Dobrý den, rád bych opět požádal o pomoc - i přes maximální snahu se nedostat do kontaktu s viry se začal počítač chovat včera dost divně. Neustále se něco stahuje a uploaduje (firewall ukazuje stahování a upload jako "system" - o žádnou aktualizaci by ovšem jít nemělo) a síť se chová jako bych jí přetěžoval (stránky se načítají zoufale pomalu). Mohl by se prosím někdo jedním očkem mrknout na log, zda-li tam nemám havěť? (Avast je čistý, Malwarebyte's Anti-Malware jsem na radu místních raději ani nezkoušel, nechci si odstřelit systém). Díky moc!
Logfile of random's system information tool 1.08 (written by random/random)
Run by Fanda at 2011-05-05 19:15:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 55 GB (18%) free of 305 GB
Total RAM: 2047 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:15:08, on 5.5.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\wincmd\WINCMD32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Fanda\Desktop\RSIT.exe
C:\Program Files\trend micro\Fanda.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{90EC9EEE-5959-4F21-B786-9BB29C29A239}: NameServer = 192.168.19.177,77.48.254.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://img.libimseti.cz/i/bg-body-winter.jpg
O24 - Desktop Component 1: (no name) - http://img1.libimseti.cz/transp.gif
--
End of file - 5985 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-13 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-13 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2006-07-07 262144]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-18 843776]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-10-16 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-10-16 13851752]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-08-26 1753192]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Quicker Help]
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe [2006-07-19 3167744]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2007-08-16 167368]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-12-03 14944136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2011-01-31 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2011-01-31 550360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\SEGA\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Program Files\SEGA\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet"
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Yahoo\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"="C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\SteamApps\common\dawn of war ii - retribution\DOW2.exe"="C:\Program Files\Steam\SteamApps\common\dawn of war ii - retribution\DOW2.exe:*:Enabled:Warhammer® 40,000®: Dawn of War® II – Retribution™"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Dragon Age 2\bin_ship\DragonAge2.exe"="C:\Program Files\Dragon Age 2\bin_ship\DragonAge2.exe:*:Enabled:Dragon Age II"
"C:\Program Files\Dragon Age 2\DragonAge2Launcher.exe"="C:\Program Files\Dragon Age 2\DragonAge2Launcher.exe:*:Enabled:Dragon Age II Launcher"
======List of files/folders created in the last 1 months======
2011-05-05 19:15:02 ----D---- C:\rsit
2011-04-28 13:54:52 ----D---- C:\Documents and Settings\Fanda\Application Data\Gearbox Software
2011-04-20 18:43:07 ----D---- C:\Program Files\Valve
2011-04-16 23:50:44 ----D---- C:\Documents and Settings\Fanda\Application Data\wargaming.net
2011-04-16 23:35:34 ----D---- C:\Games
2011-04-16 11:59:27 ----D---- C:\Documents and Settings\Fanda\Application Data\gtk-2.0
2011-04-16 11:48:44 ----D---- C:\Program Files\GIMP-2.0
2011-04-14 19:31:58 ----D---- C:\Program Files\Steam
2011-04-07 12:14:01 ----D---- C:\Program Files\EA GAMES
======List of files/folders modified in the last 1 months======
2011-05-05 19:15:05 ----D---- C:\Program Files\trend micro
2011-05-05 12:28:55 ----A---- C:\WINDOWS\wincmd.ini
2011-05-05 09:35:33 ----D---- C:\WINDOWS\TEMP
2011-05-05 01:02:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-05-04 22:24:30 ----SHD---- C:\WINDOWS\Installer
2011-05-04 22:24:29 ----D---- C:\Config.Msi
2011-05-04 22:24:13 ----AD---- C:\WINDOWS\system32
2011-05-04 21:44:07 ----D---- C:\Downloads
2011-05-01 17:16:34 ----D---- C:\WINDOWS\system32\CatRoot2
2011-04-30 16:34:17 ----D---- C:\WINDOWS\Prefetch
2011-04-30 09:09:00 ----D---- C:\Program Files\Mozilla Firefox
2011-04-29 07:31:50 ----D---- C:\WINDOWS
2011-04-28 14:20:52 ----AD---- C:\Program Files
2011-04-28 13:48:01 ----D---- C:\WINDOWS\system32\DirectX
2011-04-28 13:47:53 ----D---- C:\WINDOWS\inf
2011-04-28 00:09:36 ----A---- C:\WINDOWS\wcx_ftp.ini
2011-04-20 08:38:20 ----D---- C:\WINDOWS\system32\drivers
2011-04-16 23:45:14 ----D---- C:\WINDOWS\WinSxS
2011-04-16 23:44:32 ----RSD---- C:\WINDOWS\assembly
2011-04-15 08:44:16 ----D---- C:\Documents and Settings\Fanda\Application Data\ICQ
2011-04-15 08:39:23 ----D---- C:\Program Files\ICQ7.2
2011-04-15 08:39:15 ----D---- C:\Documents and Settings\Fanda\Application Data\Skype
2011-04-15 08:39:11 ----D---- C:\Documents and Settings\Fanda\Application Data\skypePM
2011-04-10 11:32:27 ----D---- C:\temp
2011-04-10 11:26:27 ----D---- C:\Documents and Settings\Fanda\Application Data\Adobe
2011-04-09 01:01:45 ----D---- C:\Program Files\BitComet
2011-04-07 12:10:23 ----DC---- C:\WINDOWS\system32\dllcache
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\System32\DRIVERS\JGOGO.sys [2006-02-07 6912]
R0 JRAID;JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [2006-07-01 41216]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-04-27 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-07-07 697328]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2005-12-22 5685]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 284184]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 91672]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2006-12-29 21035]
R2 atksgt;atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [2007-01-19 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [2007-01-03 18048]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-16 4615168]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2010-10-22 9623680]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-12-31 10368]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\System32\DRIVERS\RTL8187.sys [2006-06-16 176128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2005-03-30 230400]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S3 a22a74fd;a22a74fd; C:\WINDOWS\system32\drivers\a22a74fd.sys []
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\adusbser.sys [2006-10-23 93440]
S3 Asushwio;Asushwio; \??\C:\WINDOWS\System32\drivers\Asushwio.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-08-31 25280]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2006-09-15 10205696]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-13 153376]
R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2006-07-18 1205784]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-10-16 156776]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Neobvyklá aktivita sítě - virus
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Neobvyklá aktivita sítě - virus
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Neobvyklá aktivita sítě - virus
TadyRudy píše:Dejte log z ComboFix.
