kgc.exe

Zpráva

Vidlicky a Noze

Bohuzial nie...zostava mi len reinstall Windows-u...

Unlimited_Killer

Ještě něco zkusíme.

~~~

Stáhněte GMER a dvojklikem spusťte.
Několik sekund bude skenovat. Poté klikněte na 'Save' v pravém dolním rohu a uložte první log - ten vložte sem do fóra.
Poté vytvořte druhý log, přičemž se budete řídit tímto návodem. Tento log sem také vložte.

Vidlicky a Noze

Tak neviem preco mi sken trval takmer dve hodiny,ale mam to...
Tu je ten maly log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-06 18:05:31
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Janik\LOCALS~1\Temp\awldrpow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

---- EOF - GMER 1.0.15 ----

Posielam v dalsom linku kvoli velkosti Hlavny log

Uf,dakujem moc za citanie

Vidlicky a Noze

A teraz este hlavny log z GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-06 20:10:02
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Janik\LOCALS~1\Temp\awldrpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEDFEB6B8]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xEE2BB868]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEDFEB574]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xEE2BAE90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xEE2BAD9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xEE2BB3FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xEE2BC210]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0xEE2B8786]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEDFEBA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEDFEB14C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xF766201C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xF7662168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xEE2BBB54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEDFEB64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEDFEB08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEDFEB0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEDFEB76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEDFEB72E]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xEE2BB4EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xEE2BBE8C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEDFEB8AE]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xEE2BBDE0]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[180] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[180] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[180] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[180] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[180] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[180] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[180] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[180] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[180] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[180] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[180] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[180] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[180] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[180] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\alg.exe[344] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[344] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[344] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[344] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[344] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[344] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[344] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[344] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[344] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[344] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[344] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[344] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[344] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[344] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[344] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[344] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[804] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[804] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[804] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[804] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[804] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[860] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[860] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[860] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[860] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[860] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1028] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1028] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1028] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1144] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1144] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1144] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetConnectA 771C345A 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetConnectW 771CEE40 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1208] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1208] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1208] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1320] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1320] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1320] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1384] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1384] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1384] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1384] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1384] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1384] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1384] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1384] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1384] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1384] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1384] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1384] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1384] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1432] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1432] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1432] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1432] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1432] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1432] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1432] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1432] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1432] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1432] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1432] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1432] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[1628] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[1628] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[1628] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[1628] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[1628] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

A druhu cast v dalsej odpovedi............

To je na

Vidlicky a Noze

Dokoncenie hlavneho logu...

.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1708] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1708] WININET.dll!InternetConnectA 771C345A 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1708] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1708] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1708] WININET.dll!InternetConnectW 771CEE40 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1708] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1708] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1708] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1708] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\DVDRAMSV.exe[1744] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\DVDRAMSV.exe[1744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\DVDRAMSV.exe[1744] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\DVDRAMSV.exe[1744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\DVDRAMSV.exe[1744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\DVDRAMSV.exe[1744] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\DVDRAMSV.exe[1744] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\DVDRAMSV.exe[1744] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\DVDRAMSV.exe[1744] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\DVDRAMSV.exe[1744] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\DVDRAMSV.exe[1744] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\DVDRAMSV.exe[1744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\DVDRAMSV.exe[1744] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\DVDRAMSV.exe[1744] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\DVDRAMSV.exe[1744] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1784] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1784] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1784] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1784] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1784] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1784] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1784] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1784] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1784] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1784] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1820] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1820] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1820] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1820] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1820] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1820] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1820] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1820] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1820] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1820] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1820] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1852] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1852] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1852] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1852] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1852] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1852] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1852] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1852] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1852] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1852] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1852] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1852] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1852] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1852] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] WININET.dll!InternetConnectA 771C345A 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] WININET.dll!InternetConnectW 771CEE40 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1904] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\UTSCSI.EXE[1936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\UTSCSI.EXE[1936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\UTSCSI.EXE[1936] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\UTSCSI.EXE[1936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\UTSCSI.EXE[1936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\UTSCSI.EXE[1936] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\UTSCSI.EXE[1936] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\UTSCSI.EXE[1936] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\UTSCSI.EXE[1936] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\UTSCSI.EXE[1936] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\UTSCSI.EXE[1936] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\UTSCSI.EXE[1936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\UTSCSI.EXE[1936] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Documents and Settings\Janik\Desktop\gmer.exe[2132] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Documents and Settings\Janik\Desktop\gmer.exe[2132] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Documents and Settings\Janik\Desktop\gmer.exe[2132] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Documents and Settings\Janik\Desktop\gmer.exe[2132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Documents and Settings\Janik\Desktop\gmer.exe[2132] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Documents and Settings\Janik\Desktop\gmer.exe[2132] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Documents and Settings\Janik\Desktop\gmer.exe[2132] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Documents and Settings\Janik\Desktop\gmer.exe[2132] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Documents and Settings\Janik\Desktop\gmer.exe[2132] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Documents and Settings\Janik\Desktop\gmer.exe[2132] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Documents and Settings\Janik\Desktop\gmer.exe[2132] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Documents and Settings\Janik\Desktop\gmer.exe[2132] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Documents and Settings\Janik\Desktop\gmer.exe[2132] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Documents and Settings\Janik\Desktop\gmer.exe[2132] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001407AC
