Java Runtime Environment (JRE) 6 Update 6
tohle tam vůbec není ke stáhnutí???
řekni mě správnou verzi pls
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Win32/Mebroot.K
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: Win32/Mebroot.K
Java Runtime Environment (JRE) 6 Update 7
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: Win32/Mebroot.K
pak kterou
??
Windows Offline Installation
anebo
Windows Online Installation
???
??
Windows Offline Installation
anebo
Windows Online Installation
???
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: Win32/Mebroot.K
Windows Offline Installation
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: Win32/Mebroot.K
Už jedu ten web Curelt.
- Přílohy
-
- curelt.JPG
- Tychle mě to našlo co mám dělat léčit nebo smazat???
- (104.57 KiB) Staženo 399 x
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: Win32/Mebroot.K
davaj liecit co sa neda tak zmazat.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: Win32/Mebroot.K
Zničeho nic se mě komp vypl a musim to skenovat znova. Nevím čím to je
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: Win32/Mebroot.K
No,CUREIT potrebuje dost vela systemovych prostriedkov ,preto nerob pocas skenu nic....ruky prec od mysky>len liecit a mazat..
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: Win32/Mebroot.K
projel jsem to bylo tam
- Přílohy
-
- curelt 2.JPG
- tohle jsem našel
- (127.54 KiB) Staženo 362 x
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: Win32/Mebroot.K
No dobre ak si to zmazal alebo vyliecil tak je to ok.Ak s PC>nie su uz problemy tak skoncili sme.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: Win32/Mebroot.K
Můj počítač se mě sekne když ho zapínám a zustane na Spouštění systému windows. A musim to ressnout nevim co s tim pls. porad te mě prosím.
PS: Někdy se mě i vypne.
Tady je HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:42, on 9.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\CounterSpy\SBCSSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\iTunes\iTunesHelper.exe
C:\Program Files\Eset\nod32kui.exe
C:\CounterSpy\SBCSTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Diablo Hit ADSL\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SBCSTray] C:\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ6ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ6ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comfor.cz
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{122A31A9-9348-496C-A5C6-0236389914D8}: NameServer = 212.20.96.34 195.250.128.234
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\CounterSpy\SBCSSvc.exe
O23 - Service: SbPF.Launcher - Unknown owner - C:\Sunbelt Software\Personal Firewall\SbPFLnch.exe (file missing)
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 9303 bytes
PS: Někdy se mě i vypne.
Tady je HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:42, on 9.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\CounterSpy\SBCSSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\iTunes\iTunesHelper.exe
C:\Program Files\Eset\nod32kui.exe
C:\CounterSpy\SBCSTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Diablo Hit ADSL\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SBCSTray] C:\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ6ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ6ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comfor.cz
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{122A31A9-9348-496C-A5C6-0236389914D8}: NameServer = 212.20.96.34 195.250.128.234
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\CounterSpy\SBCSSvc.exe
O23 - Service: SbPF.Launcher - Unknown owner - C:\Sunbelt Software\Personal Firewall\SbPFLnch.exe (file missing)
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 9303 bytes
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: Win32/Mebroot.K
Kedy uz si stacil nainstalovat :C:\Program Files\Sunbelt Software\CounterSpy>Odinstalovat.
Mas tam Program Files\Grisoft\AVG Anti-Spyware
Fixni:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
precisti to CCleanerom:
C:\Program Files\Symantec\LiveUpdate\
Mas tam Program Files\Grisoft\AVG Anti-Spyware
Fixni:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
precisti to CCleanerom:
Odinstalovat aj:stiahni GMER, rozbal ho na plochu a spusti. Gmer zacne skenovat a ak nieco najde, dovol mu pokracovat. Ak nic nenajde, zaskrtaj uplne vsetky volby na pravej liste a spusti SCAN. Po ukonceni scanu stlac COPY a vlep sem vysledok.