ComboFix 11-05-04.04 - Fanda 05.05.2011 19:49:45.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1440 [GMT 2:00]
Running from: c:\documents and settings\Fanda\Desktop\ComboFix.exe
FW: Sunbelt Kerio Personal Firewall *Enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Fanda\Application Data\.#
c:\documents and settings\Fanda\Application Data\.#\MBX@60C@3D41A8.###
c:\documents and settings\Fanda\Application Data\.#\MBX@60C@3D41D8.###
c:\documents and settings\Fanda\Application Data\.#\MBX@60C@3D4208.###
c:\documents and settings\Fanda\WINDOWS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-05-05 17:15 . 2011-05-05 17:15 -------- d-----w- C:\rsit
2011-04-28 11:54 . 2011-04-28 12:20 -------- d-----w- c:\documents and settings\Fanda\Application Data\Gearbox Software
2011-04-20 16:43 . 2011-04-20 16:43 -------- d-----w- c:\program files\Valve
2011-04-16 21:50 . 2011-04-16 21:52 -------- d-----w- c:\documents and settings\Fanda\Application Data\wargaming.net
2011-04-16 21:35 . 2011-04-16 21:35 -------- d-----w- C:\Games
2011-04-16 09:59 . 2011-04-16 13:53 -------- d-----w- c:\documents and settings\Fanda\Application Data\gtk-2.0
2011-04-16 09:59 . 2011-04-16 09:59 -------- d-----w- c:\documents and settings\Fanda\.thumbnails
2011-04-16 09:56 . 2011-04-16 13:53 -------- d-----w- c:\documents and settings\Fanda\.gimp-2.6
2011-04-16 09:48 . 2011-04-16 09:48 -------- d-----w- c:\program files\GIMP-2.0
2011-04-14 17:31 . 2011-04-16 17:57 -------- d-----w- c:\program files\Steam
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-04-07 10:14 . 2011-04-07 10:14 -------- d-----w- c:\program files\EA GAMES
2011-04-07 10:10 . 2004-07-09 02:26 47104 -c--a-w- c:\windows\system32\dllcache\wstdecod.dll
2011-04-07 10:10 . 2004-07-09 02:26 1230336 -c--a-w- c:\windows\system32\dllcache\msvidctl.dll
2011-04-07 10:10 . 2002-12-11 22:14 733184 -c--a-w- c:\windows\system32\dllcache\qedwipes.dll
2011-04-07 10:10 . 2002-12-11 22:14 1798144 -c--a-w- c:\windows\system32\dllcache\qedit.dll
2011-04-07 10:10 . 2002-12-11 22:14 12288 ----a-w- c:\windows\system32\ksolay.ax
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-25 22:47 . 2011-03-25 22:47 1409 ----a-w- c:\windows\QTFont.for
2009-10-17 16:37 164352 --sh--w- c:\windows\system32\SCS.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Quicker Help]
2006-07-19 08:52 3167744 ----a-w- c:\program files\ASUS\ASUS DH Remote\AsRc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-08-16 11:24 167368 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-12-03 15:46 14944136 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dawn of war ii - retribution\\DOW2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24860:TCP"= 24860:TCP:BitComet 24860 TCP
"24860:UDP"= 24860:UDP:BitComet 24860 UDP
"17789:TCP"= 17789:TCP:BitComet 17789 TCP
"17789:UDP"= 17789:UDP:BitComet 17789 UDP
"80:UDP"= 80:UDP:BitComet 80 UDP
"3445:TCP"= 3445:TCP:BitComet 3445 TCP
"3445:UDP"= 3445:UDP:BitComet 3445 UDP
"18478:TCP"= 18478:TCP:BitComet 18478 TCP
"18478:UDP"= 18478:UDP:BitComet 18478 UDP
"18042:TCP"= 18042:TCP:BitComet 18042 TCP
"18042:UDP"= 18042:UDP:BitComet 18042 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/10/2007 7:55 PM 697328]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [7/18/2006 1:02 PM 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [7/18/2006 1:02 PM 91672]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 2:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 32256]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [12/29/2006 6:39 PM 176128]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [4/21/2009 9:09 PM 93440]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [12/29/2006 6:26 PM 5824]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ww.seznam.cz/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
TCP: {90EC9EEE-5959-4F21-B786-9BB29C29A239} = 192.168.19.177,77.48.254.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: network.proxy.http - 95.168.205.20
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
HKLM_ActiveSetup-{1F0BACCF-BB6E-4F33-43CB-D582BEEE3EA4} - c:\documents and settings\Fanda\Application Data\SSTorr.exe
HKCU_ActiveSetup-{1F0BACCF-BB6E-4F33-43CB-D582BEEE3EA4} - c:\documents and settings\Fanda\Application Data\SSTorr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-05 19:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\System\MountedDevices]
@Denied: (Read) (Administrators)
"\\??\\Volume{f3fc26a4-9752-11db-b2a3-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\
"\\??\\Volume{f3fc26a5-9752-11db-b2a3-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,41,00,54,00,41,00,\
"\\DosDevices\\A:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,
45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\
"\\DosDevices\\D:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,
64,00,52,00,6f,00,6d,00,41,00,54,00,41,00,50,00,49,00,5f,00,44,00,56,00,44,\
"\\??\\Volume{f3fc26a7-9752-11db-b2a3-806d6172696f}"=hex:4f,f8,4f,f8,00,7e,00,
00,00,00,00,00
"\\DosDevices\\C:"=hex:4f,f8,4f,f8,00,7e,00,00,00,00,00,00
"\\??\\Volume{b836109a-9a87-11db-b2d2-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\E:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,
43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,52,00,44,00,35,\
"\\??\\Volume{707edcf2-a7f5-11db-8a5a-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{821dcc82-a863-11db-8a5c-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\F:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{9189b014-ad5e-11db-8a6a-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{9189b015-ad5e-11db-8a6a-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\G:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{9189b016-ad5e-11db-8a6a-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\H:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{9189b017-ad5e-11db-8a6a-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\I:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{81ab8620-c3f4-11db-8a9c-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{525d3dc6-dd37-11db-8b02-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{9521668a-458f-11dc-8be6-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{d25198bc-910d-11dc-8c79-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{40b15e8e-9666-11dc-8c83-0015af0d399c}"=hex:5d,e3,c6,64,00,7e,00,
00,00,00,00,00
