Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Systém startuje 60minut.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Systém startuje 60minut.
Pokud nezabere reinstalace service Packu, bude problém někde v registrech. Jediné co bych pro vás pak mohl udělat je to, že bychom vrátili stav registrů do stavu, kdy byl poprvé nainstalován Windows. Musel byste reinstalovat všechny programy a znovu vše nastavit. Taková kompletní reinstalace bez reinstalace.
Pokud jste s naší pomocí spokojeni, můžete nás podpořit. Informace zde
Re: Systém startuje 60minut.
no tak to raději reinstalnem a formátnem, pokud nebude jiná cesta....... je jistota že ten hajzlík není na některém z jiných disků?
co nové drivery pro desku a nebo nový BIOS?
řešíme teď vir a nebo HW?
to je ten sinowal taková ludra?
mám to pak nainstalovat jak, přes nero a stustit .exe????
co nové drivery pro desku a nebo nový BIOS?
řešíme teď vir a nebo HW?
to je ten sinowal taková ludra?
mám to pak nainstalovat jak, přes nero a stustit .exe????
Re: Systém startuje 60minut.
Spíš software. Řekl bych, že problém bude v tom, že bylo z registrů odstraněno něco, co odstraněno být nemělo. Uvidíme na konci
Pokud jste s naší pomocí spokojeni, můžete nás podpořit. Informace zde
Re: Systém startuje 60minut.
no to mne napadlo taky, zálohu jsem nedělal, stáhl jsem asi před 14 dny WinXP Manager a jeho součástí je i 1 Click Cleaner, ten jsem dal a našel spoustu věcí, které smáznul........
Re: Systém startuje 60minut.
tak je odinstalováno a jdu na restart........
Re: Systém startuje 60minut.
za 5 min. bychom mohli začít instalovat SP3, jak na to z toho .iso????
po odinstalu to nabíhalo stejně pomalu......... po naběhnutí win, jde pomalu vždy jen první spuštění jakékoliv aplikace, pak je to již celkem ok asi úplně ok
po odinstalu to nabíhalo stejně pomalu......... po naběhnutí win, jde pomalu vždy jen první spuštění jakékoliv aplikace, pak je to již celkem ok asi úplně ok
Re: Systém startuje 60minut.
Nechte naběhnout systém a vražte CD do mechaniky. Instalace by se měla spustit sama. Eventuelně bude na cd v kořenovém adresáři instalátor.
Jinak by po instalaci vůbec nebylo od věci spustit Gmer. Teď jsem si znovu procházel celý topic a ten rootkit co ho předtím našel Combofix, mimo jiné hákoval váš antivirový program, síťovou kartu a diskový subsystém. To přesně odpovídá problémům, které máte. Mám obavy, zda tam ještě něco nezbylo. Háky vedly do nějakého neznámého modulu na adrese 0x8B0C72B8 a pokud jsem to pochopil dobře, pouze jste přepisoval kód MBR příkazem fixmbr. Ten modul tam tedy někde ještě bude a počítejte s tím, že váš antivirák ho momentálně neodhalí.
Jinak by po instalaci vůbec nebylo od věci spustit Gmer. Teď jsem si znovu procházel celý topic a ten rootkit co ho předtím našel Combofix, mimo jiné hákoval váš antivirový program, síťovou kartu a diskový subsystém. To přesně odpovídá problémům, které máte. Mám obavy, zda tam ještě něco nezbylo. Háky vedly do nějakého neznámého modulu na adrese 0x8B0C72B8 a pokud jsem to pochopil dobře, pouze jste přepisoval kód MBR příkazem fixmbr. Ten modul tam tedy někde ještě bude a počítejte s tím, že váš antivirák ho momentálně neodhalí.
Pokud jste s naší pomocí spokojeni, můžete nás podpořit. Informace zde
Re: Systém startuje 60minut.
v adresáři jsou dva exáče, auto run a samotný pack....... který......... iso mi samo nenaběhne, spustí to NERO.
přesně jen jsem to přepsal fixmbr......