http://www.gmer.net/gmer.zip
C:\Program Files\Symantec\LiveUpdate\
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: Win32/Mebroot.K
tady to je
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-09 10:18:49
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwClose [0xF677A110]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xF6779920]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateKey [0xF6775EE0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xF6778F20]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xF6778D90]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xF6779480]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xF677A190]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xF6776320]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteValueKey [0xF67763C0]
SSDT sptd.sys ZwEnumerateKey [0xF8446C22]
SSDT sptd.sys ZwEnumerateValueKey [0xF8446F9A]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xF65A79A0]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xF65A7B30]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xF6779BF0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xF6776140]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0xF7C2B8AC]
SSDT sptd.sys ZwQueryKey [0xF8447064]
SSDT sptd.sys ZwQueryValueKey [0xF8446EFC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xF6779510]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xF6779F00]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetValueKey [0xF67764D0]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xF7C2B812]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xF6779E50]
---- Kernel code sections - GMER 1.0.14 ----
? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
? C:\WINDOWS\System32\Drivers\SPTD6285.SYS Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
? sbhr.sys Systém nemůže nalézt uvedený soubor. !
? C:\WINDOWS\system32\drivers\sbapifs.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.14 ----
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Mozilla Firefox\firefox.exe[308] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Mozilla Firefox\firefox.exe[308] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Mozilla Firefox\firefox.exe[308] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Mozilla Firefox\firefox.exe[308] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Mozilla Firefox\firefox.exe[308] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[332] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[332] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[384] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[384] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[384] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[384] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[384] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00030838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00030950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] WININET.dll!InternetConnectA 7F4108DA 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] WININET.dll!InternetConnectW 7F411763 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] WININET.dll!InternetOpenA 7F432371 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] WININET.dll!InternetOpenUrlA 7F43576B 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] WININET.dll!InternetOpenW 7F437057 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] WININET.dll!InternetOpenUrlW 7F461FC1 5 Bytes JMP 00030EC8
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Eset\nod32krn.exe[720] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Eset\nod32krn.exe[720] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Eset\nod32krn.exe[720] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Eset\nod32krn.exe[720] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Eset\nod32krn.exe[720] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\nvsvc32.exe[768] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\nvsvc32.exe[768] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\nvsvc32.exe[768] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\nvsvc32.exe[768] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\nvsvc32.exe[768] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] USER32.DLL!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] USER32.DLL!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[1088] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[1088] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[1100] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[1100] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1124] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[1124] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[1124] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[1124] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[1124] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1172] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[1172] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[1172] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[1172] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[1172] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1184] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1184] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1184] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-09 10:18:49
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwClose [0xF677A110]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xF6779920]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateKey [0xF6775EE0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xF6778F20]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xF6778D90]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xF6779480]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xF677A190]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xF6776320]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteValueKey [0xF67763C0]
SSDT sptd.sys ZwEnumerateKey [0xF8446C22]
SSDT sptd.sys ZwEnumerateValueKey [0xF8446F9A]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xF65A79A0]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xF65A7B30]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xF6779BF0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xF6776140]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0xF7C2B8AC]
SSDT sptd.sys ZwQueryKey [0xF8447064]
SSDT sptd.sys ZwQueryValueKey [0xF8446EFC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xF6779510]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xF6779F00]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetValueKey [0xF67764D0]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xF7C2B812]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xF6779E50]
---- Kernel code sections - GMER 1.0.14 ----
? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
? C:\WINDOWS\System32\Drivers\SPTD6285.SYS Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
? sbhr.sys Systém nemůže nalézt uvedený soubor. !
