe[436] KERNEL32.dll!CreateProcessA                                                               796F5040 5 Bytes  JMP 00070234 
.text           C:\WINNT\system32\spoolsv.exe[436] KERNEL32.dll!CreateProcessInternalW                                                       796F50B3 5 Bytes  JMP 000703D8 
.text           C:\WINNT\system32\spoolsv.exe[436] KERNEL32.dll!CreateProcessW                                                               796F6981 5 Bytes  JMP 000702C0 
.text           C:\WINNT\system32\spoolsv.exe[436] KERNEL32.dll!WinExec                                                                      796F752A 5 Bytes  JMP 00070464 
.text           C:\WINNT\system32\spoolsv.exe[436] KERNEL32.dll!WriteProcessMemory                                                           796F7990 5 Bytes  JMP 00070694 
.text           C:\WINNT\system32\spoolsv.exe[436] KERNEL32.dll!CreateThread                                                                 796FB87C 5 Bytes  JMP 0007057C 
.text           C:\WINNT\system32\spoolsv.exe[436] KERNEL32.dll!SetThreadContext                                                             796FBBED 5 Bytes  JMP 00070608 
.text           C:\WINNT\system32\spoolsv.exe[436] USER32.dll!SetWindowsHookExA                                                              77E19BE4 5 Bytes  JMP 00070720 
.text           C:\WINNT\system32\spoolsv.exe[436] USER32.dll!SetWindowsHookExW                                                              77E39C81 5 Bytes  JMP 000707AC 
.text           C:\WINNT\system32\spoolsv.exe[436] WS2_32.dll!socket                                                                         74FD353D 5 Bytes  JMP 000708C4 
.text           C:\WINNT\system32\spoolsv.exe[436] WS2_32.dll!bind                                                                           74FD361B 5 Bytes  JMP 00070838 
.text           C:\WINNT\system32\spoolsv.exe[436] WS2_32.dll!connect                                                                        74FDC1B9 5 Bytes  JMP 00070950 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] WS2_32.dll!socket                                                   74FD353D 5 Bytes  JMP 001308C4 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] WS2_32.dll!bind                                                     74FD361B 5 Bytes  JMP 00130838 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] WS2_32.dll!connect                                                  74FDC1B9 5 Bytes  JMP 00130950 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] KERNEL32.dll!CreateRemoteThread                                     796DB412 5 Bytes  JMP 001304F0 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] KERNEL32.dll!VirtualAlloc                                           796EE8DD 5 Bytes  JMP 00130004 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] KERNEL32.dll!VirtualAllocEx                                         796EE90E 5 Bytes  JMP 0013011C 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] KERNEL32.dll!VirtualProtect                                         796EE9EE 5 Bytes  JMP 00130090 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] KERNEL32.dll!VirtualProtectEx                                       796EEA08 5 Bytes  JMP 001301A8 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] KERNEL32.dll!CreateProcessInternalA                                 796F4CE6 5 Bytes  JMP 0013034C 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] KERNEL32.dll!CreateProcessA                                         796F5040 5 Bytes  JMP 00130234 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] KERNEL32.dll!CreateProcessInternalW                                 796F50B3 5 Bytes  JMP 001303D8 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] KERNEL32.dll!CreateProcessW                                         796F6981 5 Bytes  JMP 001302C0 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] KERNEL32.dll!WinExec                                                796F752A 5 Bytes  JMP 00130464 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] KERNEL32.dll!WriteProcessMemory                                     796F7990 5 Bytes  JMP 00130694 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] KERNEL32.dll!CreateThread                                           796FB87C 5 Bytes  JMP 0013057C 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] KERNEL32.dll!SetThreadContext                                       796FBBED 5 Bytes  JMP 00130608 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] KERNEL32.dll!SetUnhandledExceptionFilter                            796FBD2F 4 Bytes  [C2, 04, 00, 00]
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] USER32.dll!SetWindowsHookExA                                        77E19BE4 5 Bytes  JMP 00130720 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] USER32.dll!SetWindowsHookExW                                        77E39C81 5 Bytes  JMP 001307AC 
.text           C:\WINNT\System32\svchost.exe[504] KERNEL32.dll!CreateRemoteThread                                                           796DB412 5 Bytes  JMP 000704F0 
.text           C:\WINNT\System32\svchost.exe[504] KERNEL32.dll!VirtualAlloc                                                                 796EE8DD 5 Bytes  JMP 00070004 
.text           C:\WINNT\System32\svchost.exe[504] KERNEL32.dll!VirtualAllocEx                                                               796EE90E 5 Bytes  JMP 0007011C 
.text           C:\WINNT\System32\svchost.exe[504] KERNEL32.dll!VirtualProtect                                                               796EE9EE 5 Bytes  JMP 00070090 
.text           C:\WINNT\System32\svchost.exe[504] KERNEL32.dll!VirtualProtectEx                                                             796EEA08 5 Bytes  JMP 000701A8 
.text           C:\WINNT\System32\svchost.exe[504] KERNEL32.dll!CreateProcessInternalA                                                       796F4CE6 5 Bytes  JMP 0007034C 
.text           C:\WINNT\System32\svchost.exe[504] KERNEL32.dll!CreateProcessA                                                               796F5040 5 Bytes  JMP 00070234 