"\\??\\Volume{14b5a43a-b4d8-11dc-8ccd-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{93424692-008b-11dd-8d71-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{601863f9-1c3a-11dd-8db2-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{0e080e50-704b-11dd-8e89-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{ff03df86-91f8-11dd-8ecf-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{d27dd59c-be18-11dd-8f30-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,55,00,53,00,42,00,53,00,54,00,4f,00,52,00,23,00,43,00,64,00,52,00,6f,00,\
"\\??\\Volume{d27dd59d-be18-11dd-8f30-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{e02bedbb-db18-11dd-8f5f-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{a763bb5c-e3f1-11dd-8feb-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{c46dd889-c24b-11de-9171-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{206b8338-89a0-11df-928f-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{714882ba-89a3-11df-aefd-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{714883bd-89a3-11df-aefd-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1240)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
- - - - - - - > 'explorer.exe'(2528)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2011-05-05 20:01:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-05 18:01
.
Pre-Run: 57 284 198 400 bytes free
Post-Run: 57 229 049 856 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E9161CBCDB28EF1347BCB2F829472446
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Neobvyklá aktivita sítě - virus
Několik položek CF smazal, zbytek logu vypadá čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Neobvyklá aktivita sítě - virus
Bohužel ne, po restartu bylo vše v pořádku, ale po cca 5 minutách je síť zase plně vytížená...Rudy píše:Několik položek CF smazal, zbytek logu vypadá čistý. Nastala nějaká změna?
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Neobvyklá aktivita sítě - virus
Zkuste provést ještě jedem ComboFix a dát log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Neobvyklá aktivita sítě - virus
Provedeno, zde je:Rudy píše:Zkuste provést ještě jedem ComboFix a dát log.
ComboFix 11-05-04.04 - Fanda 05.05.2011 20:43:59.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1496 [GMT 2:00]
Running from: c:\documents and settings\Fanda\Desktop\ComboFix.exe
FW: Sunbelt Kerio Personal Firewall *Enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-05-05 17:15 . 2011-05-05 17:15 -------- d-----w- C:\rsit
2011-04-28 11:54 . 2011-04-28 12:20 -------- d-----w- c:\documents and settings\Fanda\Application Data\Gearbox Software
2011-04-20 16:43 . 2011-04-20 16:43 -------- d-----w- c:\program files\Valve
2011-04-16 21:50 . 2011-04-16 21:52 -------- d-----w- c:\documents and settings\Fanda\Application Data\wargaming.net
2011-04-16 21:35 . 2011-04-16 21:35 -------- d-----w- C:\Games
2011-04-16 09:59 . 2011-04-16 13:53 -------- d-----w- c:\documents and settings\Fanda\Application Data\gtk-2.0
2011-04-16 09:59 . 2011-04-16 09:59 -------- d-----w- c:\documents and settings\Fanda\.thumbnails
2011-04-16 09:56 . 2011-04-16 13:53 -------- d-----w- c:\documents and settings\Fanda\.gimp-2.6
2011-04-16 09:48 . 2011-04-16 09:48 -------- d-----w- c:\program files\GIMP-2.0
2011-04-14 17:31 . 2011-04-16 17:57 -------- d-----w- c:\program files\Steam
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-04-07 10:14 . 2011-04-07 10:14 -------- d-----w- c:\program files\EA GAMES
2011-04-07 10:10 . 2004-07-09 02:26 47104 -c--a-w- c:\windows\system32\dllcache\wstdecod.dll
2011-04-07 10:10 . 2004-07-09 02:26 1230336 -c--a-w- c:\windows\system32\dllcache\msvidctl.dll
2011-04-07 10:10 . 2002-12-11 22:14 733184 -c--a-w- c:\windows\system32\dllcache\qedwipes.dll
2011-04-07 10:10 . 2002-12-11 22:14 1798144 -c--a-w- c:\windows\system32\dllcache\qedit.dll
2011-04-07 10:10 . 2002-12-11 22:14 12288 ----a-w- c:\windows\system32\ksolay.ax
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-25 22:47 . 2011-03-25 22:47 1409 ----a-w- c:\windows\QTFont.for
2009-10-17 16:37 164352 --sh--w- c:\windows\system32\SCS.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Quicker Help]
2006-07-19 08:52 3167744 ----a-w- c:\program files\ASUS\ASUS DH Remote\AsRc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-08-16 11:24 167368 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-12-03 15:46 14944136 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dawn of war ii - retribution\\DOW2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24860:TCP"= 24860:TCP:BitComet 24860 TCP
"24860:UDP"= 24860:UDP:BitComet 24860 UDP
"17789:TCP"= 17789:TCP:BitComet 17789 TCP
"17789:UDP"= 17789:UDP:BitComet 17789 UDP
"80:UDP"= 80:UDP:BitComet 80 UDP
"3445:TCP"= 3445:TCP:BitComet 3445 TCP
"3445:UDP"= 3445:UDP:BitComet 3445 UDP
"18478:TCP"= 18478:TCP:BitComet 18478 TCP
"18478:UDP"= 18478:UDP:BitComet 18478 UDP
"18042:TCP"= 18042:TCP:BitComet 18042 TCP
"18042:UDP"= 18042:UDP:BitComet 18042 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/10/2007 7:55 PM 697328]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [7/18/2006 1:02 PM 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [7/18/2006 1:02 PM 91672]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 2:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 32256]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [12/29/2006 6:39 PM 176128]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [4/21/2009 9:09 PM 93440]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [12/29/2006 6:26 PM 5824]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ww.seznam.cz/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
TCP: {90EC9EEE-5959-4F21-B786-9BB29C29A239} = 192.168.19.177,77.48.254.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: network.proxy.http - 95.168.205.20
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-05 20:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\System\MountedDevices]
@Denied: (Read) (Administrators)
"\\??\\Volume{f3fc26a4-9752-11db-b2a3-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\
"\\??\\Volume{f3fc26a5-9752-11db-b2a3-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,41,00,54,00,41,00,\
"\\DosDevices\\A:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,
45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\
"\\DosDevices\\D:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,
64,00,52,00,6f,00,6d,00,41,00,54,00,41,00,50,00,49,00,5f,00,44,00,56,00,44,\
"\\??\\Volume{f3fc26a7-9752-11db-b2a3-806d6172696f}"=hex:4f,f8,4f,f8,00,7e,00,
00,00,00,00,00
"\\DosDevices\\C:"=hex:4f,f8,4f,f8,00,7e,00,00,00,00,00,00