? C:\WINDOWS\system32\drivers\sbapifs.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.14 ----
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Mozilla Firefox\firefox.exe[308] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Mozilla Firefox\firefox.exe[308] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Mozilla Firefox\firefox.exe[308] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Mozilla Firefox\firefox.exe[308] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Mozilla Firefox\firefox.exe[308] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Mozilla Firefox\firefox.exe[308] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[332] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[332] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[384] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[384] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[384] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[384] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[384] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[384] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[576] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[604] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE[636] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\UAService7.exe[660] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00030838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00030950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] WININET.dll!InternetConnectA 7F4108DA 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] WININET.dll!InternetConnectW 7F411763 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] WININET.dll!InternetOpenA 7F432371 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] WININET.dll!InternetOpenUrlA 7F43576B 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] WININET.dll!InternetOpenW 7F437057 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[668] WININET.dll!InternetOpenUrlW 7F461FC1 5 Bytes JMP 00030EC8
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Eset\nod32krn.exe[720] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Eset\nod32krn.exe[720] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Eset\nod32krn.exe[720] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Eset\nod32krn.exe[720] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Eset\nod32krn.exe[720] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Eset\nod32krn.exe[720] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\nvsvc32.exe[768] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\nvsvc32.exe[768] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\nvsvc32.exe[768] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\nvsvc32.exe[768] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\nvsvc32.exe[768] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] USER32.DLL!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Documents and Settings\Diablo Hit ADSL\Plocha\gmer.exe[836] USER32.DLL!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[1088] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[1088] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[1088] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[1100] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[1100] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1124] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1124] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[1124] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[1124] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[1124] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[1124] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1172] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[1172] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[1172] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[1172] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[1172] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1184] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1184] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1184] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text
Re: Win32/Mebroot.K
a pokračuje to
C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1404] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1404] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1404] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Eset\nod32kui.exe[1508] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Eset\nod32kui.exe[1508] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1664] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1664] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1664] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1664] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1664] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1664] WININET.dll!InternetConnectA 7F4108DA 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1664] WININET.dll!InternetConnectW 7F411763 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1664] WININET.dll!InternetOpenA 7F432371 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1664] WININET.dll!InternetOpenUrlA 7F43576B 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1664] WININET.dll!InternetOpenW 7F437057 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1664] WININET.dll!InternetOpenUrlW 7F461FC1 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1704] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1704] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetConnectA 7F4108DA 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetConnectW 7F411763 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetOpenA 7F432371 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetOpenUrlA 7F43576B 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetOpenW 7F437057 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetOpenUrlW 7F461FC1 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[1744] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[1744] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[1744] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text
C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1764] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1764] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1764] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1764] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1764] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1940] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1940] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1940] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1940] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1940] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetConnectA 7F4108DA 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetConnectW 7F411763 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetOpenA 7F432371 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetOpenUrlA 7F43576B 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetOpenW 7F437057 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetOpenUrlW 7F461FC1 