.text           C:\WINNT\System32\svchost.exe[504] KERNEL32.dll!CreateProcessInternalW                                                       796F50B3 5 Bytes  JMP 000703D8 
.text           C:\WINNT\System32\svchost.exe[504] KERNEL32.dll!CreateProcessW                                                               796F6981 5 Bytes  JMP 000702C0 
.text           C:\WINNT\System32\svchost.exe[504] KERNEL32.dll!WinExec                                                                      796F752A 5 Bytes  JMP 00070464 
.text           C:\WINNT\System32\svchost.exe[504] KERNEL32.dll!WriteProcessMemory                                                           796F7990 5 Bytes  JMP 00070694 
.text           C:\WINNT\System32\svchost.exe[504] KERNEL32.dll!CreateThread                                                                 796FB87C 5 Bytes  JMP 0007057C 
.text           C:\WINNT\System32\svchost.exe[504] KERNEL32.dll!SetThreadContext                                                             796FBBED 5 Bytes  JMP 00070608 
.text           C:\WINNT\System32\svchost.exe[504] USER32.dll!SetWindowsHookExA                                                              77E19BE4 5 Bytes  JMP 00070720 
.text           C:\WINNT\System32\svchost.exe[504] USER32.dll!SetWindowsHookExW                                                              77E39C81 5 Bytes  JMP 000707AC 
.text           C:\WINNT\System32\svchost.exe[504] WS2_32.dll!socket                                                                         74FD353D 5 Bytes  JMP 000708C4 
.text           C:\WINNT\System32\svchost.exe[504] WS2_32.dll!bind                                                                           74FD361B 5 Bytes  JMP 00070838 
.text           C:\WINNT\System32\svchost.exe[504] WS2_32.dll!connect                                                                        74FDC1B9 5 Bytes  JMP 00070950 
.text           C:\WINNT\system32\nvsvc32.exe[536] KERNEL32.dll!CreateRemoteThread                                                           796DB412 5 Bytes  JMP 001304F0 
.text           C:\WINNT\system32\nvsvc32.exe[536] KERNEL32.dll!VirtualAlloc                                                                 796EE8DD 5 Bytes  JMP 00130004 
.text           C:\WINNT\system32\nvsvc32.exe[536] KERNEL32.dll!VirtualAllocEx                                                               796EE90E 5 Bytes  JMP 0013011C 
.text           C:\WINNT\system32\nvsvc32.exe[536] KERNEL32.dll!VirtualProtect                                                               796EE9EE 5 Bytes  JMP 00130090 
.text           C:\WINNT\system32\nvsvc32.exe[536] KERNEL32.dll!VirtualProtectEx                                                             796EEA08 5 Bytes  JMP 001301A8 
.text           C:\WINNT\system32\nvsvc32.exe[536] KERNEL32.dll!CreateProcessInternalA                                                       796F4CE6 5 Bytes  JMP 0013034C 
.text           C:\WINNT\system32\nvsvc32.exe[536] KERNEL32.dll!CreateProcessA                                                               796F5040 5 Bytes  JMP 00130234 
.text           C:\WINNT\system32\nvsvc32.exe[536] KERNEL32.dll!CreateProcessInternalW                                                       796F50B3 5 Bytes  JMP 001303D8 
.text           C:\WINNT\system32\nvsvc32.exe[536] KERNEL32.dll!CreateProcessW                                                               796F6981 5 Bytes  JMP 001302C0 
.text           C:\WINNT\system32\nvsvc32.exe[536] KERNEL32.dll!WinExec                                                                      796F752A 5 Bytes  JMP 00130464 
.text           C:\WINNT\system32\nvsvc32.exe[536] KERNEL32.dll!WriteProcessMemory                                                           796F7990 5 Bytes  JMP 00130694 
.text           C:\WINNT\system32\nvsvc32.exe[536] KERNEL32.dll!CreateThread                                                                 796FB87C 5 Bytes  JMP 0013057C 
.text           C:\WINNT\system32\nvsvc32.exe[536] KERNEL32.dll!SetThreadContext                                                             796FBBED 5 Bytes  JMP 00130608 
.text           C:\WINNT\system32\nvsvc32.exe[536] USER32.dll!SetWindowsHookExA                                                              77E19BE4 5 Bytes  JMP 00130720 
.text           C:\WINNT\system32\nvsvc32.exe[536] USER32.dll!SetWindowsHookExW                                                              77E39C81 5 Bytes  JMP 001307AC 
.text           C:\WINNT\system32\nvsvc32.exe[536] WS2_32.DLL!socket                                                                         74FD353D 5 Bytes  JMP 001308C4 
.text           C:\WINNT\system32\nvsvc32.exe[536] WS2_32.DLL!bind                                                                           74FD361B 5 Bytes  JMP 00130838 
.text           C:\WINNT\system32\nvsvc32.exe[536] WS2_32.DLL!connect                                                                        74FDC1B9 5 Bytes  JMP 00130950 
.text           C:\WINNT\system32\regsvc.exe[632] KERNEL32.dll!CreateRemoteThread                                                            796DB412 5 Bytes  JMP 000704F0 
.text           C:\WINNT\system32\regsvc.exe[632] KERNEL32.dll!VirtualAlloc                                                                  796EE8DD 5 Bytes  JMP 00070004 
.text           C:\WINNT\system32\regsvc.exe[632] KERNEL32.dll!VirtualAllocEx                                                                796EE90E 5 Bytes  JMP 0007011C 
.text           C:\WINNT\system32\regsvc.exe[632] KERNEL32.dll!VirtualProtect                                                                796EE9EE 5 Bytes  JMP 00070090 
.text           C:\WINNT\system32\regsvc.exe[632] KERNEL32.dll!VirtualProtectEx                                                              796EEA08 5 Bytes  JMP 000701A8 
.text           C:\WINNT\system32\regsvc.exe[632] KERNEL32.dll!CreateProcessInternalA                                                        796F4CE6 5 Bytes  JMP 0007034C 
