Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Problém při spouštění Windows xp
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní: http://forum.viry.cz/viewtopic.php?f=12&t=123975 . Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní: http://forum.viry.cz/viewtopic.php?f=12&t=123975 . Děkujeme za pochopení.
Problém při spouštění Windows xp
Dobrý den, prosím o pomoc. Při spouštění systému Microsoft Windows XP Professional se mi poslední dobou často stává, že se mi zasekne pc. Musím ho znovu restartovat, což někdy pomůže, ale také se často stává, že to musím zopakovat, než mi najede celý systém. Avira nic nehlásí ,čistil jsem pc CCleaner,kontroloval a opravoval WinTools.net Professional.Chci Vás tímto poprosit o radu, čím to může být a jak to opravit. Děkuji moc předem za pomoc.
Re: Problém při spouštění Windows xp
Zdravim,
v ktere fazi se pc sekne?
Dokazete otestovat disk HDTunem?
Nouzovy rezim funguje?
v ktere fazi se pc sekne?
Dokazete otestovat disk HDTunem?
Nouzovy rezim funguje?
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Problém při spouštění Windows xp
Pc se mi zasekává když mi najede ta černá obrazovka s logem ,,Windows" a dole pod tím nápisem běhají takové ty modré čtverečky. Často se stává, že tento proces třeba trvá i 2 minuty pak se většínou ty modré čtverečky zaseknou a hotovo.Musím pc restartovat a potom když ho restartuji se také často stane, že mi najede tato obrazovka s Windows je to otázka asi 10ti sekund a najede mi v poklidu celý systém, ale také se stává, že tento celý proces musím několikrát opakovat.
Co se týče nouzového režimu není žádný problém. Systém mi okamžitě naběhne.
Program ,,HD Tune" používat neumím, ale stáhnul jsem si teď verzi 2.55 do pc.
Co se týče nouzového režimu není žádný problém. Systém mi okamžitě naběhne.
Program ,,HD Tune" používat neumím, ale stáhnul jsem si teď verzi 2.55 do pc.
Re: Problém při spouštění Windows xp
Stahnete HDTune,nainstalujte,a na karte Error scan klepnete na start(ne rychly),vysledek nahlaste.
Taktez resume zalozky Status.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Problém při spouštění Windows xp
Tak jsem test spustil resume zalozky Status vše ok a všechny políčka v error scan ok
Re: Problém při spouštění Windows xp
Ok,takze zacneme takto:
Stahnete OTL
spustte, oznacte "Scan All Users,30days zmente na 7,kliknete na Run Scan,po skonceni skenu sem vlozte obsah logu z OTL.Txt.
Stahnete GMER , rozbalte a spustte
probehne sken, po jehoz ukonceni na vas vyskoci vysledky
pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte
pote dle tohoto navodu
absolvujte druhy sken a opet obsah logu sem.
Stahnete OTLspustte, oznacte "Scan All Users,30days zmente na 7,kliknete na Run Scan,po skonceni skenu sem vlozte obsah logu z OTL.Txt.
Stahnete GMER , rozbalte a spustteprobehne sken, po jehoz ukonceni na vas vyskoci vysledky
pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte
pote dle tohoto navodu
absolvujte druhy sken a opet obsah logu sem.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Problém při spouštění Windows xp
Tak log z OTL zasílám s tím nebyl žádný problém.
Avšak u GMER se stalo toto první sken proběhl ok ,druhý sken se sekl a napsalo to hlášku dwwin.exe-správná inicializace aplikace(0*0000005)se nezdařila.V té chvilce mi nic nešlo udělat, samotný sken se sekl taky. Nemohl jsem opět ani znovu rozbalit program GMER který byl zararován,nemohl jsem ho ani opět spustit.Dal jsem restartovat pc a stále dokola mi to psalo hlášku LOGONUI.EXE-chyba aplikace.Restartoval jsem proto pc natvrdo.Windows mi najeli rychle ale objevila se mi další hláškaOmezení spuštění dat-systém Windows.Vzájmu ochrany počítače systém Windows tento program ukončil.Název Windows Logon UI.
Spustil jsem proto celý koloběh s programem GMER znovu první sken proběhl opět ok a u druhého mi to opět napsalo tu samou hlášku dwwin.exe-chyba aplikace ale sken se už nesekl a pokračoval dále,proto jsem nechal sken doject aniž bych odklikal tu hlášku s tím dwwin.exe(bál jsem se abych to tím neukončil).
OTL logfile created on: 26.12.2009 20:10:24 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Administrator\Plocha\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1533 1533 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 35,20 Gb Free Space | 15,11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931,28 Gb Total Space | 378,46 Gb Free Space | 40,64% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
Drive I: | 465,76 Gb Total Space | 201,51 Gb Free Space | 43,26% Space Free | Partition Type: NTFS
Drive L: | 698,64 Gb Total Space | 5,16 Gb Free Space | 0,74% Space Free | Partition Type: NTFS
Computer Name: DAVID
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2009.12.26 20:09:14 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\Downloads\OTL.exe
PRC - [2009.12.16 23:00:02 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009.12.16 23:00:01 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009.12.16 22:53:32 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.11.10 23:08:18 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009.11.05 12:09:12 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.07.21 16:42:04 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2009.07.21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.03.02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.31 07:24:28 | 01,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
PRC - [2008.10.31 07:24:28 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2008.10.31 07:24:26 | 01,705,256 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
PRC - [2008.04.14 07:52:24 | 01,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.10.15 20:46:08 | 00,243,056 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2005.02.24 16:23:12 | 00,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2005.02.24 16:20:02 | 00,131,133 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2005.02.24 16:19:36 | 00,057,409 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2004.11.30 09:08:56 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
========== Modules (SafeList) ==========
MOD - [2009.12.26 20:09:14 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\Downloads\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2009.12.16 23:00:01 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009.07.26 06:43:14 | 00,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.07.21 16:42:04 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009.07.21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.21 09:40:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2009.05.13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.10.31 07:24:28 | 01,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4)
SRV - [2008.10.31 07:24:28 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - [2008.07.29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.14 07:51:46 | 00,027,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2007.10.15 20:46:08 | 00,243,056 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2005.02.24 16:23:12 | 00,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2005.02.24 16:20:02 | 00,131,133 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2005.02.24 16:19:36 | 00,057,409 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2004.11.30 09:08:56 | 00,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2003.07.28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Running] -- -- (GEARAspiWDM)
DRV - [2009.12.26 15:39:35 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009.12.07 16:55:31 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.09.20 00:30:23 | 00,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.07.21 17:30:48 | 03,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.05.11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.28 21:20:06 | 00,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009.03.30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.31 07:09:06 | 00,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2008.06.21 04:54:54 | 00,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2008.06.21 04:54:54 | 00,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2008.04.13 23:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2008.04.13 21:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007.11.02 23:12:32 | 00,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2005.11.21 06:48:21 | 00,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005.09.15 03:13:06 | 00,166,400 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinevxx.sys -- (atinevxx)
DRV - [2005.09.15 03:11:58 | 00,015,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2005.07.07 09:14:30 | 01,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005.04.25 08:43:58 | 00,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Vax347b.sys -- (Vax347b)
DRV - [2005.02.24 16:04:58 | 00,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005.02.24 16:04:56 | 00,033,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.02.11 17:11:32 | 00,016,640 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvcchflt.sys -- (nvcchflt)
DRV - [2005.02.11 17:11:02 | 00,089,856 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2005.01.12 00:32:14 | 00,096,384 | R--- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NVTCP.SYS -- (NVTCP)
DRV - [2005.01.10 11:15:30 | 00,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005.01.10 11:15:24 | 00,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004.08.19 06:21:00 | 00,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004.04.30 07:33:00 | 00,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Vax347s.sys -- (Vax347s)
DRV - [2003.04.16 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001.08.17 22:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-796845957-1123561945-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-796845957-1123561945-725345543-1003\S-1-5-21-796845957-1123561945-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 3A AF 20 90 38 CA 01 [binary data]
IE - HKU\S-1-5-21-796845957-1123561945-725345543-500\S-1-5-21-796845957-1123561945-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.seznam.cz"
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.12.26 13:36:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.12.26 13:36:40 | 00,000,000 | ---D | M]
[2009.09.19 23:34:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2009.12.26 19:01:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\nc52e2xk.default\extensions