"\\??\\Volume{b836109a-9a87-11db-b2d2-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\E:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,
43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,52,00,44,00,35,\
"\\??\\Volume{707edcf2-a7f5-11db-8a5a-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{821dcc82-a863-11db-8a5c-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\F:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{9189b014-ad5e-11db-8a6a-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{9189b015-ad5e-11db-8a6a-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\G:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{9189b016-ad5e-11db-8a6a-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\H:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{9189b017-ad5e-11db-8a6a-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\I:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{81ab8620-c3f4-11db-8a9c-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{525d3dc6-dd37-11db-8b02-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{9521668a-458f-11dc-8be6-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{d25198bc-910d-11dc-8c79-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{40b15e8e-9666-11dc-8c83-0015af0d399c}"=hex:5d,e3,c6,64,00,7e,00,
00,00,00,00,00
"\\??\\Volume{14b5a43a-b4d8-11dc-8ccd-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{93424692-008b-11dd-8d71-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{601863f9-1c3a-11dd-8db2-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{0e080e50-704b-11dd-8e89-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{ff03df86-91f8-11dd-8ecf-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{d27dd59c-be18-11dd-8f30-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,55,00,53,00,42,00,53,00,54,00,4f,00,52,00,23,00,43,00,64,00,52,00,6f,00,\
"\\??\\Volume{d27dd59d-be18-11dd-8f30-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{e02bedbb-db18-11dd-8f5f-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{a763bb5c-e3f1-11dd-8feb-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{c46dd889-c24b-11de-9171-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{206b8338-89a0-11df-928f-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{714882ba-89a3-11df-aefd-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{714883bd-89a3-11df-aefd-0015af0d399c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1240)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
- - - - - - - > 'explorer.exe'(172)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-05 20:53:24
ComboFix-quarantined-files.txt 2011-05-05 18:53
ComboFix2.txt 2011-05-05 18:01
.
Pre-Run: 57 293 037 568 bytes free
Post-Run: 57 276 174 336 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 3761722399FCACB09C1E6C5FE6427B09
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Neobvyklá aktivita sítě - virus
Nic nebezpečného tam už nevidím. Ještě zkuste provést skenh AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Dejte log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Neobvyklá aktivita sítě - virus
Hotovo... docela to trvalo, omlouvám se za zpožděníRudy píše:Nic nebezpečného tam už nevidím. Ještě zkuste provést skenh AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Dejte log.
Autoscan: completed 4 minutes ago (events: 2, objects: 247719, time: 01:31:18)
5.5.2011 21:22:15 Task started
5.5.2011 22:53:34 Task completed
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Neobvyklá aktivita sítě - virus
AVPTool nenašel nic. Ještě zkuste kontrolu na rootkit. Udělejte sken GMER: http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 a dejte oba logy.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Neobvyklá aktivita sítě - virus
Omlouvám se za zpožděníRudy píše:AVPTool nenašel nic. Ještě zkuste kontrolu na rootkit. Udělejte sken GMER: http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 a dejte oba logy.
Log 1:
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit quick scan 2011-05-06 11:09:55
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3320620AS rev.3.AAE
Running: gmer.exe; Driver: C:\DOCUME~1\Fanda\LOCALS~1\Temp\awgyrpob.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- System - GMER 1.0.15 ----
SSDT spdb.sys ZwEnumerateKey [0xF74F8E4C]
SSDT spdb.sys ZwEnumerateValueKey [0xF74F91DA]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\amcfdz9u \Device\Scsi\amcfdz9u1Port5Path0Target0Lun0 8A5752D8
Device \Driver\JRAID \Device\Scsi\JRAID1 8A88A1F8
Device \Driver\amcfdz9u \Device\Scsi\amcfdz9u1 8A5752D8
Device \FileSystem\Ntfs \Ntfs 8A8891F8
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Log 2:
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-06 11:16:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST3320620AS rev.3.AAE
Running: gmer.exe; Driver: C:\DOCUME~1\Fanda\LOCALS~1\Temp\awgyrpob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwClose [0xB3617110]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xB3616920]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateKey [0xB3612EE0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xB3615F20]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xB3615D90]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xB3616480]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xB3617190]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xB3613320]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteValueKey [0xB36133C0]
SSDT spdb.sys ZwEnumerateKey [0xF74F8E4C]
SSDT spdb.sys ZwEnumerateValueKey [0xF74F91DA]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xB343D9A0]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xB343DB30]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xB3616BF0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xB3613140]
SSDT spdb.sys ZwQueryKey [0xF74F92B2]
SSDT spdb.sys ZwQueryValueKey [0xF74F9132]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xB3616510]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xB3616F00]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetValueKey [0xB36134D0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xB3616E50]
INT 0x62 ? 8A8FBC88
INT 0x63 ? 8A88EC88
INT 0x73 ? 8A5B3C88
INT 0x82 ? 8A8FBC88
INT 0x84 ? 8A5B3C88
INT 0x94 ? 8A5B3C88
INT 0xA4 ? 8A8FBC88
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 16E 804E4998 5 Bytes [90, 71, 61, B3, 20] {NOP ; JNO 0x64; MOV BL, 0x20}
.text ntoskrnl.exe!ZwYieldExecution + 174 804E499E 2 Bytes [61, B3]
? spdb.sys The system cannot find the file specified. !