.text           C:\WINNT\system32\regsvc.exe[632] KERNEL32.dll!CreateProcessA                                                                796F5040 5 Bytes  JMP 00070234 
.text           C:\WINNT\system32\regsvc.exe[632] KERNEL32.dll!CreateProcessInternalW                                                        796F50B3 5 Bytes  JMP 000703D8 
.text           C:\WINNT\system32\regsvc.exe[632] KERNEL32.dll!CreateProcessW                                                                796F6981 5 Bytes  JMP 000702C0 
.text           C:\WINNT\system32\regsvc.exe[632] KERNEL32.dll!WinExec                                                                       796F752A 5 Bytes  JMP 00070464 
.text           C:\WINNT\system32\regsvc.exe[632] KERNEL32.dll!WriteProcessMemory                                                            796F7990 5 Bytes  JMP 00070694 
.text           C:\WINNT\system32\regsvc.exe[632] KERNEL32.dll!CreateThread                                                                  796FB87C 5 Bytes  JMP 0007057C 
.text           C:\WINNT\system32\regsvc.exe[632] KERNEL32.dll!SetThreadContext                                                              796FBBED 5 Bytes  JMP 00070608 
.text           C:\WINNT\system32\regsvc.exe[632] WS2_32.DLL!socket                                                                          74FD353D 5 Bytes  JMP 000708C4 
.text           C:\WINNT\system32\regsvc.exe[632] WS2_32.DLL!bind                                                                            74FD361B 5 Bytes  JMP 00070838 
.text           C:\WINNT\system32\regsvc.exe[632] WS2_32.DLL!connect                                                                         74FDC1B9 5 Bytes  JMP 00070950 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[636] KERNEL32.dll!CreateRemoteThread                        796DB412 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[636] KERNEL32.dll!VirtualAlloc                              796EE8DD 5 Bytes  JMP 00130004 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[636] KERNEL32.dll!VirtualAllocEx                            796EE90E 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[636] KERNEL32.dll!VirtualProtect                            796EE9EE 5 Bytes  JMP 00130090 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[636] KERNEL32.dll!VirtualProtectEx                          796EEA08 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[636] KERNEL32.dll!CreateProcessInternalA                    796F4CE6 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[636] KERNEL32.dll!CreateProcessA                            796F5040 5 Bytes  JMP 00130234 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[636] KERNEL32.dll!CreateProcessInternalW                    796F50B3 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[636] KERNEL32.dll!CreateProcessW                            796F6981 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[636] KERNEL32.dll!WinExec                                   796F752A 5 Bytes  JMP 00130464 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[636] KERNEL32.dll!WriteProcessMemory                        796F7990 5 Bytes  JMP 00130694 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[636] KERNEL32.dll!CreateThread                              796FB87C 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[636] KERNEL32.dll!SetThreadContext                          796FBBED 5 Bytes  JMP 00130608 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[636] USER32.dll!SetWindowsHookExA                           77E19BE4 5 Bytes  JMP 00130720 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[636] USER32.dll!SetWindowsHookExW                           77E39C81 5 Bytes  JMP 001307AC 
.text           C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Plocha\gmer.exe[648] KERNEL32.DLL!CreateRemoteThread                          796DB412 5 Bytes  JMP 001304F0 
.text           C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Plocha\gmer.exe[648] KERNEL32.DLL!VirtualAlloc                                796EE8DD 5 Bytes  JMP 00130004 
.text           C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Plocha\gmer.exe[648] KERNEL32.DLL!VirtualAllocEx                              796EE90E 5 Bytes  JMP 0013011C 
.text           C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Plocha\gmer.exe[648] KERNEL32.DLL!VirtualProtect                              796EE9EE 5 Bytes  JMP 00130090 
.text           C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Plocha\gmer.exe[648] KERNEL32.DLL!VirtualProtectEx                            796EEA08 5 Bytes  JMP 001301A8 
.text           C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Plocha\gmer.exe[648] KERNEL32.DLL!CreateProcessInternalA                      796F4CE6 5 Bytes  JMP 0013034C 
.text           C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Plocha\gmer.exe[648] KERNEL32.DLL!CreateProcessA                              796F5040 5 Bytes  JMP 00130234 
.text           C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Plocha\gmer.exe[648] KERNEL32.DLL!CreateProcessInternalW                      796F50B3 5 Bytes  JMP 001303D8 
.text           C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Plocha\gmer.exe[648] KERNEL32.DLL!CreateProcessW                              796F6981 5 Bytes  JMP 001302C0 
.text           C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Plocha\gmer.exe[648] KERNEL32.DLL!WinExec                                     796F752A 5 Bytes  JMP 00130464 
.text           C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Plocha\gmer.exe[648] KERNEL32.DLL!WriteProcessMemory                          796F7990 5 Bytes  JMP 00130694 
.text           C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Plocha\gmer.exe[648] KERNEL32.DLL!CreateThread                                796FB87C 5 Bytes  JMP 0013057C 
.text           C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Plocha\gmer.exe[648] KERNEL32.DLL!SetThreadContext                            796FBBED 5 Bytes  JMP 00130608 