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\msiexec.exe[2040] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\msiexec.exe[2040] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1404] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1404] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1404] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Eset\nod32kui.exe[1508] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Eset\nod32kui.exe[1508] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Eset\nod32kui.exe[1508] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1516] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\System32\PAStiSvc.exe[1604] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1664] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1664] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1664] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1664] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1664] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1664] WININET.dll!InternetConnectA 7F4108DA 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1664] WININET.dll!InternetConnectW 7F411763 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1664] WININET.dll!InternetOpenA 7F432371 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1664] WININET.dll!InternetOpenUrlA 7F43576B 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1664] WININET.dll!InternetOpenW 7F437057 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1664] WININET.dll!InternetOpenUrlW 7F461FC1 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1704] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1704] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetConnectA 7F4108DA 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetConnectW 7F411763 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetOpenA 7F432371 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetOpenUrlA 7F43576B 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetOpenW 7F437057 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetOpenUrlW 7F461FC1 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[1744] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[1744] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[1744] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text
C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1764] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1764] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1764] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1764] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1764] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1940] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1940] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1940] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1940] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1940] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetConnectA 7F4108DA 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetConnectW 7F411763 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetOpenA 7F432371 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetOpenUrlA 7F43576B 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetOpenW 7F437057 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetOpenUrlW 7F461FC1 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\msiexec.exe[2040] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\msiexec.exe[2040] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\msiexec.exe[2040] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
Re: Win32/Mebroot.K
a ještě
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[2164] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[2164] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[2164] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[2164] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[2164] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\SOUNDMAN.EXE[2220] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\SOUNDMAN.EXE[2220] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] WININET.dll!InternetConnectA 7F4108DA 5 Bytes JMP 00130F54
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] WININET.dll!InternetConnectW 7F411763 5 Bytes JMP 00130FE0
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] WININET.dll!InternetOpenA 7F432371 5 Bytes JMP 00130D24
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] WININET.dll!InternetOpenUrlA 7F43576B 5 Bytes JMP 00130E3C
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] WININET.dll!InternetOpenW 7F437057 5 Bytes JMP 00130DB0
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] WININET.dll!InternetOpenUrlW 7F461FC1 5 Bytes JMP 00130EC8
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608
.text C:\Program Files\Messenger\msmsgs.exe[2592] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000707AC
.text C:\Program Files\Messenger\msmsgs.exe[2592] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00070720
.text C:\Program Files\Messenger\msmsgs.exe[2592] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000708C4
.text C:\Program Files\Messenger\msmsgs.exe[2592] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00070838
.text C:\Program Files\Messenger\msmsgs.exe[2592] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00070950
.text C:\Program Files\Messenger\msmsgs.exe[2592] WININET.dll!InternetConnectA 7F4108DA 5 Bytes JMP 00070F54
.text C:\Program Files\Messenger\msmsgs.exe[2592] WININET.dll!InternetConnectW 7F411763 5 Bytes JMP 00070FE0
.text C:\Program Files\Messenger\msmsgs.exe[2592] WININET.dll!InternetOpenA 7F432371 5 Bytes JMP 00070D24
.text C:\Program Files\Messenger\msmsgs.exe[2592] WININET.dll!InternetOpenUrlA 7F43576B 5 Bytes JMP 00070E3C
.text C:\Program Files\Messenger\msmsgs.exe[2592] WININET.dll!InternetOpenW 7F437057 5 Bytes JMP 00070DB0
.text C:\Program Files\Messenger\msmsgs.exe[2592] WININET.dll!InternetOpenUrlW 7F461FC1 5 Bytes JMP 00070EC8
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] WININET.dll!InternetConnectA 7F4108DA 5 Bytes JMP 00130F54
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] WININET.dll!InternetConnectW 7F411763 5 Bytes JMP 00130FE0
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] WININET.dll!InternetOpenA 7F432371 5 Bytes JMP 00130D24
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] WININET.dll!InternetOpenUrlA 7F43576B 5 Bytes JMP 00130E3C
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] WININET.dll!InternetOpenW 7F437057 5 Bytes JMP 00130DB0
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] WININET.dll!InternetOpenUrlW 7F461FC1 5 Bytes JMP 00130EC8
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] ws2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] ws2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] ws2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] WININET.dll!InternetConnectA 7F4108DA 5 Bytes JMP 00130F54
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] WININET.dll!InternetConnectW 7F411763 5 Bytes JMP 00130FE0
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] WININET.dll!InternetOpenA 7F432371 5 Bytes JMP 00130D24
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] WININET.dll!InternetOpenUrlA 7F43576B 5 Bytes JMP 00130E3C
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] WININET.dll!InternetOpenW 7F437057 5 Bytes JMP 00130DB0