Jste hlava, v den a nebo před tím problémem mi to hodilo chybu na Grafice, už nevím co, myslel jsem planný poplach, včera mi to vrtalo v hlavě a stáhl jsem nejnovější ovladaše na Grafiku a instaloval, ráno rozlišení na nejníže a snad jen 4bity v barvě, katastrofa......... ikony přes půl monitoru, prý je to neplatný GPU pro systém.......... pak jsem dal starý z CD ke graficew.............jj bude tam hajzl jeden
zkoušel jsem tolik antivirů až běda, nic, mám i přímo na sinowal a nic nenalezeno............ bude tam ludra jedna špatná
přesně jen jsem to přepsal fixmbr......
Jste hlava, v den a nebo před tím problémem mi to hodilo chybu na Grafice, už nevím co, myslel jsem planný poplach, včera mi to vrtalo v hlavě a stáhl jsem nejnovější ovladaše na Grafiku a instaloval, ráno rozlišení na nejníže a snad jen 4bity v barvě, katastrofa......... ikony přes půl monitoru, prý je to neplatný GPU pro systém.......... pak jsem dal starý z CD ke graficew.............jj bude tam hajzl jeden
zkoušel jsem tolik antivirů až běda, nic
, mám i přímo na sinowal a nic nenalezeno............ bude tam ludra jedna špatnáRe: Systém startuje 60minut.
Tak spustit přímo ten instalátor SP.
Až to nainstalujete, stáhněte si http://www2.gmer.net/mbr/mbr.exe na plochu a spusťte ho. Vytvoří se log, ten sem pak hoďte.
A pak by to chtělo použít Gmer a také sem hodit log.
Nemusí to být přímo Sinowal, ale něco podobného, co používá podobnou techniku.
Až to nainstalujete, stáhněte si http://www2.gmer.net/mbr/mbr.exe na plochu a spusťte ho. Vytvoří se log, ten sem pak hoďte.
A pak by to chtělo použít Gmer a také sem hodit log.
Nemusí to být přímo Sinowal, ale něco podobného, co používá podobnou techniku.
Pokud jste s naší pomocí spokojeni, můžete nás podpořit. Informace zde
Re: Systém startuje 60minut.
Návod na Gmer (první dva body udělejte jen v případě, že používáte Daemon nebo alcohol)
odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)
Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer
----------------------
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.
stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu
start-spustit
do okénka zkopírujte
ok
vytvoří se log s názvem mbr.log, vložte ho zde
odinstalujte všechny virtuální jednotky (Daemon nebo alcohol) Stáhněte SPTD http://www.duplexsecure.com/en/downloads-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer
----------------------
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.
stáhněte MBR http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu
start-spustit do okénka zkopírujte
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -tNepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Systém startuje 60minut.
teď ráno to po mě chtělo SP3 instal.......... udělám SP3 a jdu na Váš postup..........
chtěl jsem spustit Daemona a nešel, on není vidět ani v programech, psalo to, že mu chybí právě ten SPTD, takže uninstal mi to nanabídlo, jen instal..........
chtěl jsem spustit Daemona a nešel, on není vidět ani v programech, psalo to, že mu chybí právě ten SPTD, takže uninstal mi to nanabídlo, jen instal..........
Re: Systém startuje 60minut.
takže SP3 je tam, Deamon je pryč a GMER hotov asi po 3 hodinách. Při Gmeru mi to padlo 3x do MODRÉ a PC je oproti včerejšku pořád stejné, něco se děje s Mozillou a nechce se mi někdy otevřít, pak píše, že script nereaguje, PC se seká úplně pokud chci přecházet mezi složkami a nebo otevírat aplikace.