.text           C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Plocha\gmer.exe[648] USER32.dll!SetWindowsHookExA                             77E19BE4 5 Bytes  JMP 00130720 
.text           C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Plocha\gmer.exe[648] USER32.dll!SetWindowsHookExW                             77E39C81 5 Bytes  JMP 001307AC 
.text           C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Plocha\gmer.exe[648] WS2_32.DLL!socket                                        74FD353D 5 Bytes  JMP 001308C4 
.text           C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Plocha\gmer.exe[648] WS2_32.DLL!bind                                          74FD361B 5 Bytes  JMP 00130838 
.text           C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Plocha\gmer.exe[648] WS2_32.DLL!connect                                       74FDC1B9 5 Bytes  JMP 00130950 
.text           C:\WINNT\system32\MSTask.exe[684] KERNEL32.dll!CreateRemoteThread                                                            796DB412 5 Bytes  JMP 000704F0 
.text           C:\WINNT\system32\MSTask.exe[684] KERNEL32.dll!VirtualAlloc                                                                  796EE8DD 5 Bytes  JMP 00070004 
.text           C:\WINNT\system32\MSTask.exe[684] KERNEL32.dll!VirtualAllocEx                                                                796EE90E 5 Bytes  JMP 0007011C 
.text           C:\WINNT\system32\MSTask.exe[684] KERNEL32.dll!VirtualProtect                                                                796EE9EE 5 Bytes  JMP 00070090 
.text           C:\WINNT\system32\MSTask.exe[684] KERNEL32.dll!VirtualProtectEx                                                              796EEA08 5 Bytes  JMP 000701A8 
.text           C:\WINNT\system32\MSTask.exe[684] KERNEL32.dll!CreateProcessInternalA                                                        796F4CE6 5 Bytes  JMP 0007034C 
.text           C:\WINNT\system32\MSTask.exe[684] KERNEL32.dll!CreateProcessA                                                                796F5040 5 Bytes  JMP 00070234 
.text           C:\WINNT\system32\MSTask.exe[684] KERNEL32.dll!CreateProcessInternalW                                                        796F50B3 5 Bytes  JMP 000703D8 
.text           C:\WINNT\system32\MSTask.exe[684] KERNEL32.dll!CreateProcessW                                                                796F6981 5 Bytes  JMP 000702C0 
.text           C:\WINNT\system32\MSTask.exe[684] KERNEL32.dll!WinExec                                                                       796F752A 5 Bytes  JMP 00070464 
.text           C:\WINNT\system32\MSTask.exe[684] KERNEL32.dll!WriteProcessMemory                                                            796F7990 5 Bytes  JMP 00070694 
.text           C:\WINNT\system32\MSTask.exe[684] KERNEL32.dll!CreateThread                                                                  796FB87C 5 Bytes  JMP 0007057C 
.text           C:\WINNT\system32\MSTask.exe[684] KERNEL32.dll!SetThreadContext                                                              796FBBED 5 Bytes  JMP 00070608 
.text           C:\WINNT\system32\MSTask.exe[684] USER32.dll!SetWindowsHookExA                                                               77E19BE4 5 Bytes  JMP 00070720 
.text           C:\WINNT\system32\MSTask.exe[684] USER32.dll!SetWindowsHookExW                                                               77E39C81 5 Bytes  JMP 000707AC 
.text           C:\WINNT\system32\MSTask.exe[684] WS2_32.DLL!socket                                                                          74FD353D 5 Bytes  JMP 000708C4 
.text           C:\WINNT\system32\MSTask.exe[684] WS2_32.DLL!bind                                                                            74FD361B 5 Bytes  JMP 00070838 
.text           C:\WINNT\system32\MSTask.exe[684] WS2_32.DLL!connect                                                                         74FDC1B9 5 Bytes  JMP 00070950 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[704] KERNEL32.dll!CreateRemoteThread                         796DB412 5 Bytes  JMP 009504F0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[704] KERNEL32.dll!VirtualAlloc                               796EE8DD 5 Bytes  JMP 00950004 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[704] KERNEL32.dll!VirtualAllocEx                             796EE90E 5 Bytes  JMP 0095011C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[704] KERNEL32.dll!VirtualProtect                             796EE9EE 5 Bytes  JMP 00950090 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[704] KERNEL32.dll!VirtualProtectEx                           796EEA08 5 Bytes  JMP 009501A8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[704] KERNEL32.dll!CreateProcessInternalA                     796F4CE6 5 Bytes  JMP 0095034C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[704] KERNEL32.dll!CreateProcessA                             796F5040 5 Bytes  JMP 00950234 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[704] KERNEL32.dll!CreateProcessInternalW                     796F50B3 5 Bytes  JMP 009503D8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[704] KERNEL32.dll!CreateProcessW                             796F6981 5 Bytes  JMP 009502C0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[704] KERNEL32.dll!WinExec                                    796F752A 5 Bytes  JMP 00950464 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[704] KERNEL32.dll!WriteProcessMemory                         796F7990 5 Bytes  JMP 00950694 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[704] KERNEL32.dll!CreateThread                               796FB87C 5 Bytes  JMP 0095057C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[704] KERNEL32.dll!SetThreadContext                           796FBBED 5 Bytes  JMP 00950608 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[704] USER32.dll!SetWindowsHookExA                            77E19BE4 5 Bytes  JMP 00950720 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[704] USER32.dll!SetWindowsHookExW                            77E39C81 5 Bytes  JMP 009507AC 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[704] WS2_32.dll!socket                                       74FD353D 5 Bytes  JMP 001308C4 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[704] WS2_32.dll!bind                                         74FD361B 5 Bytes  JMP 00130838 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[704] WS2_32.dll!connect                                      74FDC1B9 5 Bytes  JMP 00130950 