[2009.09.20 22:00:35 | 00,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\nc52e2xk.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009.12.26 19:01:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.08.24 20:07:44 | 00,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.08.24 20:07:44 | 00,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.08.24 20:07:44 | 00,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.08.24 20:07:44 | 00,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.08.24 20:07:44 | 00,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: (370660 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12778 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-796845957-1123561945-725345543-500\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-796845957-1123561945-725345543-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartmenuLogoff = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCpl = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCpl = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-796845957-1123561945-725345543-1003\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-796845957-1123561945-725345543-500\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprecovr \SystemRoot\sprecovr.txt) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 7 Days ==========
[2009.12.26 16:20:17 | 00,000,000 | ---D | C] -- C:\Program Files\HD Tune
[2009.12.26 15:41:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty\ConvertXtoDVD
[2009.12.26 15:39:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009.12.26 15:39:23 | 00,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv43260.dll
[2009.12.26 15:39:23 | 00,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv33260.dll
[2009.12.26 15:39:23 | 00,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv23260.dll
[2009.12.26 15:39:23 | 00,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\sipr3260.dll
[2009.12.26 15:39:22 | 01,184,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wvc1dmod.dll
[2009.12.26 15:39:22 | 00,626,688 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2009.12.26 15:39:22 | 00,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\cook3260.dll
[2009.12.26 15:39:20 | 00,000,000 | ---D | C] -- C:\Program Files\VSO
[2009.12.26 13:45:27 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2009.12.25 10:32:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty\OJOsoft Corporation
[2009.12.20 21:01:16 | 00,088,576 | ---- | C] (KelSat Presents) -- C:\Documents and Settings\Administrator\Plocha\Dragon_Age_Origins_V1.0_V1.1_Plus_8_Trainer_By_KelSat.exe
[2009.12.20 13:14:37 | 00,270,888 | R--- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2009.12.20 13:14:37 | 00,065,576 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2009.12.20 13:14:26 | 00,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2009.12.20 09:04:04 | 00,000,000 | ---D | C] -- C:\rsit
[2009.12.18 10:46:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Apple
[2009.11.19 10:36:16 | 00,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys
[2009.11.19 10:36:16 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys
[2009.09.20 21:33:58 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Data aplikací\pcouffin.sys
[2009.09.18 20:03:03 | 05,866,152 | ---- | C] (Mozilla) -- C:\Program Files\FirefoxSetup2.0.0.20.exe
[2009.09.18 20:00:33 | 06,679,224 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 2.0.0.23.exe
[2009.09.18 16:58:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.09.18 16:33:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.09.18 16:33:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2009.09.18 16:33:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2002.04.10 18:41:06 | 00,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[3 C:\Documents and Settings\All Users\Data aplikací\*.tmp files -> C:\Documents and Settings\All Users\Data aplikací\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2009.12.26 17:34:58 | 11,010,048 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2009.12.26 16:49:17 | 00,144,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.26 16:44:26 | 00,001,044 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\vso_ts_preview.xml
[2009.12.26 15:39:35 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\inst.exe
[2009.12.26 15:39:35 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009.12.26 15:39:35 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Administrator\Data aplikací\pcouffin.sys
[2009.12.26 15:39:35 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\pcouffin.cat
[2009.12.26 15:39:35 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\pcouffin.inf
[2009.12.26 14:55:52 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.12.26 14:52:32 | 00,370,660 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009.12.26 14:45:30 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Spybot - Search & Destroy.lnk
[2009.12.26 14:34:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.12.26 14:34:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.12.26 13:48:22 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009.12.26 13:37:32 | 00,000,634 | ---- | M] () -- C:\WINDOWS\win.ini
[2009.12.24 15:52:16 | 27,578,7931 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\TempImage.nrg
[2009.12.24 15:34:48 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.12.20 20:59:33 | 00,134,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Nový objekt - Dokument aplikace Microsoft Word.doc
[2009.12.20 09:01:25 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\CCleaner.lnk
[2009.12.19 22:59:24 | 00,000,917 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Revo Uninstaller.lnk
[3 C:\Documents and Settings\All Users\Data aplikací\*.tmp files -> C:\Documents and Settings\All Users\Data aplikací\*.tmp -> ]
========== Files Created - No Company Name ==========
[2009.12.26 15:39:45 | 00,001,044 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\vso_ts_preview.xml
[2009.12.26 14:45:30 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Spybot - Search & Destroy.lnk
[2009.12.24 15:39:28 | 27,578,7931 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\TempImage.nrg
[2009.12.20 20:58:33 | 00,134,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Nový objekt - Dokument aplikace Microsoft Word.doc
[2009.12.20 10:18:27 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009.11.28 08:32:25 | 00,000,018 | ---- | C] () -- C:\Program Files\XP Repair Pro 2007ERR_Item5-11-28-2009_8-28-11_1813140.dnp
[2009.11.28 08:31:38 | 00,000,018 | ---- | C] () -- C:\Program Files\XP Repair Pro 2007ERR_Item5-11-28-2009_8-28-11_670033.dnp
[2009.11.10 18:03:57 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.10.27 09:00:31 | 00,000,046 | ---- | C] () -- C:\WINDOWS\PCCT.INI
[2009.10.27 08:16:42 | 00,000,111 | ---- | C] () -- C:\WINDOWS\installation.ini
[2009.10.27 08:14:53 | 00,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009.10.18 19:10:03 | 00,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2009.10.18 19:08:32 | 00,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009.09.25 15:00:02 | 00,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.09.20 21:41:30 | 00,000,702 | ---- | C] () -- C:\WINDOWS\mmtvmj.ini
[2009.09.20 21:41:29 | 00,000,761 | ---- | C] () -- C:\WINDOWS\m3jp2k.ini
[2009.09.20 21:41:28 | 00,000,714 | ---- | C] () -- C:\WINDOWS\m3jpeg.ini
[2009.09.20 21:41:17 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009.09.20 21:41:08 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.09.20 21:34:34 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\pcouffin.log
[2009.09.20 21:33:58 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\inst.exe
[2009.09.20 21:33:58 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\pcouffin.cat
[2009.09.20 21:33:58 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\pcouffin.inf
[2009.09.20 21:20:36 | 00,000,296 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\default.rss
[2009.09.20 21:19:24 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.09.20 20:48:13 | 00,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009.09.20 00:55:55 | 00,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009.09.20 00:55:42 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009.09.20 00:43:46 | 00,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2009.09.20 00:43:46 | 00,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009.09.20 00:26:30 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.09.19 23:06:20 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2009.09.18 19:46:15 | 00,144,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.18 17:07:03 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009.09.18 17:06:58 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009.08.03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009.08.02 23:21:54 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.08.02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.08.02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005.05.03 12:38:42 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2003.10.02 11:48:18 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003.04.09 14:38:04 | 00,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== Alternate Data Streams ==========
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DA321CD4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1
< End of report >
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2009-12-26 20:40:18
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapog.sys
---- System - GMER 1.0.15 ----
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9E694FE]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9E74D50]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A5D11F8
Device \FileSystem\Fastfat \Fat 8A282500
Device \FileSystem\Fastfat \Fat 8A1AD030
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip 8A09C1D8
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp 8A09C1D8
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp 8A09C1D8
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp 8A09C1D8
---- EOF - GMER 1.0.15 ----
Avšak u GMER se stalo toto první sken proběhl ok ,druhý sken se sekl a napsalo to hlášku dwwin.exe-správná inicializace aplikace(0*0000005)se nezdařila.V té chvilce mi nic nešlo udělat, samotný sken se sekl taky. Nemohl jsem opět ani znovu rozbalit program GMER který byl zararován,nemohl jsem ho ani opět spustit.Dal jsem restartovat pc a stále dokola mi to psalo hlášku LOGONUI.EXE-chyba aplikace.Restartoval jsem proto pc natvrdo.Windows mi najeli rychle ale objevila se mi další hláškaOmezení spuštění dat-systém Windows.Vzájmu ochrany počítače systém Windows tento program ukončil.Název Windows Logon UI.
Spustil jsem proto celý koloběh s programem GMER znovu první sken proběhl opět ok a u druhého mi to opět napsalo tu samou hlášku dwwin.exe-chyba aplikace ale sken se už nesekl a pokračoval dále,proto jsem nechal sken doject aniž bych odklikal tu hlášku s tím dwwin.exe(bál jsem se abych to tím neukončil).