.text C:\Documents and Settings\Janik\Desktop\gmer.exe[2132] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00140720
.text C:\WINDOWS\system32\wscntfy.exe[2160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wscntfy.exe[2160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\wscntfy.exe[2160] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wscntfy.exe[2160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wscntfy.exe[2160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wscntfy.exe[2160] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wscntfy.exe[2160] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wscntfy.exe[2160] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wscntfy.exe[2160] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wscntfy.exe[2160] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wscntfy.exe[2160] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wscntfy.exe[2160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wscntfy.exe[2160] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wscntfy.exe[2160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\wscntfy.exe[2160] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\Ati2evxx.exe[2172] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[2172] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[2172] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[2172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[2172] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[2172] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[2172] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[2172] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[2172] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[2172] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[2172] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[2172] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[2172] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[2172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[2172] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\WINDOWS\Explorer.EXE[2244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[2244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[2244] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[2244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[2244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[2244] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[2244] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[2244] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[2244] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[2244] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[2244] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[2244] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[2244] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[2244] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[2244] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[2244] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[2244] WININET.dll!InternetConnectA 771C345A 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[2244] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[2244] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[2244] WININET.dll!InternetConnectW 771CEE40 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[2244] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[2244] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[2244] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[2244] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2356] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2356] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2356] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2356] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2356] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2356] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2356] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2356] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2356] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2356] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2356] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2356] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2356] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2628] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2628] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2628] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2628] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2628] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2628] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2628] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2628] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2628] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2628] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2628] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2628] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001407AC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2628] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00140720
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2664] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2664] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2664] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2664] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2664] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2664] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2664] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2664] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2664] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2664] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2664] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2664] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2664] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2692] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2692] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2692] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2692] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2692] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2692] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2692] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2692] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2692] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2692] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2692] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2692] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001407AC
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2692] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00140720
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2692] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001408C4
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2692] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00140838
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2692] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00140950
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2700] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2700] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2700] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2700] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2700] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2700] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2700] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2700] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2700] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2700] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2700] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001407AC
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2700] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00140720
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2716] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2716] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2716] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2716] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2716] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2716] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2716] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2716] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2716] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2716] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2716] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001407AC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2716] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00140720
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2808] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2808] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2808] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2808] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2808] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2808] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2808] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2808] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2808] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2808] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2808] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2808] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001407AC
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2808] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00140720
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2808] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001408C4
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2808] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00140838
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2808] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00140950
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2884] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2884] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2884] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2884] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2884] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2884] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2884] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2884] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2884] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001407AC
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2884] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00140720
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2884] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001408C4
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2884] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00140838
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2884] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00140950
.text C:\WINDOWS\system32\RAMASST.exe[2964] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\WINDOWS\system32\RAMASST.exe[2964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\WINDOWS\system32\RAMASST.exe[2964] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\WINDOWS\system32\RAMASST.exe[2964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\WINDOWS\system32\RAMASST.exe[2964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\WINDOWS\system32\RAMASST.exe[2964] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\WINDOWS\system32\RAMASST.exe[2964] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\WINDOWS\system32\RAMASST.exe[2964] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\WINDOWS\system32\RAMASST.exe[2964] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\WINDOWS\system32\RAMASST.exe[2964] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\WINDOWS\system32\RAMASST.exe[2964] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\WINDOWS\system32\RAMASST.exe[2964] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\WINDOWS\system32\RAMASST.exe[2964] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\WINDOWS\system32\RAMASST.exe[2964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001407AC
.text C:\WINDOWS\system32\RAMASST.exe[2964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00140720

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003A0002
IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003A0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip

---- EOF - GMER 1.0.15 ----

Vidlicky a Noze

Neviem, ci sa to s mojim compom nezhorsuje, po restarte mi vyskocilo okno
z Data Execution Prevention,kde sa pise, ze z dovodu ochrany
pocitaca bol vypnuty Windows Logon UI.
Sprava sa nedala zatvorit az do dalsieho restartu, po ktorom sluzbu opat vyplo...

Unlimited_Killer

Omlouvám se za zdržení.