.text           C:\WINNT\System32\WBEM\WinMgmt.exe[764] USER32.dll!SetWindowsHookExA                                                         77E19BE4 5 Bytes  JMP 00130720 
.text           C:\WINNT\System32\WBEM\WinMgmt.exe[764] USER32.dll!SetWindowsHookExW                                                         77E39C81 5 Bytes  JMP 001307AC 
.text           C:\WINNT\System32\WBEM\WinMgmt.exe[764] KERNEL32.dll!CreateRemoteThread                                                      796DB412 5 Bytes  JMP 001304F0 
.text           C:\WINNT\System32\WBEM\WinMgmt.exe[764] KERNEL32.dll!VirtualAlloc                                                            796EE8DD 5 Bytes  JMP 00130004 
.text           C:\WINNT\System32\WBEM\WinMgmt.exe[764] KERNEL32.dll!VirtualAllocEx                                                          796EE90E 5 Bytes  JMP 0013011C 
.text           C:\WINNT\System32\WBEM\WinMgmt.exe[764] KERNEL32.dll!VirtualProtect                                                          796EE9EE 5 Bytes  JMP 00130090 
.text           C:\WINNT\System32\WBEM\WinMgmt.exe[764] KERNEL32.dll!VirtualProtectEx                                                        796EEA08 5 Bytes  JMP 001301A8 
.text           C:\WINNT\System32\WBEM\WinMgmt.exe[764] KERNEL32.dll!CreateProcessInternalA                                                  796F4CE6 5 Bytes  JMP 0013034C 
.text           C:\WINNT\System32\WBEM\WinMgmt.exe[764] KERNEL32.dll!CreateProcessA                                                          796F5040 5 Bytes  JMP 00130234 
.text           C:\WINNT\System32\WBEM\WinMgmt.exe[764] KERNEL32.dll!CreateProcessInternalW                                                  796F50B3 5 Bytes  JMP 001303D8 
.text           C:\WINNT\System32\WBEM\WinMgmt.exe[764] KERNEL32.dll!CreateProcessW                                                          796F6981 5 Bytes  JMP 001302C0 
.text           C:\WINNT\System32\WBEM\WinMgmt.exe[764] KERNEL32.dll!WinExec                                                                 796F752A 5 Bytes  JMP 00130464 
.text           C:\WINNT\System32\WBEM\WinMgmt.exe[764] KERNEL32.dll!WriteProcessMemory                                                      796F7990 5 Bytes  JMP 00130694 
.text           C:\WINNT\System32\WBEM\WinMgmt.exe[764] KERNEL32.dll!CreateThread                                                            796FB87C 5 Bytes  JMP 0013057C 
.text           C:\WINNT\System32\WBEM\WinMgmt.exe[764] KERNEL32.dll!SetThreadContext                                                        796FBBED 5 Bytes  JMP 00130608 
.text           C:\WINNT\System32\WBEM\WinMgmt.exe[764] WS2_32.DLL!socket                                                                    74FD353D 5 Bytes  JMP 001308C4 
.text           C:\WINNT\System32\WBEM\WinMgmt.exe[764] WS2_32.DLL!bind                                                                      74FD361B 5 Bytes  JMP 00130838 
.text           C:\WINNT\System32\WBEM\WinMgmt.exe[764] WS2_32.DLL!connect                                                                   74FDC1B9 5 Bytes  JMP 00130950 
.text           C:\WINNT\system32\svchost.exe[792] KERNEL32.dll!CreateRemoteThread                                                           796DB412 5 Bytes  JMP 000704F0 
.text           C:\WINNT\system32\svchost.exe[792] KERNEL32.dll!VirtualAlloc                                                                 796EE8DD 5 Bytes  JMP 00070004 
.text           C:\WINNT\system32\svchost.exe[792] KERNEL32.dll!VirtualAllocEx                                                               796EE90E 5 Bytes  JMP 0007011C 
.text           C:\WINNT\system32\svchost.exe[792] KERNEL32.dll!VirtualProtect                                                               796EE9EE 5 Bytes  JMP 00070090 
.text           C:\WINNT\system32\svchost.exe[792] KERNEL32.dll!VirtualProtectEx                                                             796EEA08 5 Bytes  JMP 000701A8 
.text           C:\WINNT\system32\svchost.exe[792] KERNEL32.dll!CreateProcessInternalA                                                       796F4CE6 5 Bytes  JMP 0007034C 
.text           C:\WINNT\system32\svchost.exe[792] KERNEL32.dll!CreateProcessA                                                               796F5040 5 Bytes  JMP 00070234 
.text           C:\WINNT\system32\svchost.exe[792] KERNEL32.dll!CreateProcessInternalW                                                       796F50B3 5 Bytes  JMP 000703D8 
.text           C:\WINNT\system32\svchost.exe[792] KERNEL32.dll!CreateProcessW                                                               796F6981 5 Bytes  JMP 000702C0 
.text           C:\WINNT\system32\svchost.exe[792] KERNEL32.dll!WinExec                                                                      796F752A 5 Bytes  JMP 00070464 
.text           C:\WINNT\system32\svchost.exe[792] KERNEL32.dll!WriteProcessMemory                                                           796F7990 5 Bytes  JMP 00070694 
.text           C:\WINNT\system32\svchost.exe[792] KERNEL32.dll!CreateThread                                                                 796FB87C 5 Bytes  JMP 0007057C 
.text           C:\WINNT\system32\svchost.exe[792] KERNEL32.dll!SetThreadContext                                                             796FBBED 5 Bytes  JMP 00070608 
.text           C:\WINNT\system32\svchost.exe[792] USER32.dll!SetWindowsHookExA                                                              77E19BE4 5 Bytes  JMP 00070720 