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] WININET.dll!InternetOpenUrlW 7F461FC1 5 Bytes JMP 00130EC8
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] ws2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] ws2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] ws2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\iTunes\iTunesHelper.exe[3484] WININET.dll!InternetConnectA 7F4108DA 5 Bytes JMP 00130F54
.text C:\iTunes\iTunesHelper.exe[3484] WININET.dll!InternetConnectW 7F411763 5 Bytes JMP 00130FE0
.text C:\iTunes\iTunesHelper.exe[3484] WININET.dll!InternetOpenA 7F432371 5 Bytes JMP 00130D24
.text C:\iTunes\iTunesHelper.exe[3484] WININET.dll!InternetOpenUrlA 7F43576B 5 Bytes JMP 00130E3C
.text C:\iTunes\iTunesHelper.exe[3484] WININET.dll!InternetOpenW 7F437057 5 Bytes JMP 00130DB0
.text C:\iTunes\iTunesHelper.exe[3484] WININET.dll!InternetOpenUrlW 7F461FC1 5 Bytes JMP 00130EC8
.text C:\iTunes\iTunesHelper.exe[3484] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\iTunes\iTunesHelper.exe[3484] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\iTunes\iTunesHelper.exe[3484] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\iTunes\iTunesHelper.exe[3484] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\iTunes\iTunesHelper.exe[3484] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\iPod\bin\iPodService.exe[3596] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\iPod\bin\iPodService.exe[3596] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F844F89E] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8465D86] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F844FE24] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F844FD28] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F844FEF4] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F84651AE] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F844FA5A] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F846504A] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F844F8F2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8442AD2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8442C0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F8442B96] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F844376C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F8443642] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8465E4A] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F84548C6] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F846504A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8465056] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8465E4A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F676DCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F676DD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F676DD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F844FCC6] sptd.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F844FCC6] sptd.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F676DDC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F676DD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F676DD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F676DCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F676DD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F676DDC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F676DCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F676DD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Fastfat \FatCdrom 823C89C0
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{122A31A9-9348-496C-A5C6-0236389914D8} 820EE1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{02537525-62A4-4DE4-AED4-C467FB8EC69B} 820EE1D8
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\prodrv06 \Device\ProDrv06 E1921420
Device \Driver\Ftdisk \Device\HarddiskVolume1 8237D3A0
Device \FileSystem\Rdbss \Device\FsWrap 81E83340
Device \Driver\Cdrom \Device\CdRom0 81E95A40
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E14A9560
Device \Driver\NetBT \Device\NetBt_Wins_Export 820EE1D8
Device \Driver\NetBT \Device\NetbiosSmb 820EE1D8
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 823C8BF8
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{3AB7FC04-C664-4AA9-B189-C40CC2CAC23C} 820EE1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81F87760
Device \FileSystem\MRxSmb \Device\LanmanRedirector 81F87760
Device \FileSystem\Npfs \Device\NamedPipe 81EE70E8
Device \Driver\Ftdisk \Device\FtControl 8237D3A0
Device \FileSystem\Msfs \Device\Mailslot 81E360E8
Device \FileSystem\Fastfat \Fat 823C89C0
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )
Device \FileSystem\Cdfs \Cdfs 821A4C98
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 1928203050
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 4045754
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1993813953
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA9 0xF3 0xE2 0x55 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA9 0xF3 0xE2 0x55 ...
---- EOF - GMER 1.0.14 ----
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[2164] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[2164] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[2164] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[2164] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[2164] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[2164] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\SOUNDMAN.EXE[2220] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\SOUNDMAN.EXE[2220] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\SOUNDMAN.EXE[2220] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe[2248] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] WININET.dll!InternetConnectA 7F4108DA 5 Bytes JMP 00130F54
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] WININET.dll!InternetConnectW 7F411763 5 Bytes JMP 00130FE0
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] WININET.dll!InternetOpenA 7F432371 5 Bytes JMP 00130D24
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] WININET.dll!InternetOpenUrlA 7F43576B 5 Bytes JMP 00130E3C
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] WININET.dll!InternetOpenW 7F437057 5 Bytes JMP 00130DB0
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2528] WININET.dll!InternetOpenUrlW 7F461FC1 5 Bytes JMP 00130EC8
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\Program Files\Messenger\msmsgs.exe[2592] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608
.text C:\Program Files\Messenger\msmsgs.exe[2592] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000707AC
.text C:\Program Files\Messenger\msmsgs.exe[2592] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00070720
.text C:\Program Files\Messenger\msmsgs.exe[2592] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000708C4
.text C:\Program Files\Messenger\msmsgs.exe[2592] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00070838
.text C:\Program Files\Messenger\msmsgs.exe[2592] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00070950
.text C:\Program Files\Messenger\msmsgs.exe[2592] WININET.dll!InternetConnectA 7F4108DA 5 Bytes JMP 00070F54
.text C:\Program Files\Messenger\msmsgs.exe[2592] WININET.dll!InternetConnectW 7F411763 5 Bytes JMP 00070FE0