~~~

Použijte AVPTool.

Podle návodu v odkaze (o řádek výše) nainstalujte a proveďte sken.
Co najde, nechte léčit, nebo smazat.
Sken může trvat i několik hodin.
Poté jsem vložte log s výsledky (ve formě textu).

Vidlicky a Noze

Aj mne to trochu trvalo...

Tu je log z AVP Tool:

Autoscan: completed 3 minutes ago (events: 8, objects: 240612, time: 02:07:34)
7.2.2010 12:18:28 Task started
7.2.2010 12:20:00 Task stopped
7.2.2010 12:20:07 Task started
7.2.2010 12:37:53 Detected: not-a-virus:AdWare.Win32.CommonName.af C:\Documents and Settings\Janik\My Documents\JANIK\ROZNE\Region Killer\Region Killer 2.5.0.2.exe
7.2.2010 12:41:52 Deleted: not-a-virus:AdWare.Win32.CommonName.af C:\Documents and Settings\Janik\My Documents\JANIK\ROZNE\Region Killer\Region Killer 2.5.0.2.exe
7.2.2010 14:04:39 Detected: not-a-virus:AdWare.Win32.Gator.3202 C:\UNZIP\DivXPro502.exe/Gain_Trickler.exe
7.2.2010 14:08:54 Deleted: not-a-virus:AdWare.Win32.Gator.3202 C:\UNZIP\DivXPro502.exe
7.2.2010 14:27:41 Task completed

Unlimited_Killer

Zvláštní, virem to určitě nebude.
Jediné, co mě napadá, je za volat Vašemu providerovi a zeptat se ho, popřípadě nechat zavolat technika. Já s tím asi nic nezmůžu.

Vidlicky a Noze

Ano,mali ste pravdu,volal som providerovi,idem to tam zajtra riesit

Diky moc za vsetko, pomohli ste mi.

Unlimited_Killer

Není zač, ještě RSIT log, uklidím po nástrojích.