GMER mě zarazil, že navidí moje P:, mám disky C:;D., I:;P:;R:( se přepsalo po MBRfix na F:, shortcut funguje ale systém ho vidí jako F: )
zde log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-14 10:31:59
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\kwxdrpod.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA7F6A678]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
GMER mě zarazil, že navidí moje P:, mám disky C:;D., I:;P:;R:( se přepsalo po MBRfix na F:, shortcut funguje ale systém ho vidí jako F: )
zde log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-14 10:31:59
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\kwxdrpod.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA7F6A678]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
Re: Systém startuje 60minut.
zde celý:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-14 12:49:09
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\kwxdrpod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA7F616B8]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xA88AE868]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA7F61574]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xA88ADE90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xA88ADD9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xA88AE3FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xA88AF210]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0xA88AB786]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA7F61A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA7F6114C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xBA18A01C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xBA18A168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xA88AEB54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA7F6164E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA7F6108C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA7F610F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA7F6176E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA7F6172E]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xA88AE4EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xA88AEE8C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA7F618AE]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xA88AEDE0]
INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B5462541
INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B54625E7
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA7F6A678]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C64 80504500 4 Bytes CALL 0AB2ED8F
PAGE ntkrnlpa.exe!NtCreateSection 805AB3AC 7 Bytes JMP A7F6A67C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.xreloc C:\WINDOWS\system32\drivers\sfsync05.sys unknown last section [0xB9F67000, 0xC9C, 0x40000040]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB52F4000, 0x16DFE2, 0xE8000020]
.text HTTP.sys A3F0931D 2 Bytes [28, 09] {SUB [ECX], CL}
.text HTTP.sys A3F0933C 1 Byte [74]
.text HTTP.sys A3F0934C 2 Bytes [20, 09] {AND [ECX], CL}
.text HTTP.sys A3F09372 2 Bytes [10, 06] {ADC [ESI], AL}
.text HTTP.sys A3F09397 2 Bytes CALL A3F0BEB5 \SystemRoot\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation)
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avast\aswUpdSv.exe[176] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avast\aswUpdSv.exe[176] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Avast\aswUpdSv.exe[176] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Avast\aswUpdSv.exe[176] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Avast\aswUpdSv.exe[176] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avast\ashServ.exe[268] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avast\ashServ.exe[268] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Avast\ashServ.exe[268] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Avast\ashServ.exe[268] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Avast\ashServ.exe[268] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[624] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[624] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetConnectA 40C1B0D2 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetConnectW 40C1C2C0 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetOpenA 40C23081 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetOpenW 40C236B1 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetOpenUrlA 40C26F5A 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetOpenUrlW 40C68439 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[624] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[624] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[624] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text D:\Dokumenty\Virusy\gmer.exe[652] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text D:\Dokumenty\Virusy\gmer.exe[652] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[692] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[692] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[692] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[692] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[692] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[848] WININET.dll!InternetConnectA 40C1B0D2 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[848] WININET.dll!InternetConnectW 40C1C2C0 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[848] WININET.dll!InternetOpenA 40C23081 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[848] WININET.dll!InternetOpenW 40C236B1 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[848] WININET.dll!InternetOpenUrlA 40C26F5A 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[848] WININET.dll!InternetOpenUrlW 40C68439 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[848] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[848] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[848] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[1080] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[1080] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1136] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[1136] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[1136] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[1136] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[1136] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1184] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[1184] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1196] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[1196] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1196] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1196] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1196] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!connect
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-14 12:49:09
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\kwxdrpod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA7F616B8]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xA88AE868]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA7F61574]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xA88ADE90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xA88ADD9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xA88AE3FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xA88AF210]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0xA88AB786]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA7F61A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA7F6114C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xBA18A01C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xBA18A168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xA88AEB54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA7F6164E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA7F6108C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA7F610F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA7F6176E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA7F6172E]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xA88AE4EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xA88AEE8C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA7F618AE]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xA88AEDE0]
INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B5462541
INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B54625E7
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA7F6A678]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C64 80504500 4 Bytes CALL 0AB2ED8F
PAGE ntkrnlpa.exe!NtCreateSection 805AB3AC 7 Bytes JMP A7F6A67C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.xreloc C:\WINDOWS\system32\drivers\sfsync05.sys unknown last section [0xB9F67000, 0xC9C, 0x40000040]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB52F4000, 0x16DFE2, 0xE8000020]