PAGENDSM NDIS.sys!NdisMIndicateStatus B86649EF 6 Bytes JMP B360AED0 \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB75493A0, 0x5CC259, 0xE8000020]
.text USBPORT.SYS!DllUnload B74CB8AC 5 Bytes JMP 8A5B31D8
.text C:\WINDOWS\System32\DRIVERS\atksgt.sys section is writeable [0xB23D1300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\System32\DRIVERS\lirsgt.sys section is writeable [0xF778F300, 0x1B7E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[412] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[412] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[412] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[412] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[412] WININET.dll!InternetOpenW 771BAF29 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[412] WININET.dll!InternetConnectA 771C3452 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[412] WININET.dll!InternetOpenA 771C578E 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[412] WININET.dll!InternetOpenUrlA 771C5A5A 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[412] WININET.dll!InternetConnectW 771CEE00 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[412] WININET.dll!InternetOpenUrlW 771D5B72 5 Bytes JMP 00080EC8
.text C:\WINDOWS\RTHDCPL.EXE[420] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\RTHDCPL.EXE[420] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\RTHDCPL.EXE[420] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\RTHDCPL.EXE[420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\RTHDCPL.EXE[420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\RTHDCPL.EXE[420] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\WINDOWS\RTHDCPL.EXE[420] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\WINDOWS\RTHDCPL.EXE[420] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\WINDOWS\RTHDCPL.EXE[420] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\WINDOWS\RTHDCPL.EXE[420] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\WINDOWS\RTHDCPL.EXE[420] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\WINDOWS\RTHDCPL.EXE[420] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\WINDOWS\RTHDCPL.EXE[420] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\WINDOWS\RTHDCPL.EXE[420] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\RTHDCPL.EXE[420] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\WINDOWS\vsnpstd3.exe[608] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\vsnpstd3.exe[608] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\vsnpstd3.exe[608] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\vsnpstd3.exe[608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\vsnpstd3.exe[608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\vsnpstd3.exe[608] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\WINDOWS\vsnpstd3.exe[608] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\WINDOWS\vsnpstd3.exe[608] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\WINDOWS\vsnpstd3.exe[608] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\WINDOWS\vsnpstd3.exe[608] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\WINDOWS\vsnpstd3.exe[608] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\WINDOWS\vsnpstd3.exe[608] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\WINDOWS\vsnpstd3.exe[608] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\WINDOWS\vsnpstd3.exe[608] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\vsnpstd3.exe[608] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\RUNDLL32.EXE[668] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\RUNDLL32.EXE[668] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\RUNDLL32.EXE[668] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\RUNDLL32.EXE[668] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\RUNDLL32.EXE[668] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\RUNDLL32.EXE[668] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\RUNDLL32.EXE[668] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\RUNDLL32.EXE[668] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\RUNDLL32.EXE[668] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\RUNDLL32.EXE[668] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\RUNDLL32.EXE[668] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\RUNDLL32.EXE[668] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\RUNDLL32.EXE[668] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\RUNDLL32.EXE[668] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\RUNDLL32.EXE[668] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\tsnpstd3.exe[672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\tsnpstd3.exe[672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\tsnpstd3.exe[672] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\tsnpstd3.exe[672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\tsnpstd3.exe[672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\tsnpstd3.exe[672] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\WINDOWS\tsnpstd3.exe[672] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\WINDOWS\tsnpstd3.exe[672] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\WINDOWS\tsnpstd3.exe[672] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\WINDOWS\tsnpstd3.exe[672] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\WINDOWS\tsnpstd3.exe[672] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\WINDOWS\tsnpstd3.exe[672] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\WINDOWS\tsnpstd3.exe[672] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\WINDOWS\tsnpstd3.exe[672] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\tsnpstd3.exe[672] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\spoolsv.exe[772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[772] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[772] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[772] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[772] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[772] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[772] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[772] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[772] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[772] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[772] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[772] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[772] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[772] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[772] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00030838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00030950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] WININET.dll!InternetOpenW 771BAF29 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] WININET.dll!InternetConnectA 771C3452 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] WININET.dll!InternetOpenA 771C578E 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] WININET.dll!InternetOpenUrlA 771C5A5A 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] WININET.dll!InternetConnectW 771CEE00 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[924] WININET.dll!InternetOpenUrlW 771D5B72 5 Bytes JMP 00030EC8
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1184] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[1184] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[1184] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[1184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[1184] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[1184] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[1184] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[1184] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[1184] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[1184] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[1184] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[1184] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[1184] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[1184] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[1184] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1184] WININET.dll!InternetOpenW 771BAF29 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[1184] WININET.dll!InternetConnectA 771C3452 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[1184] WININET.dll!InternetOpenA 771C578E 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[1184] WININET.dll!InternetOpenUrlA 771C5A5A 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[1184] WININET.dll!InternetConnectW 771CEE00 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[1184] WININET.dll!InternetOpenUrlW 771D5B72 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[1184] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[1184] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[1184] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\csrss.exe[1216] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[1216] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[1216] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[1216] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[1216] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[1216] KERNEL32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[1216] KERNEL32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[1216] KERNEL32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[1216] KERNEL32.dll!CreateThread 7C8106C7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[1216] KERNEL32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[1216] KERNEL32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[1216] KERNEL32.dll!WinExec 7C8623AD 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[1216] KERNEL32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[1216] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[1216] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[1240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1240] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1240] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1240] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1240] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1240] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1240] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1240] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1240] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1240] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1240] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[1240] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[1240] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[1240] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[1240] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\winlogon.exe[1240] WININET.dll!InternetOpenW 771BAF29 5 Bytes JMP 00070DB0