Vidlicky a Noze

Zdravim,
ospravedlnujem sa za zdrzanie, tu posielam este ten log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Janik at 2010-02-09 21:04:17
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (5%) free of 57 GB
Total RAM: 1150 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:43, on 9.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Janik\Desktop\RSIT.exe
C:\Program Files\trend micro\Janik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvorit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27C52299-DAD9-4900-AD0D-FDFC661CB086}: NameServer = 213.151.200.31 213.151.208.162
O17 - HKLM\System\CS1\Services\Tcpip\..\{27C52299-DAD9-4900-AD0D-FDFC661CB086}: NameServer = 213.151.200.31 213.151.208.162
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 7685 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-30 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-22 339968]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-02-17 233534]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2009-07-18 257440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-04 44032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-04-01 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\ypager.exe"="C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe"="C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe:*:Enabled:Anapod Xtreamer"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d0f417c-128f-11df-84d1-000fb07aa53e}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d0f417f-128f-11df-84d1-000fb07aa53e}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{567a7ace-14e1-11df-84da-0014a51e24f7}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d277f820-dfe7-11dd-8481-0014a51e24f7}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4e976a6-13ff-11df-84d9-0014a51e24f7}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d70ca9e1-14e2-11df-84db-0014a51e24f7}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de3e6a7a-1328-11df-84d4-000fb07aa53e}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de3e6a7c-1328-11df-84d4-000fb07aa53e}]
shell\AutoRun\command - E:\AutoRun.exe

======List of files/folders created in the last 1 months======

2010-02-08 19:51:07 ----D---- C:\WINDOWS\LastGood
2010-02-08 19:50:25 ----D---- C:\Program Files\Huawei technologies
2010-02-06 18:04:41 ----SHD---- C:\RECYCLER
2010-02-06 15:46:38 ----D---- C:\Program Files\trend micro
2010-02-05 22:06:28 ----D---- C:\WINDOWS\system32\NtmsData
2010-02-04 22:11:44 ----A---- C:\ComboFix.txt
2010-02-04 20:24:02 ----D---- C:\Documents and Settings\Janik\Application Data\Malwarebytes
2010-02-04 08:54:34 ----D---- C:\rsit
2010-02-03 20:56:24 ----A---- C:\WINDOWS\zip.exe
2010-02-03 20:56:24 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-03 20:56:24 ----A---- C:\WINDOWS\SWSC.exe
2010-02-03 20:56:24 ----A---- C:\WINDOWS\SWREG.exe
2010-02-03 20:56:24 ----A---- C:\WINDOWS\sed.exe
2010-02-03 20:56:24 ----A---- C:\WINDOWS\PEV.exe
2010-02-03 20:56:24 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-03 20:56:24 ----A---- C:\WINDOWS\MBR.exe
2010-02-03 20:56:24 ----A---- C:\WINDOWS\grep.exe
2010-02-02 22:08:21 ----D---- C:\WINDOWS\pss
2010-01-16 21:43:45 ----D---- C:\Program Files\Smart Projects
2010-01-16 20:51:41 ----D---- C:\Program Files\JuiceSoft
2010-01-16 20:16:10 ----D---- C:\_CDRestored
2010-01-15 20:00:13 ----D---- C:\Documents and Settings\Janik\Application Data\dvdisaster