.text HTTP.sys A3F0931D 2 Bytes [28, 09] {SUB [ECX], CL}
.text HTTP.sys A3F0933C 1 Byte [74]
.text HTTP.sys A3F0934C 2 Bytes [20, 09] {AND [ECX], CL}
.text HTTP.sys A3F09372 2 Bytes [10, 06] {ADC [ESI], AL}
.text HTTP.sys A3F09397 2 Bytes CALL A3F0BEB5 \SystemRoot\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation)
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avast\aswUpdSv.exe[176] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avast\aswUpdSv.exe[176] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Avast\aswUpdSv.exe[176] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Avast\aswUpdSv.exe[176] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Avast\aswUpdSv.exe[176] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avast\ashServ.exe[268] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avast\ashServ.exe[268] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Avast\ashServ.exe[268] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Avast\ashServ.exe[268] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Avast\ashServ.exe[268] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[624] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[624] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetConnectA 40C1B0D2 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetConnectW 40C1C2C0 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetOpenA 40C23081 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetOpenW 40C236B1 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetOpenUrlA 40C26F5A 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetOpenUrlW 40C68439 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[624] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[624] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[624] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text D:\Dokumenty\Virusy\gmer.exe[652] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text D:\Dokumenty\Virusy\gmer.exe[652] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[692] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[692] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[692] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[692] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[692] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[848] WININET.dll!InternetConnectA 40C1B0D2 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[848] WININET.dll!InternetConnectW 40C1C2C0 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[848] WININET.dll!InternetOpenA 40C23081 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[848] WININET.dll!InternetOpenW 40C236B1 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[848] WININET.dll!InternetOpenUrlA 40C26F5A 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[848] WININET.dll!InternetOpenUrlW 40C68439 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[848] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[848] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[848] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[1080] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[1080] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1136] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[1136] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[1136] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[1136] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[1136] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1184] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[1184] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1196] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[1196] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1196] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1196] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1196] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!connect
Re: Systém startuje 60minut.
2. cást:
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1612] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1612] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1612] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1612] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1612] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetConnectA 40C1B0D2 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetConnectW 40C1C2C0 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetOpenA 40C23081 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetOpenW 40C236B1 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetOpenUrlA 40C26F5A 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetOpenUrlW 40C68439 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1668] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1668] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1872] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1872] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1872] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1872] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1872] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[2008] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[2008] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[2008] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[2008] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[2008] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[2072] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[2072] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[2072] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[2072] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[2072] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] WININET.dll!InternetConnectA 40C1B0D2 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] WININET.dll!InternetConnectW 40C1C2C0 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] WININET.dll!InternetOpenA 40C23081 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] WININET.dll!InternetOpenW 40C236B1 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] WININET.dll!InternetOpenUrlA 40C26F5A 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] WININET.dll!InternetOpenUrlW 40C68439 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[2408] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[2408] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1612] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1612] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1612] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1612] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1612] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetConnectA 40C1B0D2 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetConnectW 40C1C2C0 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetOpenA 40C23081 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetOpenW 40C236B1 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetOpenUrlA 40C26F5A 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetOpenUrlW 40C68439 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1668] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1668] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1872] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1872] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1872] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1872] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1872] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[2008] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[2008] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[2008] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[2008] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[2008] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[2072] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[2072] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[2072] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[2072] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[2072] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] WININET.dll!InternetConnectA 40C1B0D2 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] WININET.dll!InternetConnectW 40C1C2C0 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] WININET.dll!InternetOpenA 40C23081 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] WININET.dll!InternetOpenW 40C236B1 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] WININET.dll!InternetOpenUrlA 40C26F5A 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] WININET.dll!InternetOpenUrlW 40C68439 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[2408] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[2408] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
Re: Systém startuje 60minut.