.text C:\WINDOWS\system32\winlogon.exe[1240] WININET.dll!InternetConnectA 771C3452 5 Bytes JMP 00070F54
.text C:\WINDOWS\system32\winlogon.exe[1240] WININET.dll!InternetOpenA 771C578E 5 Bytes JMP 00070D24
.text C:\WINDOWS\system32\winlogon.exe[1240] WININET.dll!InternetOpenUrlA 771C5A5A 5 Bytes JMP 00070E3C
.text C:\WINDOWS\system32\winlogon.exe[1240] WININET.dll!InternetConnectW 771CEE00 5 Bytes JMP 00070FE0
.text C:\WINDOWS\system32\winlogon.exe[1240] WININET.dll!InternetOpenUrlW 771D5B72 5 Bytes JMP 00070EC8
.text C:\WINDOWS\system32\services.exe[1284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1284] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1284] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1284] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1284] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1284] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1284] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1284] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1284] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1284] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1284] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[1284] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[1284] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[1284] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[1284] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\lsass.exe[1304] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1304] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1304] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1304] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1304] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1304] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1304] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1304] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1304] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1304] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1304] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1304] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1304] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[1304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1304] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1304] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1304] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\nvsvc32.exe[1484] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\nvsvc32.exe[1484] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\nvsvc32.exe[1484] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\nvsvc32.exe[1484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\nvsvc32.exe[1484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\nvsvc32.exe[1484] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\nvsvc32.exe[1484] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\nvsvc32.exe[1484] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\nvsvc32.exe[1484] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\nvsvc32.exe[1484] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\nvsvc32.exe[1484] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\nvsvc32.exe[1484] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
Re: Neobvyklá aktivita sítě - virus
.text C:\WINDOWS\system32\nvsvc32.exe[1484] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\nvsvc32.exe[1484] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\nvsvc32.exe[1484] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\nvsvc32.exe[1484] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\nvsvc32.exe[1484] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\nvsvc32.exe[1484] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1516] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1516] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1516] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1516] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1516] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1572] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1572] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1572] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wscntfy.exe[1680] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\wscntfy.exe[1680] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00070720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1716] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1716] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1716] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1716] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1716] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1716] WININET.dll!InternetOpenW 771BAF29 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1716] WININET.dll!InternetConnectA 771C3452 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1716] WININET.dll!InternetOpenA 771C578E 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1716] WININET.dll!InternetOpenUrlA 771C5A5A 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1716] WININET.dll!InternetConnectW 771CEE00 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1716] WININET.dll!InternetOpenUrlW 771D5B72 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[1828] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[1828] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[1828] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[1828] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[1828] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1864] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1864] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1864] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1864] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1864] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] WININET.dll!InternetOpenW 771BAF29 5 Bytes JMP 00130DB0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] WININET.dll!InternetConnectA 771C3452 5 Bytes JMP 00130F54
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] WININET.dll!InternetOpenA 771C578E 5 Bytes JMP 00130D24
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] WININET.dll!InternetOpenUrlA 771C5A5A 5 Bytes JMP 00130E3C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] WININET.dll!InternetConnectW 771CEE00 5 Bytes JMP 00130FE0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] WININET.dll!InternetOpenUrlW 771D5B72 5 Bytes JMP 00130EC8
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[2368] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[2368] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[2368] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[2368] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[2368] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00070004
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0007011C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000704F0
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0007057C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000703D8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0007034C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070464
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00070608
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000707AC
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00070720
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000708C4
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00070838
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00070950
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] WININET.dll!InternetOpenW 771BAF29 5 Bytes JMP 00070DB0
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] WININET.dll!InternetConnectA 771C3452 5 Bytes JMP 00070F54
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] WININET.dll!InternetOpenA 771C578E 5 Bytes JMP 00070D24
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] WININET.dll!InternetOpenUrlA 771C5A5A 5 Bytes JMP 00070E3C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] WININET.dll!InternetConnectW 771CEE00 5 Bytes JMP 00070FE0
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] WININET.dll!InternetOpenUrlW 771D5B72 5 Bytes JMP 00070EC8
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00070004
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0007011C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000704F0
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0007057C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000703D8
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0007034C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070464
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00070608
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000707AC
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00070720
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000708C4
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00070838
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00070950
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] WININET.dll!InternetOpenW 771BAF29 5 Bytes JMP 00070DB0
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] WININET.dll!InternetConnectA 771C3452 5 Bytes JMP 00070F54
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] WININET.dll!InternetOpenA 771C578E 5 Bytes JMP 00070D24
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] WININET.dll!InternetOpenUrlA 771C5A5A 5 Bytes JMP 00070E3C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] WININET.dll!InternetConnectW 771CEE00 5 Bytes JMP 00070FE0