.text           C:\WINNT\system32\svchost.exe[792] USER32.dll!SetWindowsHookExW                                                              77E39C81 5 Bytes  JMP 000707AC 
.text           C:\WINNT\system32\svchost.exe[792] WS2_32.dll!socket                                                                         74FD353D 5 Bytes  JMP 000708C4 
.text           C:\WINNT\system32\svchost.exe[792] WS2_32.dll!bind                                                                           74FD361B 5 Bytes  JMP 00070838 
.text           C:\WINNT\system32\svchost.exe[792] WS2_32.dll!connect                                                                        74FDC1B9 5 Bytes  JMP 00070950 
.text           C:\WINNT\system32\svchost.exe[828] KERNEL32.dll!CreateRemoteThread                                                           796DB412 5 Bytes  JMP 000704F0 
.text           C:\WINNT\system32\svchost.exe[828] KERNEL32.dll!VirtualAlloc                                                                 796EE8DD 5 Bytes  JMP 00070004 
.text           C:\WINNT\system32\svchost.exe[828] KERNEL32.dll!VirtualAllocEx                                                               796EE90E 5 Bytes  JMP 0007011C 
.text           C:\WINNT\system32\svchost.exe[828] KERNEL32.dll!VirtualProtect                                                               796EE9EE 5 Bytes  JMP 00070090 
.text           C:\WINNT\system32\svchost.exe[828] KERNEL32.dll!VirtualProtectEx                                                             796EEA08 5 Bytes  JMP 000701A8 
.text           C:\WINNT\system32\svchost.exe[828] KERNEL32.dll!CreateProcessInternalA                                                       796F4CE6 5 Bytes  JMP 0007034C 
.text           C:\WINNT\system32\svchost.exe[828] KERNEL32.dll!CreateProcessA                                                               796F5040 5 Bytes  JMP 00070234 
.text           C:\WINNT\system32\svchost.exe[828] KERNEL32.dll!CreateProcessInternalW                                                       796F50B3 5 Bytes  JMP 000703D8 
.text           C:\WINNT\system32\svchost.exe[828] KERNEL32.dll!CreateProcessW                                                               796F6981 5 Bytes  JMP 000702C0 
.text           C:\WINNT\system32\svchost.exe[828] KERNEL32.dll!WinExec                                                                      796F752A 5 Bytes  JMP 00070464 
.text           C:\WINNT\system32\svchost.exe[828] KERNEL32.dll!WriteProcessMemory                                                           796F7990 5 Bytes  JMP 00070694 
.text           C:\WINNT\system32\svchost.exe[828] KERNEL32.dll!CreateThread                                                                 796FB87C 5 Bytes  JMP 0007057C 
.text           C:\WINNT\system32\svchost.exe[828] KERNEL32.dll!SetThreadContext                                                             796FBBED 5 Bytes  JMP 00070608 
.text           C:\WINNT\system32\svchost.exe[828] USER32.dll!SetWindowsHookExA                                                              77E19BE4 5 Bytes  JMP 00070720 
.text           C:\WINNT\system32\svchost.exe[828] USER32.dll!SetWindowsHookExW                                                              77E39C81 5 Bytes  JMP 000707AC 
.text           C:\WINNT\system32\svchost.exe[828] WS2_32.dll!socket                                                                         74FD353D 5 Bytes  JMP 000708C4 
.text           C:\WINNT\system32\svchost.exe[828] WS2_32.dll!bind                                                                           74FD361B 5 Bytes  JMP 00070838 
.text           C:\WINNT\system32\svchost.exe[828] WS2_32.dll!connect                                                                        74FDC1B9 5 Bytes  JMP 00070950 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[1280] KERNEL32.dll!CreateRemoteThread                         796DB412 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[1280] KERNEL32.dll!VirtualAlloc                               796EE8DD 5 Bytes  JMP 00130004 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[1280] KERNEL32.dll!VirtualAllocEx                             796EE90E 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[1280] KERNEL32.dll!VirtualProtect                             796EE9EE 5 Bytes  JMP 00130090 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[1280] KERNEL32.dll!VirtualProtectEx                           796EEA08 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[1280] KERNEL32.dll!CreateProcessInternalA                     796F4CE6 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[1280] KERNEL32.dll!CreateProcessA                             796F5040 5 Bytes  JMP 00130234 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[1280] KERNEL32.dll!CreateProcessInternalW                     796F50B3 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[1280] KERNEL32.dll!CreateProcessW                             796F6981 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[1280] KERNEL32.dll!WinExec                                    796F752A 5 Bytes  JMP 00130464 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[1280] KERNEL32.dll!WriteProcessMemory                         796F7990 5 Bytes  JMP 00130694 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[1280] KERNEL32.dll!CreateThread                               796FB87C 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[1280] KERNEL32.dll!SetThreadContext                           796FBBED 5 Bytes  JMP 00130608 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[1280] USER32.dll!SetWindowsHookExA                            77E19BE4 5 Bytes  JMP 00130720 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[1280] USER32.dll!SetWindowsHookExW                            77E39C81 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[1280] WS2_32.dll!socket                                       74FD353D 5 Bytes  JMP 001308C4 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[1280] WS2_32.dll!bind                                         74FD361B 5 Bytes  JMP 00130838 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[1280] WS2_32.dll!connect                                      74FDC1B9 5 Bytes  JMP 00130950 