OTL logfile created on: 26.12.2009 20:10:24 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Administrator\Plocha\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1533 1533 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 35,20 Gb Free Space | 15,11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931,28 Gb Total Space | 378,46 Gb Free Space | 40,64% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
Drive I: | 465,76 Gb Total Space | 201,51 Gb Free Space | 43,26% Space Free | Partition Type: NTFS
Drive L: | 698,64 Gb Total Space | 5,16 Gb Free Space | 0,74% Space Free | Partition Type: NTFS
Computer Name: DAVID
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2009.12.26 20:09:14 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\Downloads\OTL.exe
PRC - [2009.12.16 23:00:02 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009.12.16 23:00:01 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009.12.16 22:53:32 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.11.10 23:08:18 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009.11.05 12:09:12 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.07.21 16:42:04 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2009.07.21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.03.02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.31 07:24:28 | 01,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
PRC - [2008.10.31 07:24:28 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2008.10.31 07:24:26 | 01,705,256 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
PRC - [2008.04.14 07:52:24 | 01,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.10.15 20:46:08 | 00,243,056 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2005.02.24 16:23:12 | 00,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2005.02.24 16:20:02 | 00,131,133 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2005.02.24 16:19:36 | 00,057,409 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2004.11.30 09:08:56 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
========== Modules (SafeList) ==========
MOD - [2009.12.26 20:09:14 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\Downloads\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2009.12.16 23:00:01 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009.07.26 06:43:14 | 00,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.07.21 16:42:04 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009.07.21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.21 09:40:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2009.05.13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.10.31 07:24:28 | 01,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4)
SRV - [2008.10.31 07:24:28 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - [2008.07.29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.14 07:51:46 | 00,027,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2007.10.15 20:46:08 | 00,243,056 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2005.02.24 16:23:12 | 00,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2005.02.24 16:20:02 | 00,131,133 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2005.02.24 16:19:36 | 00,057,409 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2004.11.30 09:08:56 | 00,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2003.07.28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Running] -- -- (GEARAspiWDM)
DRV - [2009.12.26 15:39:35 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009.12.07 16:55:31 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.09.20 00:30:23 | 00,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.07.21 17:30:48 | 03,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.05.11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.28 21:20:06 | 00,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009.03.30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.31 07:09:06 | 00,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2008.06.21 04:54:54 | 00,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2008.06.21 04:54:54 | 00,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2008.04.13 23:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2008.04.13 21:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007.11.02 23:12:32 | 00,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2005.11.21 06:48:21 | 00,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005.09.15 03:13:06 | 00,166,400 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinevxx.sys -- (atinevxx)
DRV - [2005.09.15 03:11:58 | 00,015,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2005.07.07 09:14:30 | 01,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005.04.25 08:43:58 | 00,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Vax347b.sys -- (Vax347b)
DRV - [2005.02.24 16:04:58 | 00,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005.02.24 16:04:56 | 00,033,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.02.11 17:11:32 | 00,016,640 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvcchflt.sys -- (nvcchflt)
DRV - [2005.02.11 17:11:02 | 00,089,856 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2005.01.12 00:32:14 | 00,096,384 | R--- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NVTCP.SYS -- (NVTCP)
DRV - [2005.01.10 11:15:30 | 00,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005.01.10 11:15:24 | 00,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004.08.19 06:21:00 | 00,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004.04.30 07:33:00 | 00,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Vax347s.sys -- (Vax347s)
DRV - [2003.04.16 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001.08.17 22:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-796845957-1123561945-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-796845957-1123561945-725345543-1003\S-1-5-21-796845957-1123561945-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 3A AF 20 90 38 CA 01 [binary data]
IE - HKU\S-1-5-21-796845957-1123561945-725345543-500\S-1-5-21-796845957-1123561945-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.seznam.cz"
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.12.26 13:36:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.12.26 13:36:40 | 00,000,000 | ---D | M]
[2009.09.19 23:34:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2009.12.26 19:01:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\nc52e2xk.default\extensions
[2009.09.20 22:00:35 | 00,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\nc52e2xk.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009.12.26 19:01:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.08.24 20:07:44 | 00,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.08.24 20:07:44 | 00,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.08.24 20:07:44 | 00,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.08.24 20:07:44 | 00,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.08.24 20:07:44 | 00,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: (370660 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12778 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-796845957-1123561945-725345543-500\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-796845957-1123561945-725345543-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartmenuLogoff = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCpl = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCpl = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-796845957-1123561945-725345543-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-796845957-1123561945-725345543-1003\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-796845957-1123561945-725345543-500\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprecovr \SystemRoot\sprecovr.txt) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 7 Days ==========
[2009.12.26 16:20:17 | 00,000,000 | ---D | C] -- C:\Program Files\HD Tune
[2009.12.26 15:41:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty\ConvertXtoDVD
[2009.12.26 15:39:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009.12.26 15:39:23 | 00,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv43260.dll
[2009.12.26 15:39:23 | 00,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv33260.dll
[2009.12.26 15:39:23 | 00,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv23260.dll
[2009.12.26 15:39:23 | 00,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\sipr3260.dll
[2009.12.26 15:39:22 | 01,184,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wvc1dmod.dll
[2009.12.26 15:39:22 | 00,626,688 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2009.12.26 15:39:22 | 00,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\cook3260.dll
[2009.12.26 15:39:20 | 00,000,000 | ---D | C] -- C:\Program Files\VSO
[2009.12.26 13:45:27 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2009.12.25 10:32:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty\OJOsoft Corporation
[2009.12.20 21:01:16 | 00,088,576 | ---- | C] (KelSat Presents) -- C:\Documents and Settings\Administrator\Plocha\Dragon_Age_Origins_V1.0_V1.1_Plus_8_Trainer_By_KelSat.exe
[2009.12.20 13:14:37 | 00,270,888 | R--- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2009.12.20 13:14:37 | 00,065,576 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2009.12.20 13:14:26 | 00,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2009.12.20 09:04:04 | 00,000,000 | ---D | C] -- C:\rsit
[2009.12.18 10:46:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Apple
[2009.11.19 10:36:16 | 00,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys
[2009.11.19 10:36:16 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys
[2009.09.20 21:33:58 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Data aplikací\pcouffin.sys
[2009.09.18 20:03:03 | 05,866,152 | ---- | C] (Mozilla) -- C:\Program Files\FirefoxSetup2.0.0.20.exe
[2009.09.18 20:00:33 | 06,679,224 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 2.0.0.23.exe
[2009.09.18 16:58:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.09.18 16:33:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.09.18 16:33:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2009.09.18 16:33:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2002.04.10 18:41:06 | 00,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[3 C:\Documents and Settings\All Users\Data aplikací\*.tmp files -> C:\Documents and Settings\All Users\Data aplikací\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2009.12.26 17:34:58 | 11,010,048 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2009.12.26 16:49:17 | 00,144,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.26 16:44:26 | 00,001,044 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\vso_ts_preview.xml
[2009.12.26 15:39:35 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\inst.exe
[2009.12.26 15:39:35 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009.12.26 15:39:35 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Administrator\Data aplikací\pcouffin.sys
[2009.12.26 15:39:35 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\pcouffin.cat
[2009.12.26 15:39:35 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\pcouffin.inf
[2009.12.26 14:55:52 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.12.26 14:52:32 | 00,370,660 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009.12.26 14:45:30 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Spybot - Search & Destroy.lnk
[2009.12.26 14:34:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.12.26 14:34:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.12.26 13:48:22 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009.12.26 13:37:32 | 00,000,634 | ---- | M] () -- C:\WINDOWS\win.ini
[2009.12.24 15:52:16 | 27,578,7931 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\TempImage.nrg
[2009.12.24 15:34:48 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.12.20 20:59:33 | 00,134,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Nový objekt - Dokument aplikace Microsoft Word.doc
[2009.12.20 09:01:25 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\CCleaner.lnk
[2009.12.19 22:59:24 | 00,000,917 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Revo Uninstaller.lnk
[3 C:\Documents and Settings\All Users\Data aplikací\*.tmp files -> C:\Documents and Settings\All Users\Data aplikací\*.tmp -> ]
========== Files Created - No Company Name ==========
[2009.12.26 15:39:45 | 00,001,044 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\vso_ts_preview.xml
[2009.12.26 14:45:30 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Spybot - Search & Destroy.lnk
[2009.12.24 15:39:28 | 27,578,7931 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\TempImage.nrg
[2009.12.20 20:58:33 | 00,134,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Nový objekt - Dokument aplikace Microsoft Word.doc
[2009.12.20 10:18:27 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009.11.28 08:32:25 | 00,000,018 | ---- | C] () -- C:\Program Files\XP Repair Pro 2007ERR_Item5-11-28-2009_8-28-11_1813140.dnp
[2009.11.28 08:31:38 | 00,000,018 | ---- | C] () -- C:\Program Files\XP Repair Pro 2007ERR_Item5-11-28-2009_8-28-11_670033.dnp
[2009.11.10 18:03:57 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.10.27 09:00:31 | 00,000,046 | ---- | C] () -- C:\WINDOWS\PCCT.INI
[2009.10.27 08:16:42 | 00,000,111 | ---- | C] () -- C:\WINDOWS\installation.ini
[2009.10.27 08:14:53 | 00,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009.10.18 19:10:03 | 00,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2009.10.18 19:08:32 | 00,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009.09.25 15:00:02 | 00,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.09.20 21:41:30 | 00,000,702 | ---- | C] () -- C:\WINDOWS\mmtvmj.ini
[2009.09.20 21:41:29 | 00,000,761 | ---- | C] () -- C:\WINDOWS\m3jp2k.ini
[2009.09.20 21:41:28 | 00,000,714 | ---- | C] () -- C:\WINDOWS\m3jpeg.ini
[2009.09.20 21:41:17 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009.09.20 21:41:08 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.09.20 21:34:34 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\pcouffin.log
[2009.09.20 21:33:58 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\inst.exe
[2009.09.20 21:33:58 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\pcouffin.cat
[2009.09.20 21:33:58 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\pcouffin.inf
[2009.09.20 21:20:36 | 00,000,296 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\default.rss
[2009.09.20 21:19:24 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.09.20 20:48:13 | 00,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009.09.20 00:55:55 | 00,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009.09.20 00:55:42 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009.09.20 00:43:46 | 00,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2009.09.20 00:43:46 | 00,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009.09.20 00:26:30 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.09.19 23:06:20 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2009.09.18 19:46:15 | 00,144,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.18 17:07:03 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009.09.18 17:06:58 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009.08.03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009.08.02 23:21:54 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.08.02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.08.02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005.05.03 12:38:42 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2003.10.02 11:48:18 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003.04.09 14:38:04 | 00,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== Alternate Data Streams ==========
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DA321CD4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1
< End of report >
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2009-12-26 20:40:18
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapog.sys
---- System - GMER 1.0.15 ----
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9E694FE]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9E74D50]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A5D11F8
Device \FileSystem\Fastfat \Fat 8A282500
Device \FileSystem\Fastfat \Fat 8A1AD030
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip 8A09C1D8
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp 8A09C1D8
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp 8A09C1D8
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp 8A09C1D8
---- EOF - GMER 1.0.15 ----
Naposledy upravil(a) DavidHron dne 26 pro 2009 22:26, celkem upraveno 1 x.