3. tí část:
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\WINDOWS\Domino.exe[2800] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\WINDOWS\Domino.exe[2800] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] WININET.dll!InternetConnectA 40C1B0D2 5 Bytes JMP 00140F54
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] WININET.dll!InternetConnectW 40C1C2C0 5 Bytes JMP 00140FE0
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] WININET.dll!InternetOpenA 40C23081 5 Bytes JMP 00140D24
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] WININET.dll!InternetOpenW 40C236B1 5 Bytes JMP 00140DB0
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] WININET.dll!InternetOpenUrlA 40C26F5A 5 Bytes JMP 00140E3C
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] WININET.dll!InternetOpenUrlW 40C68439 5 Bytes JMP 00140EC8
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[2936] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[2936] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\taskmgr.exe[2980] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\taskmgr.exe[2980] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\taskmgr.exe[2980] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\taskmgr.exe[2980] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\taskmgr.exe[2980] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wuauclt.exe[3092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wuauclt.exe[3092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wuauclt.exe[3184] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wuauclt.exe[3184] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wuauclt.exe[3184] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wuauclt.exe[3184] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wuauclt.exe[3184] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avast\ashMaiSv.exe[3548] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Avast\ashMaiSv.exe[3548] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Avast\ashMaiSv.exe[3548] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Avast\ashMaiSv.exe[3548] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avast\ashMaiSv.exe[3548] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avast\ashWebSv.exe[3600] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Avast\ashWebSv.exe[3600] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Avast\ashWebSv.exe[3600] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Avast\ashWebSv.exe[3600] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avast\ashWebSv.exe[3600] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!ExAcquireFastMutex] [805F66F2] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!ExReleaseFastMutex] [805F7E90] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!KfAcquireSpinLock] [805E3416] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!KfReleaseSpinLock] [805DCB2E] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!KeAcquireInStackQueuedSpinLock] [805DC47E] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!KeReleaseInStackQueuedSpinLock] [805E2ECA] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!KeGetCurrentIrql] [805E3252] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1184] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003E0002
IAT C:\WINDOWS\system32\services.exe[1184] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003E0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\atapi \Device\Ide\IdePort0 8B21E7A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8B21E7A8
Device \Driver\atapi \Device\Ide\IdePort1 8B21E7A8
Device \Driver\atapi \Device\Ide\IdePort2 8B21E7A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8B21E7A8
Device \Driver\atapi \Device\Ide\IdePort3 8B21E7A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 8B21E7A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 8B21E7A8
Device \Driver\usbstor \Device\00000085 8B272FF0
Device \Driver\usbstor \Device\00000088 8B272FF0
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbstor \Device\00000089 8B272FF0
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbstor \Device\0000008a 8B272FF0
Device \Driver\usbstor \Device\0000008b 8B272FF0
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSpxoe.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSpxoe.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSktpa.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSwupe.dat
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSirxy.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSyavu.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSacun.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSqqcn.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSehys.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSwghd.log
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0x58 0xD1 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x22 0xCF 0x14 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA4 0x84 0x58 0x85 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x30 0xC7 0xAC 0x50 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x75 0xF9 0xF6 0x26 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0x58 0xD1 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x22 0xCF 0x14 0x49 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA4 0x84 0x58 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x30 0xC7 0xAC 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x75 0xF9 0xF6 0x26 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0x58 0xD1 0x0E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x22 0xCF 0x14 0x49 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA4 0x84 0x58 0x85 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x30 0xC7 0xAC 0x50 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x75 0xF9 0xF6 0x26 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0x58 0xD1 0x0E ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x22 0xCF 0x14 0x49 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA4 0x84 0x58 0x85 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x30 0xC7 0xAC 0x50 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x75 0xF9 0xF6 0x26 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- EOF - GMER 1.0.15 ----