.text C:\Program Files\Messenger\msmsgs.exe[2592] WININET.dll!InternetOpenA 7F432371 5 Bytes JMP 00070D24
.text C:\Program Files\Messenger\msmsgs.exe[2592] WININET.dll!InternetOpenUrlA 7F43576B 5 Bytes JMP 00070E3C
.text C:\Program Files\Messenger\msmsgs.exe[2592] WININET.dll!InternetOpenW 7F437057 5 Bytes JMP 00070DB0
.text C:\Program Files\Messenger\msmsgs.exe[2592] WININET.dll!InternetOpenUrlW 7F461FC1 5 Bytes JMP 00070EC8
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] WININET.dll!InternetConnectA 7F4108DA 5 Bytes JMP 00130F54
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] WININET.dll!InternetConnectW 7F411763 5 Bytes JMP 00130FE0
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] WININET.dll!InternetOpenA 7F432371 5 Bytes JMP 00130D24
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] WININET.dll!InternetOpenUrlA 7F43576B 5 Bytes JMP 00130E3C
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] WININET.dll!InternetOpenW 7F437057 5 Bytes JMP 00130DB0
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] WININET.dll!InternetOpenUrlW 7F461FC1 5 Bytes JMP 00130EC8
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] ws2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] ws2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Nokia PC Suite 6\LaunchApplication.exe[2612] ws2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3108] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] WININET.dll!InternetConnectA 7F4108DA 5 Bytes JMP 00130F54
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] WININET.dll!InternetConnectW 7F411763 5 Bytes JMP 00130FE0
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] WININET.dll!InternetOpenA 7F432371 5 Bytes JMP 00130D24
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] WININET.dll!InternetOpenUrlA 7F43576B 5 Bytes JMP 00130E3C
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] WININET.dll!InternetOpenW 7F437057 5 Bytes JMP 00130DB0
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] WININET.dll!InternetOpenUrlW 7F461FC1 5 Bytes JMP 00130EC8
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] ws2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] ws2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3420] ws2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\iTunes\iTunesHelper.exe[3484] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\iTunes\iTunesHelper.exe[3484] WININET.dll!InternetConnectA 7F4108DA 5 Bytes JMP 00130F54
.text C:\iTunes\iTunesHelper.exe[3484] WININET.dll!InternetConnectW 7F411763 5 Bytes JMP 00130FE0
.text C:\iTunes\iTunesHelper.exe[3484] WININET.dll!InternetOpenA 7F432371 5 Bytes JMP 00130D24
.text C:\iTunes\iTunesHelper.exe[3484] WININET.dll!InternetOpenUrlA 7F43576B 5 Bytes JMP 00130E3C
.text C:\iTunes\iTunesHelper.exe[3484] WININET.dll!InternetOpenW 7F437057 5 Bytes JMP 00130DB0
.text C:\iTunes\iTunesHelper.exe[3484] WININET.dll!InternetOpenUrlW 7F461FC1 5 Bytes JMP 00130EC8
.text C:\iTunes\iTunesHelper.exe[3484] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\iTunes\iTunesHelper.exe[3484] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\iTunes\iTunesHelper.exe[3484] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\iTunes\iTunesHelper.exe[3484] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\iTunes\iTunesHelper.exe[3484] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\iPod\bin\iPodService.exe[3596] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\iPod\bin\iPodService.exe[3596] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F844F89E] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8465D86] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F844FE24] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F844FD28] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F844FEF4] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F84651AE] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F844FA5A] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F846504A] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F844F8F2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8442AD2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8442C0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F8442B96] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F844376C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F8443642] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8465E4A] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F84548C6] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F846504A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8465056] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8465E4A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F676DCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F676DD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F676DD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F844FCC6] sptd.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F844FCC6] sptd.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F676DDC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F676DD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F676DD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F676DCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F676DD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F676DDC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F676DCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F676DD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017D73CC] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Mozilla Firefox\firefox.exe[308] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [017D7376] C:\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Fastfat \FatCdrom 823C89C0
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{122A31A9-9348-496C-A5C6-0236389914D8} 820EE1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{02537525-62A4-4DE4-AED4-C467FB8EC69B} 820EE1D8
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\prodrv06 \Device\ProDrv06 E1921420
Device \Driver\Ftdisk \Device\HarddiskVolume1 8237D3A0
Device \FileSystem\Rdbss \Device\FsWrap 81E83340
Device \Driver\Cdrom \Device\CdRom0 81E95A40
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E14A9560
Device \Driver\NetBT \Device\NetBt_Wins_Export 820EE1D8
Device \Driver\NetBT \Device\NetbiosSmb 820EE1D8
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 823C8BF8
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{3AB7FC04-C664-4AA9-B189-C40CC2CAC23C} 820EE1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81F87760
Device \FileSystem\MRxSmb \Device\LanmanRedirector 81F87760
Device \FileSystem\Npfs \Device\NamedPipe 81EE70E8
Device \Driver\Ftdisk \Device\FtControl 8237D3A0
Device \FileSystem\Msfs \Device\Mailslot 81E360E8
Device \FileSystem\Fastfat \Fat 823C89C0
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )
Device \FileSystem\Cdfs \Cdfs 821A4C98
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 1928203050
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 4045754
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1993813953
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA9 0xF3 0xE2 0x55 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA9 0xF3 0xE2 0x55 ...
---- EOF - GMER 1.0.14 ----
Přispějete na provoz fóra?