Re: Problém při spouštění Windows xp
Ten druhý log zGMER je velmi velký musím to nakouskovat
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-26 22:02:45
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwClose [0xA0D51160]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xA0D50868]
SSDT AF90FA1E ZwCreateKey
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xA0D4FE90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xA0D4FD9C]
SSDT AF90FA14 ZwCreateThread
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xA0D51210]
SSDT AF90FA23 ZwDeleteKey
SSDT AF90FA2D ZwDeleteValueKey
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9E694FE]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9E74D50]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xBA30A01C]
SSDT AF90FA32 ZwLoadKey
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xBA30A168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xA0D50B54]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenKey [0xA0D4D5CA]
SSDT AF90FA00 ZwOpenProcess
SSDT AF90FA05 ZwOpenThread
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xB9E6951E]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xB9E74CA6]
SSDT AF90FA3C ZwReplaceKey
SSDT AF90FA37 ZwRestoreKey
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xA0D504EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xA0D50E8C]
SSDT AF90FA28 ZwSetValueKey
SSDT AF90FA0F ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xA0D50DE0]
INT 0x62 ? 8A63FBF8
INT 0x63 ? 8A63FBF8
INT 0x73 ? 8A63FBF8
INT 0x82 ? 8A63FBF8
INT 0xA4 ? 8A366BF8
INT 0xB4 ? 8A366BF8
---- Kernel code sections - GMER 1.0.15 ----
? spec.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload B90198AC 5 Bytes JMP 8A3661D8
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB89B9000, 0x1C5D38, 0xE8000020]
.text avgy2ptw.SYS B896C386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text avgy2ptw.SYS B896C3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text avgy2ptw.SYS B896C3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text avgy2ptw.SYS B896C3C9 1 Byte [30]
.text avgy2ptw.SYS B896C3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
C:\Program Files\CyberLink\PowerDVD\000.fcl entry point in "" section [0x9B806000]
.clc C:\Program Files\CyberLink\PowerDVD\000.fcl unknown last section [0x9B807000, 0x1000, 0x00000000]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[160] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[160] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\rundll32.exe[360] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\rundll32.exe[360] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\rundll32.exe[360] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\rundll32.exe[360] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\rundll32.exe[360] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\rundll32.exe[360] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\rundll32.exe[360] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\rundll32.exe[360] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00080EC8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[496] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[496] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[496] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[496] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[496] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00140F54
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00140FE0
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00140D24
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00140DB0
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00140E3C
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00140EC8
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[800] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[800] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[800] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[800] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[800] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wuauclt.exe[860] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wuauclt.exe[860] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wuauclt.exe[860] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wuauclt.exe[860] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wuauclt.exe[860] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1188] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1188] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1188] WS2_32.dll!connect
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-26 22:02:45
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwClose [0xA0D51160]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xA0D50868]
SSDT AF90FA1E ZwCreateKey
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xA0D4FE90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xA0D4FD9C]
SSDT AF90FA14 ZwCreateThread
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xA0D51210]
SSDT AF90FA23 ZwDeleteKey
SSDT AF90FA2D ZwDeleteValueKey
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9E694FE]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9E74D50]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xBA30A01C]
SSDT AF90FA32 ZwLoadKey
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xBA30A168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xA0D50B54]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenKey [0xA0D4D5CA]
SSDT AF90FA00 ZwOpenProcess
SSDT AF90FA05 ZwOpenThread
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xB9E6951E]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xB9E74CA6]
SSDT AF90FA3C ZwReplaceKey
SSDT AF90FA37 ZwRestoreKey
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xA0D504EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xA0D50E8C]
SSDT AF90FA28 ZwSetValueKey
SSDT AF90FA0F ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xA0D50DE0]
INT 0x62 ? 8A63FBF8
INT 0x63 ? 8A63FBF8
INT 0x73 ? 8A63FBF8
INT 0x82 ? 8A63FBF8
INT 0xA4 ? 8A366BF8
INT 0xB4 ? 8A366BF8
---- Kernel code sections - GMER 1.0.15 ----
? spec.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload B90198AC 5 Bytes JMP 8A3661D8
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB89B9000, 0x1C5D38, 0xE8000020]
.text avgy2ptw.SYS B896C386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text avgy2ptw.SYS B896C3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text avgy2ptw.SYS B896C3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text avgy2ptw.SYS B896C3C9 1 Byte [30]
.text avgy2ptw.SYS B896C3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
C:\Program Files\CyberLink\PowerDVD\000.fcl entry point in "" section [0x9B806000]
.clc C:\Program Files\CyberLink\PowerDVD\000.fcl unknown last section [0x9B807000, 0x1000, 0x00000000]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[160] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[160] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[160] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[328] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\rundll32.exe[360] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\rundll32.exe[360] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\rundll32.exe[360] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\rundll32.exe[360] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\rundll32.exe[360] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\rundll32.exe[360] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\rundll32.exe[360] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\rundll32.exe[360] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\rundll32.exe[360] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00080EC8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[476] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[496] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[496] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[496] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[496] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[496] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00140F54
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00140FE0
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00140D24
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00140DB0
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00140E3C
.text C:\Program Files\Mozilla Firefox\firefox.exe[656] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00140EC8
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[800] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[800] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[800] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[800] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[800] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[800] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[848] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wuauclt.exe[860] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wuauclt.exe[860] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wuauclt.exe[860] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wuauclt.exe[860] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wuauclt.exe[860] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wuauclt.exe[860] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[968] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1016] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Documents and Settings\Administrator\Plocha\Downloads\gmer.exe[1100] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1188] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1188] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1188] WS2_32.dll!connect
Re: Problém při spouštění Windows xp
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[1212] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[1212] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[1212] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[1212] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[1212] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[1380] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[1380] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1416] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[1416] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[1416] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[1416] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[1416] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1460] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[1460] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1472] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[1472] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1472] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1472] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1472] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\vssvc.exe[1660] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\vssvc.exe[1660] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\vssvc.exe[1660] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\vssvc.exe[1660] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\vssvc.exe[1660] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1732] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1732] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1732] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1792] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1792] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1792] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1792] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1792] WS2_32.dll!connect
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[1212] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[1212] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[1212] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[1212] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[1212] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1284] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1352] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[1380] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[1380] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[1380] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1416] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[1416] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[1416] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[1416] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[1416] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1460] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1460] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[1460] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1472] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[1472] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1472] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1472] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1472] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1508] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1512] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\vssvc.exe[1660] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\vssvc.exe[1660] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\vssvc.exe[1660] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\vssvc.exe[1660] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\vssvc.exe[1660] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\vssvc.exe[1660] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[1716] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1732] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1732] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1732] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1792] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1792] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1792] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1792] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1792] WS2_32.dll!connect
Re: Problém při spouštění Windows xp
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1996] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1996] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1996] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1996] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1996] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1996] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1996] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1996] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1996] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1996] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1996] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00080EC8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00140F54
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00140FE0
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00140D24
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00140DB0
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00140E3C
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00140EC8
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\QuickTime\QTTask.exe[3432] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\QuickTime\QTTask.exe[3432] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\dumprep.exe[3484] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\dumprep.exe[3484] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[3504] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[3504] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[3648] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[3648] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] wininet.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00140F54
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] wininet.dll!InternetConnectW 40C1F862 5 Bytes JMP 00140FE0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] wininet.dll!InternetOpenA 40C2D690 5 Bytes JMP 00140D24
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] wininet.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00140DB0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] wininet.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00140E3C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] wininet.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00140EC8
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[3800] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[3800] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[3800] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[3800] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[3800] WS2_32.dll!connect
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1932] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1988] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1996] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1996] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1996] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1996] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1996] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1996] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1996] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1996] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1996] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1996] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1996] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00080EC8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3360] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3368] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3376] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00140F54
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00140FE0
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00140D24
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00140DB0
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00140E3C
.text C:\Program Files\Java\jre6\bin\jusched.exe[3404] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00140EC8
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\QuickTime\QTTask.exe[3432] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\QuickTime\QTTask.exe[3432] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\QuickTime\QTTask.exe[3432] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\dumprep.exe[3484] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\dumprep.exe[3484] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\dumprep.exe[3484] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[3504] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[3504] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[3504] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3528] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[3648] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[3648] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[3648] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] wininet.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00140F54
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] wininet.dll!InternetConnectW 40C1F862 5 Bytes JMP 00140FE0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] wininet.dll!InternetOpenA 40C2D690 5 Bytes JMP 00140D24
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] wininet.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00140DB0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] wininet.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00140E3C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3756] wininet.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00140EC8
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[3800] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[3800] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[3800] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[3800] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[3800] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[3800] WS2_32.dll!connect
Re: Problém při spouštění Windows xp
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA8042] spec.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA813E] spec.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA80C0] spec.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA8800] spec.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA86D6] spec.sys
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB7E9C] spec.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A5D11F8
Device \FileSystem\Fastfat \FatCdrom 8834E1F8
Device \FileSystem\Fastfat \FatCdrom 8A37C518
Device \Driver\NetBT \Device\NetBT_Tcpip_{278352AE-0806-400F-B03E-E68A52E2A65A} 88D251F8
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip 8A37A278
Device \Driver\sptd \Device\2213855468 spec.sys
Device \Driver\usbohci \Device\USBPDO-0 8A3771F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A6401F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A6401F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A6401F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A6401F8
Device \Driver\usbehci \Device\USBPDO-1 8A3761F8
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp 8A37A278
Device \Driver\PCI_PNP9218 \Device\00000056 spec.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5D41F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5D41F8
Device \FileSystem\Rdbss \Device\FsWrap 891876F0
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A5D41F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A5D41F8
Device \Driver\USBSTOR \Device\00000081 8A1FA1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 88D251F8
Device \Driver\USBSTOR \Device\00000083 8A1FA1F8
Device \Driver\USBSTOR \Device\00000084 8A1FA1F8
Device \Driver\NetBT \Device\NetbiosSmb 88D251F8
Device \Driver\USBSTOR \Device\00000085 8A1FA1F8
Device \FileSystem\Srv \Device\LanmanServer 8A102518
Device \Driver\USBSTOR \Device\00000088 8A1FA1F8
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp 8A37A278
Device \Driver\USBSTOR \Device\00000089 8A1FA1F8
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp 8A37A278
Device \Driver\usbohci \Device\USBFDO-0 8A3771F8
Device \Driver\usbehci \Device\USBFDO-1 8A3761F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A08C500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8915E6F0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A08C500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8915E6F0
Device \Driver\SbFw \Device\SBFW 8A37A278
Device \FileSystem\Npfs \Device\NamedPipe 8A0895F8
Device \Driver\Ftdisk \Device\FtControl 8A5D41F8
Device \FileSystem\Msfs \Device\Mailslot 891A66F0
Device \Driver\NetBT \Device\NetBT_Tcpip_{08AAEED8-4FD2-42A0-A5DF-9CC7A7347F07} 88D251F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 8A5D21F8
Device \Driver\avgy2ptw \Device\Scsi\avgy2ptw1 8A3751F8
Device \FileSystem\Fastfat \Fat 8834E1F8
Device \FileSystem\Fastfat \Fat 8A37C518
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A094370
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A094370
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A094370
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A094370
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A094370
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x17 0xB5 0xBB 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB0 0xA3 0x0C 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x88 0x97 0xA0 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x36 0xBC 0xD4 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x65 0x99 0xAE 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFB 0x64 0x8B 0xB6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3B 0x90 0x7B 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2A 0x62 0x9C 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x17 0xB5 0xBB 0x05 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB0 0xA3 0x0C 0x09 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x88 0x97 0xA0 0xE1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x36 0xBC 0xD4 0x1C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x65 0x99 0xAE 0x4B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFB 0x64 0x8B 0xB6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3B 0x90 0x7B 0xF7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2A 0x62 0x9C 0x28 ...