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] WININET.dll!InternetOpenUrlW 771D5B72 5 Bytes JMP 00070EC8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1040C334 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] WININET.dll!InternetOpenW 771BAF29 5 Bytes JMP 00130DB0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] WININET.dll!InternetConnectA 771C3452 5 Bytes JMP 00130F54
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] WININET.dll!InternetOpenA 771C578E 5 Bytes JMP 00130D24
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] WININET.dll!InternetOpenUrlA 771C5A5A 5 Bytes JMP 00130E3C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] WININET.dll!InternetConnectW 771CEE00 5 Bytes JMP 00130FE0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] WININET.dll!InternetOpenUrlW 771D5B72 5 Bytes JMP 00130EC8
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A88E308
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F750CECE] spdb.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F750CF22] spdb.sys
IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F74DF3E6] spdb.sys
IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F74DF90E] spdb.sys
IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F74DFF9C] spdb.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74DF90E] spdb.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74DF1D4] spdb.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74DF116] spdb.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74E0178] spdb.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74DFF9C] spdb.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A5B3308
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74F0976] spdb.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B360ACE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B360AD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B360AD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B360ADC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B360AD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B360AD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B360ACE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClCloseCall] [B360B680] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClMakeCall] [B360B580] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoDeleteVc] [B360B4C0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoCreateVc] [B360B360] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B360ACE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B360AD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClOpenAddressFamily] [B360BBB0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClCloseAddressFamily] [B360BE70] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoSendPackets] [B360B210] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B360ADC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B360AD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B360AD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B360ADC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B360ACE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B360AD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A8891F8
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 8A6731F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A88B1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A88B1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A88B1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A88B1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A6731F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{90EC9EEE-5959-4F21-B786-9BB29C29A239} 8A68E470
Device \Driver\NetBT \Device\NetBT_Tcpip_{686DE80E-EC27-4030-845D-B3A3157B053E} 8A68E470
Device \Driver\usbuhci \Device\USBPDO-2 8A6731F8
Device \Driver\usbuhci \Device\USBPDO-3 8A6731F8
Device \Driver\usbehci \Device\USBPDO-4 8A65C470
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8FC1F8
Device \Driver\Cdrom \Device\CdRom0 8A62D1F8
Device \Driver\atapi \Device\Ide\IdePort0 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A62D1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A68E470
Device \Driver\NetBT \Device\NetbiosSmb 8A68E470
Device \Driver\NetBT \Device\NetBT_Tcpip_{9AD141A4-166E-405B-9453-7AC2995BFAFB} 8A68E470
Device \Driver\PCI_PNP8760 \Device\0000004d spdb.sys
Device \Driver\PCI_PNP8760 \Device\0000004d spdb.sys
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\sptd \Device\295592510 spdb.sys
Device \Driver\usbuhci \Device\USBFDO-0 8A6731F8
Device \Driver\usbuhci \Device\USBFDO-1 8A6731F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A2D2470
Device \Driver\usbuhci \Device\USBFDO-2 8A6731F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A2D2470
Device \Driver\usbuhci \Device\USBFDO-3 8A6731F8
Device \Driver\usbehci \Device\USBFDO-4 8A65C470
Device \Driver\Ftdisk \Device\FtControl 8A8FC1F8
Device \Driver\amcfdz9u \Device\Scsi\amcfdz9u1Port5Path0Target0Lun0 8A5752D8
Device \Driver\JRAID \Device\Scsi\JRAID1 8A88A1F8
Device \Driver\amcfdz9u \Device\Scsi\amcfdz9u1 8A5752D8
Device \FileSystem\Cdfs \Cdfs 8A308470
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 184295376
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 981310211
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD1 0x08 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA3 0xDE 0x32 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0D 0xD8 0x3F 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x28 0x40 0x23 0x5E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x54 0x7F 0x37 0x23 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x88 0x4B 0x98 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x28 0x40 0x23 0x5E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x70 0x9D 0x41 0x84 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x58 0x1F 0xC3 0x74 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x28 0x40 0x23 0x5E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9E 0xFB 0x2D 0xD5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD1 0x08 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA3 0xDE 0x32 0xF3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0D 0xD8 0x3F 0x1B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x28 0x40 0x23 0x5E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x54 0x7F 0x37 0x23 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- EOF - GMER 1.0.15 ----
.text C:\WINDOWS\system32\nvsvc32.exe[1484] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\nvsvc32.exe[1484] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\nvsvc32.exe[1484] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\nvsvc32.exe[1484] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\nvsvc32.exe[1484] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1516] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1516] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1516] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1516] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1516] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1572] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1572] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1572] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wscntfy.exe[1680] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wscntfy.exe[1680] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\wscntfy.exe[1680] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00070720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1696] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1716] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1716] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1716] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1716] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1716] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1716] WININET.dll!InternetOpenW 771BAF29 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1716] WININET.dll!InternetConnectA 771C3452 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1716] WININET.dll!InternetOpenA 771C578E 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1716] WININET.dll!InternetOpenUrlA 771C5A5A 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1716] WININET.dll!InternetConnectW 771CEE00 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1716] WININET.dll!InternetOpenUrlW 771D5B72 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1820] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[1828] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[1828] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[1828] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[1828] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[1828] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1864] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1864] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1864] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1864] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1864] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] WININET.dll!InternetOpenW 771BAF29 5 Bytes JMP 00130DB0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] WININET.dll!InternetConnectA 771C3452 5 Bytes JMP 00130F54
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] WININET.dll!InternetOpenA 771C578E 5 Bytes JMP 00130D24
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] WININET.dll!InternetOpenUrlA 771C5A5A 5 Bytes JMP 00130E3C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] WININET.dll!InternetConnectW 771CEE00 5 Bytes JMP 00130FE0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2312] WININET.dll!InternetOpenUrlW 771D5B72 5 Bytes JMP 00130EC8
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[2368] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[2368] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[2368] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[2368] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[2368] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Documents and Settings\Fanda\Desktop\gmer\gmer.exe[2672] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00070004