======List of files/folders modified in the last 1 months======

2010-02-09 21:04:25 ----D---- C:\WINDOWS\Prefetch
2010-02-09 20:44:27 ----D---- C:\WINDOWS\Temp
2010-02-09 20:43:28 ----D---- C:\WINDOWS\system32
2010-02-09 20:43:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-09 20:42:34 ----D---- C:\Program Files\Mozilla Firefox
2010-02-09 20:41:01 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2010-02-08 19:53:05 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-08 19:51:08 ----HD---- C:\WINDOWS\inf
2010-02-08 19:51:08 ----D---- C:\WINDOWS\system32\drivers
2010-02-08 19:51:07 ----D---- C:\WINDOWS
2010-02-08 19:51:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-08 19:50:25 ----D---- C:\Program Files
2010-02-08 19:44:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-07 22:23:23 ----A---- C:\WINDOWS\win.ini
2010-02-07 22:21:55 ----D---- C:\UNZIP
2010-02-07 22:17:55 ----SHD---- C:\WINDOWS\Installer
2010-02-07 16:31:21 ----D---- C:\WINDOWS\system32\ias
2010-02-07 12:16:14 ----SHD---- C:\System Volume Information
2010-02-06 15:46:40 ----D---- C:\Qoobox
2010-02-06 15:46:32 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-05 22:07:07 ----D---- C:\WINDOWS\Registration
2010-02-05 21:20:08 ----D---- C:\WINDOWS\Resources
2010-02-04 22:07:43 ----A---- C:\WINDOWS\system.ini
2010-02-04 22:04:01 ----D---- C:\WINDOWS\AppPatch
2010-02-04 22:03:56 ----D---- C:\Program Files\Common Files
2010-02-03 21:10:13 ----D---- C:\WINDOWS\ERDNT
2010-01-16 20:51:50 ----D---- C:\WINDOWS\WinSxS
2010-01-16 19:28:11 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys [2004-06-09 10556]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2004-08-23 11089]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-03-22 13059]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-01 1034752]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-03-10 371712]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-03-15 37760]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-03-15 346496]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-03-22 1038208]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-05-26 100992]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2005-10-28 31680]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-02 191456]
R3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-22 703232]
S1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2004-04-20 24209]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2004-04-20 57404]
S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
S3 GTFFBUS;GT FF BUS; C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2006-01-25 16000]
S3 GTMMDMUSB;GT M 3G+ USB MDM; C:\WINDOWS\system32\DRIVERS\gtmmdmusb.sys [2006-02-01 25472]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS; C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2006-02-01 102784]
S3 GTMSERUSB;GT M 3G+ USB SER; C:\WINDOWS\system32\DRIVERS\gtmserusb.sys [2006-02-01 21760]
S3 GTPTSER;GT PT SER; C:\WINDOWS\system32\DRIVERS\gtptser.sys [2006-01-25 8064]
S3 GTSCSER;GT SC SER; C:\WINDOWS\system32\DRIVERS\gtscser.sys [2005-12-09 19328]
S3 GtVUsb;GlobeTrotter 3G+ Viper Filter Service; C:\WINDOWS\system32\DRIVERS\GtVUsb.sys [2005-12-22 5120]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-04-04 160768]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-01 360448]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE [2007-12-20 45056]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2005-03-04 98304]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-06-14 323584]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Diky za Vasu zasluznu cinnost

Unlimited_Killer

Nevadí, jdeme dál.

~~~

1) Fixnutí v HJT

Spusťte přejmenované HijackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_uzivatele.exe
Klikněte na 'Do a system scan only'.

U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

Pokud by tam nějaká položka nebyla, vynechte ji.

2) Odinstalace ComboFixu

Proklikejte se přes Start do Spustit [klávesová zkratka je Win+R].
Do textového pole napište:
Kód: Vybrat vše
```
ComboFix /Uninstall
```
Stiskněte Enter.
Spustí se odinstalace ComboFixu, která smaže všechny jeho součásti.

1) OTCleaner

Stáhněte OTC a dvojklikem ho spusťte.
Vyskočí okénko, kde kliknete na 'CleanUp!'.
Potvrdíte kliknutím na 'Yes'.
Poté se ještě zeptá, zda chcete restartovat PC - to proveďte opět kliknutím na 'Yes'.

4) Teď nový RSIT log.

5) Připojení už funguje?

Vidlicky a Noze

Pripojenie funguje...vecer pridem z prace a jdu na to...

Unlimited_Killer

VIRY.CZ

kgc.exe

Re: kgc.exe

Re: kgc.exe

Re: kgc.exe

Re: kgc.exe

Re: kgc.exe

Re: kgc.exe

Re: kgc.exe

Re: kgc.exe

Re: kgc.exe

Re: kgc.exe

Re: kgc.exe

Re: kgc.exe

Re: kgc.exe

Re: kgc.exe

Re: kgc.exe