---- EOF - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA8042] spec.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA813E] spec.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA80C0] spec.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA8800] spec.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA86D6] spec.sys
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\avgy2ptw.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB7E9C] spec.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A5D11F8
Device \FileSystem\Fastfat \FatCdrom 8834E1F8
Device \FileSystem\Fastfat \FatCdrom 8A37C518
Device \Driver\NetBT \Device\NetBT_Tcpip_{278352AE-0806-400F-B03E-E68A52E2A65A} 88D251F8
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip 8A37A278
Device \Driver\sptd \Device\2213855468 spec.sys
Device \Driver\usbohci \Device\USBPDO-0 8A3771F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A6401F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A6401F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A6401F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A6401F8
Device \Driver\usbehci \Device\USBPDO-1 8A3761F8
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp 8A37A278
Device \Driver\PCI_PNP9218 \Device\00000056 spec.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5D41F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5D41F8
Device \FileSystem\Rdbss \Device\FsWrap 891876F0
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A5D41F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A5D41F8
Device \Driver\USBSTOR \Device\00000081 8A1FA1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 88D251F8
Device \Driver\USBSTOR \Device\00000083 8A1FA1F8
Device \Driver\USBSTOR \Device\00000084 8A1FA1F8
Device \Driver\NetBT \Device\NetbiosSmb 88D251F8
Device \Driver\USBSTOR \Device\00000085 8A1FA1F8
Device \FileSystem\Srv \Device\LanmanServer 8A102518
Device \Driver\USBSTOR \Device\00000088 8A1FA1F8
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp 8A37A278
Device \Driver\USBSTOR \Device\00000089 8A1FA1F8
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp 8A37A278
Device \Driver\usbohci \Device\USBFDO-0 8A3771F8
Device \Driver\usbehci \Device\USBFDO-1 8A3761F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A08C500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8915E6F0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A08C500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8915E6F0
Device \Driver\SbFw \Device\SBFW 8A37A278
Device \FileSystem\Npfs \Device\NamedPipe 8A0895F8
Device \Driver\Ftdisk \Device\FtControl 8A5D41F8
Device \FileSystem\Msfs \Device\Mailslot 891A66F0
Device \Driver\NetBT \Device\NetBT_Tcpip_{08AAEED8-4FD2-42A0-A5DF-9CC7A7347F07} 88D251F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 8A5D21F8
Device \Driver\avgy2ptw \Device\Scsi\avgy2ptw1 8A3751F8
Device \FileSystem\Fastfat \Fat 8834E1F8
Device \FileSystem\Fastfat \Fat 8A37C518
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A094370
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A094370
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A094370
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A094370
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A094370
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x17 0xB5 0xBB 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB0 0xA3 0x0C 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x88 0x97 0xA0 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x36 0xBC 0xD4 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x65 0x99 0xAE 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFB 0x64 0x8B 0xB6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3B 0x90 0x7B 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2A 0x62 0x9C 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x17 0xB5 0xBB 0x05 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB0 0xA3 0x0C 0x09 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x88 0x97 0xA0 0xE1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x36 0xBC 0xD4 0x1C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x65 0x99 0xAE 0x4B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFB 0x64 0x8B 0xB6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3B 0x90 0x7B 0xF7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2A 0x62 0x9C 0x28 ...
---- EOF - GMER 1.0.15 ----
Re: Problém při spouštění Windows xp
Odinstalujte Spybot a misto nej dejte Spyware Terminator,Spybot uz ma dost zastaraly engine. otestujte na VIRUSTOTALuC:\WINDOWS\mmtvmj.ini
C:\WINDOWS\m3jp2k.ini
C:\WINDOWS\m3jpeg.ini
C:\Documents and Settings\Administrator\Data aplikací\inst.exe
C:\WINDOWS\System32\ctzapxx.ini
(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)
Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Problém při spouštění Windows xp
Tak jsem nainstaloval Spyware Terminator dle pokynů a otestoval uvedené soubory na VirusTotalu. Zde jsou výsledky:
Soubor mmtvmj.ini přijatý 2009.12.27 15:40:32 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/40 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 3.
Odhadovaný čas začátku mezi 60 a 85 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.43 2009.12.27 -
AhnLab-V3 5.0.0.2 2009.12.26 -
AntiVir 7.9.1.122 2009.12.26 -
Antiy-AVL 2.0.3.7 2009.12.25 -
Authentium 5.2.0.5 2009.12.26 -
Avast 4.8.1351.0 2009.12.27 -
AVG 8.5.0.430 2009.12.27 -
BitDefender 7.2 2009.12.27 -
CAT-QuickHeal 10.00 2009.12.26 -
ClamAV 0.94.1 2009.12.27 -
Comodo 3386 2009.12.27 -
DrWeb 5.0.1.12222 2009.12.27 -
eSafe 7.0.17.0 2009.12.27 -
eTrust-Vet 35.1.7198 2009.12.25 -
F-Prot 4.5.1.85 2009.12.26 -
F-Secure 9.0.15370.0 2009.12.27 -
Fortinet 4.0.14.0 2009.12.27 -
GData 19 2009.12.26 -
Ikarus T3.1.1.79.0 2009.12.27 -
K7AntiVirus 7.10.931 2009.12.26 -
Kaspersky 7.0.0.125 2009.12.27 -
McAfee 5844 2009.12.27 -
McAfee+Artemis 5844 2009.12.27 -
McAfee-GW-Edition 6.8.5 2009.12.27 -
Microsoft 1.5302 2009.12.26 -
NOD32 4719 2009.12.27 -
Norman 6.04.03 2009.12.27 -
nProtect 2009.1.8.0 2009.12.27 -
Panda 10.0.2.2 2009.12.15 -
PCTools 7.0.3.5 2009.12.27 -
Prevx 3.0 2009.12.27 -
Rising 22.27.06.04 2009.12.27 -
Sophos 4.49.0 2009.12.27 -
Sunbelt 3.2.1858.2 2009.12.27 -
Symantec 1.4.4.12 2009.12.27 -
TheHacker 6.5.0.3.113 2009.12.26 -
TrendMicro 9.120.0.1004 2009.12.27 -
VBA32 3.12.12.0 2009.12.26 -
ViRobot 2009.12.26.2109 2009.12.26 -
VirusBuster 5.0.21.0 2009.12.27 -
Rozšiřující informace
File size: 702 bytes
MD5...: 5201dcb0138ac2267c07fbf1b7d21e67
SHA1..: ecf5355b148328009d660161ec40393e24da38e3
SHA256: 4ed8a06ed1c986882af74b7c99697431e902efc0d0c68cc857a357bd223be79f
ssdeep: 12:hl9ev8CSa+SaL2gt8ZoXH65eeQG6GmmXNml4S6o4SMvvColS6oXH65hL2gtJ1
mXi:hlgUvJjSIYoXH6oeQPG1NxvffvnloXHg
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic INI configuration (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Soubor m3jp2k.ini přijatý 2009.12.27 15:48:50 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 40 a 57 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.43 2009.12.27 -