.text           C:\WINNT\Explorer.EXE[1288] KERNEL32.dll!CreateRemoteThread                                                                  796DB412 5 Bytes  JMP 000704F0 
.text           C:\WINNT\Explorer.EXE[1288] KERNEL32.dll!VirtualAlloc                                                                        796EE8DD 5 Bytes  JMP 00070004 
.text           C:\WINNT\Explorer.EXE[1288] KERNEL32.dll!VirtualAllocEx                                                                      796EE90E 5 Bytes  JMP 0007011C 
.text           C:\WINNT\Explorer.EXE[1288] KERNEL32.dll!VirtualProtect                                                                      796EE9EE 5 Bytes  JMP 00070090 
.text           C:\WINNT\Explorer.EXE[1288] KERNEL32.dll!VirtualProtectEx                                                                    796EEA08 5 Bytes  JMP 000701A8 
.text           C:\WINNT\Explorer.EXE[1288] KERNEL32.dll!CreateProcessInternalA                                                              796F4CE6 5 Bytes  JMP 0007034C 
.text           C:\WINNT\Explorer.EXE[1288] KERNEL32.dll!CreateProcessA                                                                      796F5040 5 Bytes  JMP 00070234 
.text           C:\WINNT\Explorer.EXE[1288] KERNEL32.dll!CreateProcessInternalW                                                              796F50B3 5 Bytes  JMP 000703D8 
.text           C:\WINNT\Explorer.EXE[1288] KERNEL32.dll!CreateProcessW                                                                      796F6981 5 Bytes  JMP 000702C0 
.text           C:\WINNT\Explorer.EXE[1288] KERNEL32.dll!WinExec                                                                             796F752A 5 Bytes  JMP 00070464 
.text           C:\WINNT\Explorer.EXE[1288] KERNEL32.dll!WriteProcessMemory                                                                  796F7990 5 Bytes  JMP 00070694 
.text           C:\WINNT\Explorer.EXE[1288] KERNEL32.dll!CreateThread                                                                        796FB87C 5 Bytes  JMP 0007057C 
.text           C:\WINNT\Explorer.EXE[1288] KERNEL32.dll!SetThreadContext                                                                    796FBBED 5 Bytes  JMP 00070608 
.text           C:\WINNT\Explorer.EXE[1288] USER32.dll!SetWindowsHookExA                                                                     77E19BE4 5 Bytes  JMP 00070720 
.text           C:\WINNT\Explorer.EXE[1288] USER32.dll!SetWindowsHookExW                                                                     77E39C81 5 Bytes  JMP 000707AC 
.text           C:\WINNT\Explorer.EXE[1288] WS2_32.DLL!socket                                                                                74FD353D 5 Bytes  JMP 000708C4 
.text           C:\WINNT\Explorer.EXE[1288] WS2_32.DLL!bind                                                                                  74FD361B 5 Bytes  JMP 00070838 
.text           C:\WINNT\Explorer.EXE[1288] WS2_32.DLL!connect                                                                               74FDC1B9 5 Bytes  JMP 00070950 
.text           C:\WINNT\Explorer.EXE[1288] WININET.DLL!InternetOpenA                                                                        63017813 5 Bytes  JMP 00070D24 
.text           C:\WINNT\Explorer.EXE[1288] WININET.DLL!InternetConnectA                                                                     63017A0B 5 Bytes  JMP 00070F54 
.text           C:\WINNT\Explorer.EXE[1288] WININET.DLL!InternetOpenUrlA                                                                     63017FDC 5 Bytes  JMP 00070E3C 
.text           C:\WINNT\Explorer.EXE[1288] WININET.DLL!InternetOpenW                                                                        6301A14B 5 Bytes  JMP 00070DB0 
.text           C:\WINNT\Explorer.EXE[1288] WININET.DLL!InternetConnectW                                                                     6301A2C8 5 Bytes  JMP 00070FE0 
.text           C:\WINNT\Explorer.EXE[1288] WININET.DLL!InternetOpenUrlW                                                                     6301A462 5 Bytes  JMP 00070EC8 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1332] KERNEL32.dll!CreateRemoteThread                                    796DB412 5 Bytes  JMP 001304F0 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1332] KERNEL32.dll!VirtualAlloc                                          796EE8DD 5 Bytes  JMP 00130004 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1332] KERNEL32.dll!VirtualAllocEx                                        796EE90E 5 Bytes  JMP 0013011C 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1332] KERNEL32.dll!VirtualProtect                                        796EE9EE 5 Bytes  JMP 00130090 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1332] KERNEL32.dll!VirtualProtectEx                                      796EEA08 5 Bytes  JMP 001301A8 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1332] KERNEL32.dll!CreateProcessInternalA                                796F4CE6 5 Bytes  JMP 0013034C 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1332] KERNEL32.dll!CreateProcessA                                        796F5040 5 Bytes  JMP 00130234 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1332] KERNEL32.dll!CreateProcessInternalW                                796F50B3 5 Bytes  JMP 001303D8 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1332] KERNEL32.dll!CreateProcessW                                        796F6981 5 Bytes  JMP 001302C0 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1332] KERNEL32.dll!WinExec                                               796F752A 5 Bytes  JMP 00130464 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1332] KERNEL32.dll!WriteProcessMemory                                    796F7990 5 Bytes  JMP 00130694 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1332] KERNEL32.dll!CreateThread                                          796FB87C 5 Bytes  