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\WINDOWS\Domino.exe[2800] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\WINDOWS\Domino.exe[2800] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] WININET.dll!InternetConnectA 40C1B0D2 5 Bytes JMP 00140F54
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] WININET.dll!InternetConnectW 40C1C2C0 5 Bytes JMP 00140FE0
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] WININET.dll!InternetOpenA 40C23081 5 Bytes JMP 00140D24
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] WININET.dll!InternetOpenW 40C236B1 5 Bytes JMP 00140DB0
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] WININET.dll!InternetOpenUrlA 40C26F5A 5 Bytes JMP 00140E3C
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] WININET.dll!InternetOpenUrlW 40C68439 5 Bytes JMP 00140EC8
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[2936] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[2936] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\taskmgr.exe[2980] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\taskmgr.exe[2980] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\taskmgr.exe[2980] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\taskmgr.exe[2980] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\taskmgr.exe[2980] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wuauclt.exe[3092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wuauclt.exe[3092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wuauclt.exe[3184] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wuauclt.exe[3184] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wuauclt.exe[3184] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wuauclt.exe[3184] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wuauclt.exe[3184] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avast\ashMaiSv.exe[3548] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Avast\ashMaiSv.exe[3548] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Avast\ashMaiSv.exe[3548] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Avast\ashMaiSv.exe[3548] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avast\ashMaiSv.exe[3548] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avast\ashWebSv.exe[3600] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Avast\ashWebSv.exe[3600] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Avast\ashWebSv.exe[3600] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Avast\ashWebSv.exe[3600] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avast\ashWebSv.exe[3600] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!ExAcquireFastMutex] [805F66F2] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!ExReleaseFastMutex] [805F7E90] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!KfAcquireSpinLock] [805E3416] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!KfReleaseSpinLock] [805DCB2E] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!KeAcquireInStackQueuedSpinLock] [805DC47E] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!KeReleaseInStackQueuedSpinLock] [805E2ECA] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!KeGetCurrentIrql] [805E3252] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1184] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003E0002
IAT C:\WINDOWS\system32\services.exe[1184] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003E0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\atapi \Device\Ide\IdePort0 8B21E7A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8B21E7A8
Device \Driver\atapi \Device\Ide\IdePort1 8B21E7A8
Device \Driver\atapi \Device\Ide\IdePort2 8B21E7A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8B21E7A8
Device \Driver\atapi \Device\Ide\IdePort3 8B21E7A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 8B21E7A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 8B21E7A8
Device \Driver\usbstor \Device\00000085 8B272FF0
Device \Driver\usbstor \Device\00000088 8B272FF0
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbstor \Device\00000089 8B272FF0
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbstor \Device\0000008a 8B272FF0
Device \Driver\usbstor \Device\0000008b 8B272FF0
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSpxoe.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSpxoe.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSktpa.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSwupe.dat
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSirxy.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSyavu.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSacun.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSqqcn.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSehys.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSwghd.log
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0x58 0xD1 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x22 0xCF 0x14 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA4 0x84 0x58 0x85 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x30 0xC7 0xAC 0x50 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x75 0xF9 0xF6 0x26 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0x58 0xD1 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x22 0xCF 0x14 0x49 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA4 0x84 0x58 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x30 0xC7 0xAC 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x75 0xF9 0xF6 0x26 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0x58 0xD1 0x0E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x22 0xCF 0x14 0x49 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA4 0x84 0x58 0x85 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x30 0xC7 0xAC 0x50 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x75 0xF9 0xF6 0x26 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0x58 0xD1 0x0E ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x22 0xCF 0x14 0x49 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA4 0x84 0x58 0x85 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x30 0xC7 0xAC 0x50 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x75 0xF9 0xF6 0x26 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- EOF - GMER 1.0.15 ----
Přispějete na provoz fóra?