AhnLab-V3 5.0.0.2 2009.12.26 -
AntiVir 7.9.1.122 2009.12.26 -
Antiy-AVL 2.0.3.7 2009.12.25 -
Authentium 5.2.0.5 2009.12.26 -
Avast 4.8.1351.0 2009.12.27 -
AVG 8.5.0.430 2009.12.27 -
BitDefender 7.2 2009.12.27 -
CAT-QuickHeal 10.00 2009.12.26 -
ClamAV 0.94.1 2009.12.27 -
Comodo 3386 2009.12.27 -
DrWeb 5.0.1.12222 2009.12.27 -
eSafe 7.0.17.0 2009.12.27 -
eTrust-Vet 35.1.7198 2009.12.25 -
F-Prot 4.5.1.85 2009.12.26 -
F-Secure 9.0.15370.0 2009.12.27 -
Fortinet 4.0.14.0 2009.12.27 -
GData 19 2009.12.26 -
Ikarus T3.1.1.79.0 2009.12.27 -
Jiangmin 13.0.900 2009.12.27 -
K7AntiVirus 7.10.931 2009.12.26 -
Kaspersky 7.0.0.125 2009.12.27 -
McAfee 5844 2009.12.27 -
McAfee+Artemis 5844 2009.12.27 -
McAfee-GW-Edition 6.8.5 2009.12.27 -
Microsoft 1.5302 2009.12.26 -
NOD32 4719 2009.12.27 -
Norman 6.04.03 2009.12.27 -
nProtect 2009.1.8.0 2009.12.27 -
Panda 10.0.2.2 2009.12.15 -
PCTools 7.0.3.5 2009.12.27 -
Prevx 3.0 2009.12.27 -
Rising 22.27.06.04 2009.12.27 -
Sophos 4.49.0 2009.12.27 -
Sunbelt 3.2.1858.2 2009.12.27 -
Symantec 1.4.4.12 2009.12.27 -
TheHacker 6.5.0.3.113 2009.12.26 -
TrendMicro 9.120.0.1004 2009.12.27 -
VBA32 3.12.12.0 2009.12.26 -
ViRobot 2009.12.26.2109 2009.12.26 -
VirusBuster 5.0.21.0 2009.12.27 -
Rozšiřující informace
File size: 761 bytes
MD5...: c050082886a0c7035f6930ee4a759779
SHA1..: d0ec76d804152ac44c9c8f9823a60eff979010e9
SHA256: 403c9969daa23aa6db44597322a4a7bd339559fdf24fc3c72e1426a61291c5e0
ssdeep: 12:hlNe4N46a+SaWX2gt8ZoXH65eeQG6T9MS6o4SMvvY/S6oXH65hWX2gtkXtqnT
lwv:hlwM46JjWmIYoXH6oeQPT9MvffvY/low
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic INI configuration (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Soubor m3jpeg.ini přijatý 2009.12.27 15:49:35 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 40 a 57 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.43 2009.12.27 -
AhnLab-V3 5.0.0.2 2009.12.26 -
AntiVir 7.9.1.122 2009.12.26 -
Antiy-AVL 2.0.3.7 2009.12.25 -
Authentium 5.2.0.5 2009.12.26 -
Avast 4.8.1351.0 2009.12.27 -
AVG 8.5.0.430 2009.12.27 -
BitDefender 7.2 2009.12.27 -
CAT-QuickHeal 10.00 2009.12.26 -
ClamAV 0.94.1 2009.12.27 -
Comodo 3386 2009.12.27 -
DrWeb 5.0.1.12222 2009.12.27 -
eSafe 7.0.17.0 2009.12.27 -
eTrust-Vet 35.1.7198 2009.12.25 -
F-Prot 4.5.1.85 2009.12.26 -
F-Secure 9.0.15370.0 2009.12.27 -
Fortinet 4.0.14.0 2009.12.27 -
GData 19 2009.12.26 -
Ikarus T3.1.1.79.0 2009.12.27 -
Jiangmin 13.0.900 2009.12.27 -
K7AntiVirus 7.10.931 2009.12.26 -
Kaspersky 7.0.0.125 2009.12.27 -
McAfee 5844 2009.12.27 -
McAfee+Artemis 5844 2009.12.27 -
McAfee-GW-Edition 6.8.5 2009.12.27 -
Microsoft 1.5302 2009.12.26 -
NOD32 4719 2009.12.27 -
Norman 6.04.03 2009.12.27 -
nProtect 2009.1.8.0 2009.12.27 -
Panda 10.0.2.2 2009.12.15 -
PCTools 7.0.3.5 2009.12.27 -
Prevx 3.0 2009.12.27 -
Rising 22.27.06.04 2009.12.27 -
Sophos 4.49.0 2009.12.27 -
Sunbelt 3.2.1858.2 2009.12.27 -
Symantec 1.4.4.12 2009.12.27 -
TheHacker 6.5.0.3.113 2009.12.26 -
TrendMicro 9.120.0.1004 2009.12.27 -
VBA32 3.12.12.0 2009.12.26 -
ViRobot 2009.12.26.2109 2009.12.26 -
VirusBuster 5.0.21.0 2009.12.27 -
Rozšiřující informace
File size: 714 bytes
MD5...: 6f914474ee7bce9c4ba60558bb520c62
SHA1..: d02e927ea6fe00dceda6a65c293ef95404381d60
SHA256: c05d14bdb3453f91388986eb5171dc5dfdb5df4300a642fe102b811aff272f40
ssdeep: 12:RXQtrzFNZrlAXegNDqHwL2gtneG6GmmXNml4S6o4SMvB9XH656eg8a+hL2gtw
Xy7:RXQtrJHrlAXegNDqHwSInePG1NxvffBw
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic INI configuration (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Soubor inst.exe přijatý 2009.12.27 16:01:17 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 40 a 57 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.43 2009.12.27 -
AhnLab-V3 5.0.0.2 2009.12.26 -
AntiVir 7.9.1.122 2009.12.26 -
Antiy-AVL 2.0.3.7 2009.12.25 -
Authentium 5.2.0.5 2009.12.26 -
Avast 4.8.1351.0 2009.12.27 -
AVG 8.5.0.430 2009.12.27 -
BitDefender 7.2 2009.12.27 -
CAT-QuickHeal 10.00 2009.12.26 -
ClamAV 0.94.1 2009.12.27 -
Comodo 3386 2009.12.27 -
DrWeb 5.0.1.12222 2009.12.27 -
eSafe 7.0.17.0 2009.12.27 -
eTrust-Vet 35.1.7198 2009.12.25 -
F-Prot 4.5.1.85 2009.12.26 -
F-Secure 9.0.15370.0 2009.12.27 -
Fortinet 4.0.14.0 2009.12.27 -
GData 19 2009.12.26 -
Ikarus T3.1.1.79.0 2009.12.27 -
Jiangmin 13.0.900 2009.12.27 -
K7AntiVirus 7.10.931 2009.12.26 -
Kaspersky 7.0.0.125 2009.12.27 -
McAfee 5844 2009.12.27 -
McAfee+Artemis 5844 2009.12.27 -
McAfee-GW-Edition 6.8.5 2009.12.27 -
Microsoft 1.5302 2009.12.26 -
NOD32 4720 2009.12.27 -
Norman 6.04.03 2009.12.27 -
nProtect 2009.1.8.0 2009.12.27 -
Panda 10.0.2.2 2009.12.15 -
PCTools 7.0.3.5 2009.12.27 -
Prevx 3.0 2009.12.27 -
Rising 22.27.06.04 2009.12.27 -
Sophos 4.49.0 2009.12.27 -
Sunbelt 3.2.1858.2 2009.12.27 -
Symantec 1.4.4.12 2009.12.27 -
TheHacker 6.5.0.3.113 2009.12.26 -
TrendMicro 9.120.0.1004 2009.12.27 -
VBA32 3.12.12.0 2009.12.26 -
ViRobot 2009.12.26.2109 2009.12.26 -
VirusBuster 5.0.21.0 2009.12.27 -
Rozšiřující informace
File size: 87608 bytes
MD5...: 254fbca565e049648b0cce2ceadf05d2
SHA1..: f5c6d09fcd7df2f8efd51c2bcf7ef0702686071c
SHA256: c74d2fa6374b5f1e251e3205de0efe99ed026b8b7a0ad5ee549ee3700f8e63d7
ssdeep: 1536:ViNQm/DgTATpxgaNPsJ9fCSFXmVH1E37QgEAQttxg:AQwzrJPiFoKEgEAQt
c
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2277
timedatestamp.....: 0x44a114a2 (Tue Jun 27 11:21:06 2006)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xc1d4 0xd000 6.39 8b23740868f02bb731a1556e3e89ec4b
.rdata 0xe000 0x25c2 0x3000 4.48 1c4aa9b67a1e4fb62d587545d74e9148
.data 0x11000 0x2e48 0x2000 1.28 e79d5ce42e7132af5b6039889e4670ab
.rsrc 0x14000 0xb0 0x1000 3.06 cec9b95146f57b35474dc9da6c445146
( 6 imports )
> newdev.dll: UpdateDriverForPlugAndPlayDevicesW
> SETUPAPI.dll: SetupDiRemoveDevice, SetupDiCallClassInstaller, SetupDiSetDeviceRegistryPropertyW, SetupDiCreateDeviceInfoW, SetupDiCreateDeviceInfoList, SetupDiGetDeviceRegistryPropertyW, SetupDiOpenDeviceInfoW
> KERNEL32.dll: HeapSize, ReadFile, SetEndOfFile, WriteConsoleW, CreateFileA, FormatMessageW, GetLastError, CloseHandle, GetCurrentProcess, GetPrivateProfileStringW, MultiByteToWideChar, LocalFree, GetModuleFileNameA, GetConsoleOutputCP, WriteConsoleA, LoadLibraryA, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EnterCriticalSection, LeaveCriticalSection, RtlUnwind, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, GetProcAddress, GetModuleHandleA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, ExitProcess, WriteFile, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, VirtualAlloc, HeapReAlloc, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, Sleep, CreateFileW, InitializeCriticalSection, SetFilePointer, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA
> ADVAPI32.dll: LookupPrivilegeValueA, AdjustTokenPrivileges, OpenProcessToken
> SHELL32.dll: SHGetFolderPathW
> ole32.dll: CLSIDFromString
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: VSO-SOFTWARE
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 11:53 AM 12/8/2006
verified.....: -
Soubor ctzapxx.ini přijatý 2009.12.27 16:05:22 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 3.