JMP 0013057C 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1332] KERNEL32.dll!SetThreadContext                                      796FBBED 5 Bytes  JMP 00130608 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1332] USER32.dll!SetWindowsHookExA                                       77E19BE4 5 Bytes  JMP 00130720 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1332] USER32.dll!SetWindowsHookExW                                       77E39C81 5 Bytes  JMP 001307AC 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1332] WS2_32.DLL!socket                                                  74FD353D 5 Bytes  JMP 001308C4 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1332] WS2_32.DLL!bind                                                    74FD361B 5 Bytes  JMP 00130838 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1332] WS2_32.DLL!connect                                                 74FDC1B9 5 Bytes  JMP 00130950 
.text           C:\Program Files\MultiRes\MultiRes.exe[1460] kernel32.dll!CreateRemoteThread                                                 796DB412 5 Bytes  JMP 001304F0 
.text           C:\Program Files\MultiRes\MultiRes.exe[1460] kernel32.dll!VirtualAlloc                                                       796EE8DD 5 Bytes  JMP 00130004 
.text           C:\Program Files\MultiRes\MultiRes.exe[1460] kernel32.dll!VirtualAllocEx                                                     796EE90E 5 Bytes  JMP 0013011C 
.text           C:\Program Files\MultiRes\MultiRes.exe[1460] kernel32.dll!VirtualProtect                                                     796EE9EE 5 Bytes  JMP 00130090 
.text           C:\Program Files\MultiRes\MultiRes.exe[1460] kernel32.dll!VirtualProtectEx                                                   796EEA08 5 Bytes  JMP 001301A8 
.text           C:\Program Files\MultiRes\MultiRes.exe[1460] kernel32.dll!CreateProcessInternalA                                             796F4CE6 5 Bytes  JMP 0013034C 
.text           C:\Program Files\MultiRes\MultiRes.exe[1460] kernel32.dll!CreateProcessA                                                     796F5040 5 Bytes  JMP 00130234 
.text           C:\Program Files\MultiRes\MultiRes.exe[1460] kernel32.dll!CreateProcessInternalW                                             796F50B3 5 Bytes  JMP 001303D8 
.text           C:\Program Files\MultiRes\MultiRes.exe[1460] kernel32.dll!CreateProcessW                                                     796F6981 5 Bytes  JMP 001302C0 
.text           C:\Program Files\MultiRes\MultiRes.exe[1460] kernel32.dll!WinExec                                                            796F752A 5 Bytes  JMP 00130464 
.text           C:\Program Files\MultiRes\MultiRes.exe[1460] kernel32.dll!WriteProcessMemory                                                 796F7990 5 Bytes  JMP 00130694 
.text           C:\Program Files\MultiRes\MultiRes.exe[1460] kernel32.dll!CreateThread                                                       796FB87C 5 Bytes  JMP 0013057C 
.text           C:\Program Files\MultiRes\MultiRes.exe[1460] kernel32.dll!SetThreadContext                                                   796FBBED 5 Bytes  JMP 00130608 
.text           C:\Program Files\MultiRes\MultiRes.exe[1460] user32.dll!SetWindowsHookExA                                                    77E19BE4 5 Bytes  JMP 00130720 
.text           C:\Program Files\MultiRes\MultiRes.exe[1460] user32.dll!SetWindowsHookExW                                                    77E39C81 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE[1488] KERNEL32.dll!CreateRemoteThread                   796DB412 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE[1488] KERNEL32.dll!VirtualAlloc                         796EE8DD 5 Bytes  JMP 00130004 
.text           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE[1488] KERNEL32.dll!VirtualAllocEx                       796EE90E 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE[1488] KERNEL32.dll!VirtualProtect                       796EE9EE 5 Bytes  JMP 00130090 
.text           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE[1488] KERNEL32.dll!VirtualProtectEx                     796EEA08 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE[1488] KERNEL32.dll!CreateProcessInternalA               796F4CE6 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE[1488] KERNEL32.dll!CreateProcessA                       796F5040 5 Bytes  JMP 00130234 
.text           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE[1488] KERNEL32.dll!CreateProcessInternalW               796F50B3 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE[1488] KERNEL32.dll!CreateProcessW                       796F6981 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE[1488] KERNEL32.dll!WinExec                              796F752A 5 Bytes  JMP 00130464 
.text           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE[1488] KERNEL32.dll!WriteProcessMemory                   796F7990 5 Bytes  JMP 00130694 
.text           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE[1488] KERNEL32.dll!CreateThread                         796FB87C 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE[1488] KERNEL32.dll!SetThreadContext                     796FBBED 5 Bytes  JMP 00130608 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                       eamon.sys (Amon monitor/ESET)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                     SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                    SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                    SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                  SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                     eamon.sys (Amon monitor/ESET)

---- Services - GMER 1.0.15 ----

Service         C:\WINNT\system32\MSTask.exe? (*** hidden *** )                                                                              [AUTO] Schedule                                                      <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