Odhadovaný čas začátku mezi 60 a 85 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.43 2009.12.27 -
AhnLab-V3 5.0.0.2 2009.12.26 -
AntiVir 7.9.1.122 2009.12.26 -
Antiy-AVL 2.0.3.7 2009.12.25 -
Authentium 5.2.0.5 2009.12.26 -
Avast 4.8.1351.0 2009.12.27 -
AVG 8.5.0.430 2009.12.27 -
BitDefender 7.2 2009.12.27 -
CAT-QuickHeal 10.00 2009.12.26 -
ClamAV 0.94.1 2009.12.27 -
Comodo 3386 2009.12.27 -
DrWeb 5.0.1.12222 2009.12.27 -
eSafe 7.0.17.0 2009.12.27 -
eTrust-Vet 35.1.7198 2009.12.25 -
F-Prot 4.5.1.85 2009.12.26 -
F-Secure 9.0.15370.0 2009.12.27 -
Fortinet 4.0.14.0 2009.12.27 -
GData 19 2009.12.26 -
Ikarus T3.1.1.79.0 2009.12.27 -
Jiangmin 13.0.900 2009.12.27 -
K7AntiVirus 7.10.931 2009.12.26 -
Kaspersky 7.0.0.125 2009.12.27 -
McAfee 5844 2009.12.27 -
McAfee+Artemis 5844 2009.12.27 -
McAfee-GW-Edition 6.8.5 2009.12.27 -
Microsoft 1.5302 2009.12.26 -
NOD32 4720 2009.12.27 -
Norman 6.04.03 2009.12.27 -
nProtect 2009.1.8.0 2009.12.27 -
Panda 10.0.2.2 2009.12.15 -
PCTools 7.0.3.5 2009.12.27 -
Prevx 3.0 2009.12.27 -
Rising 22.27.06.04 2009.12.27 -
Sophos 4.49.0 2009.12.27 -
Sunbelt 3.2.1858.2 2009.12.27 -
Symantec 1.4.4.12 2009.12.27 -
TheHacker 6.5.0.3.113 2009.12.26 -
TrendMicro 9.120.0.1004 2009.12.27 -
VBA32 3.12.12.0 2009.12.26 -
ViRobot 2009.12.26.2109 2009.12.26 -
VirusBuster 5.0.21.0 2009.12.27 -
Rozšiřující informace
File size: 39 bytes
MD5...: c2516ace64564b37c620c8964871e6b0
SHA1..: 05325ade6cfa72f1483673551c177436e2f559d5
SHA256: 130d0bdd318f35829180e4e38e49fc82071dc6d928aa61d6068ff7bc62fbfdfe
ssdeep: 3:gS+G+DnWgC4RE42:gkZd
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Soubor mmtvmj.ini přijatý 2009.12.27 15:40:32 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/40 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 3.
Odhadovaný čas začátku mezi 60 a 85 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.43 2009.12.27 -
AhnLab-V3 5.0.0.2 2009.12.26 -
AntiVir 7.9.1.122 2009.12.26 -
Antiy-AVL 2.0.3.7 2009.12.25 -
Authentium 5.2.0.5 2009.12.26 -
Avast 4.8.1351.0 2009.12.27 -
AVG 8.5.0.430 2009.12.27 -
BitDefender 7.2 2009.12.27 -
CAT-QuickHeal 10.00 2009.12.26 -
ClamAV 0.94.1 2009.12.27 -
Comodo 3386 2009.12.27 -
DrWeb 5.0.1.12222 2009.12.27 -
eSafe 7.0.17.0 2009.12.27 -
eTrust-Vet 35.1.7198 2009.12.25 -
F-Prot 4.5.1.85 2009.12.26 -
F-Secure 9.0.15370.0 2009.12.27 -
Fortinet 4.0.14.0 2009.12.27 -
GData 19 2009.12.26 -
Ikarus T3.1.1.79.0 2009.12.27 -
K7AntiVirus 7.10.931 2009.12.26 -
Kaspersky 7.0.0.125 2009.12.27 -
McAfee 5844 2009.12.27 -
McAfee+Artemis 5844 2009.12.27 -
McAfee-GW-Edition 6.8.5 2009.12.27 -
Microsoft 1.5302 2009.12.26 -
NOD32 4719 2009.12.27 -
Norman 6.04.03 2009.12.27 -
nProtect 2009.1.8.0 2009.12.27 -
Panda 10.0.2.2 2009.12.15 -
PCTools 7.0.3.5 2009.12.27 -
Prevx 3.0 2009.12.27 -
Rising 22.27.06.04 2009.12.27 -
Sophos 4.49.0 2009.12.27 -
Sunbelt 3.2.1858.2 2009.12.27 -
Symantec 1.4.4.12 2009.12.27 -
TheHacker 6.5.0.3.113 2009.12.26 -
TrendMicro 9.120.0.1004 2009.12.27 -
VBA32 3.12.12.0 2009.12.26 -
ViRobot 2009.12.26.2109 2009.12.26 -
VirusBuster 5.0.21.0 2009.12.27 -
Rozšiřující informace
File size: 702 bytes
MD5...: 5201dcb0138ac2267c07fbf1b7d21e67
SHA1..: ecf5355b148328009d660161ec40393e24da38e3
SHA256: 4ed8a06ed1c986882af74b7c99697431e902efc0d0c68cc857a357bd223be79f
ssdeep: 12:hl9ev8CSa+SaL2gt8ZoXH65eeQG6GmmXNml4S6o4SMvvColS6oXH65hL2gtJ1
mXi:hlgUvJjSIYoXH6oeQPG1NxvffvnloXHg
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic INI configuration (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Soubor m3jp2k.ini přijatý 2009.12.27 15:48:50 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 40 a 57 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.43 2009.12.27 -
AhnLab-V3 5.0.0.2 2009.12.26 -
AntiVir 7.9.1.122 2009.12.26 -
Antiy-AVL 2.0.3.7 2009.12.25 -
Authentium 5.2.0.5 2009.12.26 -
Avast 4.8.1351.0 2009.12.27 -
AVG 8.5.0.430 2009.12.27 -
BitDefender 7.2 2009.12.27 -
CAT-QuickHeal 10.00 2009.12.26 -
ClamAV 0.94.1 2009.12.27 -
Comodo 3386 2009.12.27 -
DrWeb 5.0.1.12222 2009.12.27 -
eSafe 7.0.17.0 2009.12.27 -
eTrust-Vet 35.1.7198 2009.12.25 -
F-Prot 4.5.1.85 2009.12.26 -
F-Secure 9.0.15370.0 2009.12.27 -
Fortinet 4.0.14.0 2009.12.27 -
GData 19 2009.12.26 -
Ikarus T3.1.1.79.0 2009.12.27 -
Jiangmin 13.0.900 2009.12.27 -
K7AntiVirus 7.10.931 2009.12.26 -
Kaspersky 7.0.0.125 2009.12.27 -
McAfee 5844 2009.12.27 -
McAfee+Artemis 5844 2009.12.27 -
McAfee-GW-Edition 6.8.5 2009.12.27 -
Microsoft 1.5302 2009.12.26 -
NOD32 4719 2009.12.27 -
Norman 6.04.03 2009.12.27 -
nProtect 2009.1.8.0 2009.12.27 -
Panda 10.0.2.2 2009.12.15 -
PCTools 7.0.3.5 2009.12.27 -
Prevx 3.0 2009.12.27 -
Rising 22.27.06.04 2009.12.27 -
Sophos 4.49.0 2009.12.27 -
Sunbelt 3.2.1858.2 2009.12.27 -
Symantec 1.4.4.12 2009.12.27 -
TheHacker 6.5.0.3.113 2009.12.26 -
TrendMicro 9.120.0.1004 2009.12.27 -
VBA32 3.12.12.0 2009.12.26 -
ViRobot 2009.12.26.2109 2009.12.26 -
VirusBuster 5.0.21.0 2009.12.27 -
Rozšiřující informace
File size: 761 bytes
MD5...: c050082886a0c7035f6930ee4a759779
SHA1..: d0ec76d804152ac44c9c8f9823a60eff979010e9
SHA256: 403c9969daa23aa6db44597322a4a7bd339559fdf24fc3c72e1426a61291c5e0
ssdeep: 12:hlNe4N46a+SaWX2gt8ZoXH65eeQG6T9MS6o4SMvvY/S6oXH65hWX2gtkXtqnT
lwv:hlwM46JjWmIYoXH6oeQPT9MvffvY/low
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic INI configuration (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Soubor m3jpeg.ini přijatý 2009.12.27 15:49:35 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 40 a 57 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.43 2009.12.27 -
AhnLab-V3 5.0.0.2 2009.12.26 -
AntiVir 7.9.1.122 2009.12.26 -
Antiy-AVL 2.0.3.7 2009.12.25 -
Authentium 5.2.0.5 2009.12.26 -
Avast 4.8.1351.0 2009.12.27 -
AVG 8.5.0.430 2009.12.27 -
BitDefender 7.2 2009.12.27 -
CAT-QuickHeal 10.00 2009.12.26 -
ClamAV 0.94.1 2009.12.27 -
Comodo 3386 2009.12.27 -
DrWeb 5.0.1.12222 2009.12.27 -
eSafe 7.0.17.0 2009.12.27 -
eTrust-Vet 35.1.7198 2009.12.25 -
F-Prot 4.5.1.85 2009.12.26 -
F-Secure 9.0.15370.0 2009.12.27 -
Fortinet 4.0.14.0 2009.12.27 -
GData 19 2009.12.26 -
Ikarus T3.1.1.79.0 2009.12.27 -
Jiangmin 13.0.900 2009.12.27 -
K7AntiVirus 7.10.931 2009.12.26 -
Kaspersky 7.0.0.125 2009.12.27 -
McAfee 5844 2009.12.27 -
McAfee+Artemis 5844 2009.12.27 -
McAfee-GW-Edition 6.8.5 2009.12.27 -
Microsoft 1.5302 2009.12.26 -
NOD32 4719 2009.12.27 -
Norman 6.04.03 2009.12.27 -
nProtect 2009.1.8.0 2009.12.27 -
Panda 10.0.2.2 2009.12.15 -
PCTools 7.0.3.5 2009.12.27 -
Prevx 3.0 2009.12.27 -
Rising 22.27.06.04 2009.12.27 -
Sophos 4.49.0 2009.12.27 -
Sunbelt 3.2.1858.2 2009.12.27 -
Symantec 1.4.4.12 2009.12.27 -
TheHacker 6.5.0.3.113 2009.12.26 -
TrendMicro 9.120.0.1004 2009.12.27 -
VBA32 3.12.12.0 2009.12.26 -
ViRobot 2009.12.26.2109 2009.12.26 -
VirusBuster 5.0.21.0 2009.12.27 -
Rozšiřující informace
File size: 714 bytes
MD5...: 6f914474ee7bce9c4ba60558bb520c62
SHA1..: d02e927ea6fe00dceda6a65c293ef95404381d60
SHA256: c05d14bdb3453f91388986eb5171dc5dfdb5df4300a642fe102b811aff272f40
ssdeep: 12:RXQtrzFNZrlAXegNDqHwL2gtneG6GmmXNml4S6o4SMvB9XH656eg8a+hL2gtw
Xy7:RXQtrJHrlAXegNDqHwSInePG1NxvffBw
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic INI configuration (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Soubor inst.exe přijatý 2009.12.27 16:01:17 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 40 a 57 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.43 2009.12.27 -
AhnLab-V3 5.0.0.2 2009.12.26 -
AntiVir 7.9.1.122 2009.12.26 -
Antiy-AVL 2.0.3.7 2009.12.25 -
Authentium 5.2.0.5 2009.12.26 -
Avast 4.8.1351.0 2009.12.27 -
AVG 8.5.0.430 2009.12.27 -
BitDefender 7.2 2009.12.27 -
CAT-QuickHeal 10.00 2009.12.26 -
ClamAV 0.94.1 2009.12.27 -
Comodo 3386 2009.12.27 -
DrWeb 5.0.1.12222 2009.12.27 -
eSafe 7.0.17.0 2009.12.27 -
eTrust-Vet 35.1.7198 2009.12.25 -
F-Prot 4.5.1.85 2009.12.26 -
F-Secure 9.0.15370.0 2009.12.27 -
Fortinet 4.0.14.0 2009.12.27 -
GData 19 2009.12.26 -
Ikarus T3.1.1.79.0 2009.12.27 -
Jiangmin 13.0.900 2009.12.27 -
K7AntiVirus 7.10.931 2009.12.26 -
Kaspersky 7.0.0.125 2009.12.27 -
McAfee 5844 2009.12.27 -
McAfee+Artemis 5844 2009.12.27 -
McAfee-GW-Edition 6.8.5 2009.12.27 -
Microsoft 1.5302 2009.12.26 -
NOD32 4720 2009.12.27 -
Norman 6.04.03 2009.12.27 -
nProtect 2009.1.8.0 2009.12.27 -
Panda 10.0.2.2 2009.12.15 -
PCTools 7.0.3.5 2009.12.27 -
Prevx 3.0 2009.12.27 -
Rising 22.27.06.04 2009.12.27 -
Sophos 4.49.0 2009.12.27 -
Sunbelt 3.2.1858.2 2009.12.27 -
Symantec 1.4.4.12 2009.12.27 -
TheHacker 6.5.0.3.113 2009.12.26 -
TrendMicro 9.120.0.1004 2009.12.27 -
VBA32 3.12.12.0 2009.12.26 -
ViRobot 2009.12.26.2109 2009.12.26 -
VirusBuster 5.0.21.0 2009.12.27 -
Rozšiřující informace
File size: 87608 bytes
MD5...: 254fbca565e049648b0cce2ceadf05d2
SHA1..: f5c6d09fcd7df2f8efd51c2bcf7ef0702686071c
SHA256: c74d2fa6374b5f1e251e3205de0efe99ed026b8b7a0ad5ee549ee3700f8e63d7
ssdeep: 1536:ViNQm/DgTATpxgaNPsJ9fCSFXmVH1E37QgEAQttxg:AQwzrJPiFoKEgEAQt
c
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2277
timedatestamp.....: 0x44a114a2 (Tue Jun 27 11:21:06 2006)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xc1d4 0xd000 6.39 8b23740868f02bb731a1556e3e89ec4b
.rdata 0xe000 0x25c2 0x3000 4.48 1c4aa9b67a1e4fb62d587545d74e9148
.data 0x11000 0x2e48 0x2000 1.28 e79d5ce42e7132af5b6039889e4670ab
.rsrc 0x14000 0xb0 0x1000 3.06 cec9b95146f57b35474dc9da6c445146
( 6 imports )
> newdev.dll: UpdateDriverForPlugAndPlayDevicesW
> SETUPAPI.dll: SetupDiRemoveDevice, SetupDiCallClassInstaller, SetupDiSetDeviceRegistryPropertyW, SetupDiCreateDeviceInfoW, SetupDiCreateDeviceInfoList, SetupDiGetDeviceRegistryPropertyW, SetupDiOpenDeviceInfoW
> KERNEL32.dll: HeapSize, ReadFile, SetEndOfFile, WriteConsoleW, CreateFileA, FormatMessageW, GetLastError, CloseHandle, GetCurrentProcess, GetPrivateProfileStringW, MultiByteToWideChar, LocalFree, GetModuleFileNameA, GetConsoleOutputCP, WriteConsoleA, LoadLibraryA, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EnterCriticalSection, LeaveCriticalSection, RtlUnwind, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, GetProcAddress, GetModuleHandleA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, ExitProcess, WriteFile, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, VirtualAlloc, HeapReAlloc, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, Sleep, CreateFileW, InitializeCriticalSection, SetFilePointer, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA
> ADVAPI32.dll: LookupPrivilegeValueA, AdjustTokenPrivileges, OpenProcessToken
> SHELL32.dll: SHGetFolderPathW
> ole32.dll: CLSIDFromString
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: VSO-SOFTWARE
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 11:53 AM 12/8/2006
verified.....: -
Soubor ctzapxx.ini přijatý 2009.12.27 16:05:22 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 3.
Odhadovaný čas začátku mezi 60 a 85 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.43 2009.12.27 -
AhnLab-V3 5.0.0.2 2009.12.26 -
AntiVir 7.9.1.122 2009.12.26 -
Antiy-AVL 2.0.3.7 2009.12.25 -
Authentium 5.2.0.5 2009.12.26 -
Avast 4.8.1351.0 2009.12.27 -
AVG 8.5.0.430 2009.12.27 -
BitDefender 7.2 2009.12.27 -
CAT-QuickHeal 10.00 2009.12.26 -
ClamAV 0.94.1 2009.12.27 -
Comodo 3386 2009.12.27 -
DrWeb 5.0.1.12222 2009.12.27 -
eSafe 7.0.17.0 2009.12.27 -
eTrust-Vet 35.1.7198 2009.12.25 -
F-Prot 4.5.1.85 2009.12.26 -
F-Secure 9.0.15370.0 2009.12.27 -
Fortinet 4.0.14.0 2009.12.27 -
GData 19 2009.12.26 -
Ikarus T3.1.1.79.0 2009.12.27 -
Jiangmin 13.0.900 2009.12.27 -
K7AntiVirus 7.10.931 2009.12.26 -
Kaspersky 7.0.0.125 2009.12.27 -
McAfee 5844 2009.12.27 -
McAfee+Artemis 5844 2009.12.27 -
McAfee-GW-Edition 6.8.5 2009.12.27 -
Microsoft 1.5302 2009.12.26 -
NOD32 4720 2009.12.27 -
Norman 6.04.03 2009.12.27 -
nProtect 2009.1.8.0 2009.12.27 -
Panda 10.0.2.2 2009.12.15 -
PCTools 7.0.3.5 2009.12.27 -
Prevx 3.0 2009.12.27 -
Rising 22.27.06.04 2009.12.27 -
Sophos 4.49.0 2009.12.27 -
Sunbelt 3.2.1858.2 2009.12.27 -
Symantec 1.4.4.12 2009.12.27 -
TheHacker 6.5.0.3.113 2009.12.26 -
TrendMicro 9.120.0.1004 2009.12.27 -
VBA32 3.12.12.0 2009.12.26 -
ViRobot 2009.12.26.2109 2009.12.26 -
VirusBuster 5.0.21.0 2009.12.27 -
Rozšiřující informace
File size: 39 bytes
MD5...: c2516ace64564b37c620c8964871e6b0
SHA1..: 05325ade6cfa72f1483673551c177436e2f559d5
SHA256: 130d0bdd318f35829180e4e38e49fc82071dc6d928aa61d6068ff7bc62fbfdfe
ssdeep: 3:gS+G+DnWgC4RE42:gkZd
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Re: Problém při spouštění Windows xp
Jak se chova pc nyni?
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Problém při spouštění Windows xp
několikrát jsem restartoval a pc už se nesekl, takže je možné, že byl problém vyřešen 
děkuji Vám za pomoc, kdyby problém přetrvával, tak bych se opět ozval. Pěkný zbytek dne a ještě jednou díky
děkuji Vám za pomoc, kdyby problém přetrvával, tak bych se opět ozval. Pěkný zbytek dne a ještě jednou díky 
Přispějete na provoz fóra?