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0007011C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000704F0
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0007057C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000703D8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0007034C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070464
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00070608
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000707AC
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00070720
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000708C4
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00070838
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00070950
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] WININET.dll!InternetOpenW 771BAF29 5 Bytes JMP 00070DB0
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] WININET.dll!InternetConnectA 771C3452 5 Bytes JMP 00070F54
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] WININET.dll!InternetOpenA 771C578E 5 Bytes JMP 00070D24
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] WININET.dll!InternetOpenUrlA 771C5A5A 5 Bytes JMP 00070E3C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] WININET.dll!InternetConnectW 771CEE00 5 Bytes JMP 00070FE0
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2980] WININET.dll!InternetOpenUrlW 771D5B72 5 Bytes JMP 00070EC8
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00070004
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0007011C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000704F0
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0007057C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000703D8
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0007034C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070464
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00070608
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000707AC
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00070720
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000708C4
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00070838
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00070950
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] WININET.dll!InternetOpenW 771BAF29 5 Bytes JMP 00070DB0
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] WININET.dll!InternetConnectA 771C3452 5 Bytes JMP 00070F54
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] WININET.dll!InternetOpenA 771C578E 5 Bytes JMP 00070D24
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] WININET.dll!InternetOpenUrlA 771C5A5A 5 Bytes JMP 00070E3C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] WININET.dll!InternetConnectW 771CEE00 5 Bytes JMP 00070FE0
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3136] WININET.dll!InternetOpenUrlW 771D5B72 5 Bytes JMP 00070EC8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1040C334 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] WININET.dll!InternetOpenW 771BAF29 5 Bytes JMP 00130DB0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] WININET.dll!InternetConnectA 771C3452 5 Bytes JMP 00130F54
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] WININET.dll!InternetOpenA 771C578E 5 Bytes JMP 00130D24
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] WININET.dll!InternetOpenUrlA 771C5A5A 5 Bytes JMP 00130E3C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] WININET.dll!InternetConnectW 771CEE00 5 Bytes JMP 00130FE0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] WININET.dll!InternetOpenUrlW 771D5B72 5 Bytes JMP 00130EC8
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A88E308
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F750CECE] spdb.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F750CF22] spdb.sys
IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F74DF3E6] spdb.sys
IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F74DF90E] spdb.sys
IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F74DFF9C] spdb.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74DF90E] spdb.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74DF1D4] spdb.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74DF116] spdb.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74E0178] spdb.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74DFF9C] spdb.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A5B3308
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74F0976] spdb.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B360ACE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B360AD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B360AD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B360ADC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B360AD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B360AD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B360ACE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClCloseCall] [B360B680] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClMakeCall] [B360B580] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoDeleteVc] [B360B4C0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoCreateVc] [B360B360] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B360ACE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B360AD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClOpenAddressFamily] [B360BBB0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClCloseAddressFamily] [B360BE70] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoSendPackets] [B360B210] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B360ADC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B360AD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B360AD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B360ADC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B360ACE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B360AD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A8891F8
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 8A6731F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A88B1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A88B1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A88B1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A88B1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A6731F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{90EC9EEE-5959-4F21-B786-9BB29C29A239} 8A68E470
Device \Driver\NetBT \Device\NetBT_Tcpip_{686DE80E-EC27-4030-845D-B3A3157B053E} 8A68E470
Device \Driver\usbuhci \Device\USBPDO-2 8A6731F8
Device \Driver\usbuhci \Device\USBPDO-3 8A6731F8
Device \Driver\usbehci \Device\USBPDO-4 8A65C470
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8FC1F8
Device \Driver\Cdrom \Device\CdRom0 8A62D1F8
Device \Driver\atapi \Device\Ide\IdePort0 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A62D1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A68E470
Device \Driver\NetBT \Device\NetbiosSmb 8A68E470
Device \Driver\NetBT \Device\NetBT_Tcpip_{9AD141A4-166E-405B-9453-7AC2995BFAFB} 8A68E470
Device \Driver\PCI_PNP8760 \Device\0000004d spdb.sys
Device \Driver\PCI_PNP8760 \Device\0000004d spdb.sys
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\sptd \Device\295592510 spdb.sys
Device \Driver\usbuhci \Device\USBFDO-0 8A6731F8
Device \Driver\usbuhci \Device\USBFDO-1 8A6731F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A2D2470
Device \Driver\usbuhci \Device\USBFDO-2 8A6731F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A2D2470
Device \Driver\usbuhci \Device\USBFDO-3 8A6731F8
Device \Driver\usbehci \Device\USBFDO-4 8A65C470
Device \Driver\Ftdisk \Device\FtControl 8A8FC1F8
Device \Driver\amcfdz9u \Device\Scsi\amcfdz9u1Port5Path0Target0Lun0 8A5752D8
Device \Driver\JRAID \Device\Scsi\JRAID1 8A88A1F8
Device \Driver\amcfdz9u \Device\Scsi\amcfdz9u1 8A5752D8
Device \FileSystem\Cdfs \Cdfs 8A308470
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 184295376
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 981310211
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD1 0x08 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA3 0xDE 0x32 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0D 0xD8 0x3F 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x28 0x40 0x23 0x5E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x54 0x7F 0x37 0x23 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x88 0x4B 0x98 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x28 0x40 0x23 0x5E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x70 0x9D 0x41 0x84 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x58 0x1F 0xC3 0x74 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x28 0x40 0x23 0x5E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9E 0xFB 0x2D 0xD5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD1 0x08 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA3 0xDE 0x32 0xF3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0D 0xD8 0x3F 0x1B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x28 0x40 0x23 0x5E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x54 0x7F 0x37 0x23 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- EOF - GMER 1.0.15 ----
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Neobvyklá aktivita sítě - virus
Pravděpodobně nějaká chyba v MBR, nebo MBR rootkit. Stáhněte MBR: http://www2.gmer.net/mbr/mbr.exe , uložte na plochu a spusťte. Utilita vytvoří krátký log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Neobvyklá aktivita sítě - virus
Zde:Rudy píše:Pravděpodobně nějaká chyba v MBR, nebo MBR rootkit. Stáhněte MBR: http://www2.gmer.net/mbr/mbr.exe , uložte na plochu a spusťte. Utilita vytvoří krátký log, který sem zkopírujte.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3320620AS rev.3.AAE -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Neobvyklá aktivita sítě - virus
Takže mbr je podle této utility v pořádku, i když GMER vypsal toto:
Postupujte takto:
Nicméně zkuste TDSSKiller: http://support.kaspersky.com/downloads/ ... killer.exeDisk \Device\Harddisk0\DR0 MBR read error
Postupujte takto:
- uložte na plochu.
- 2x klikněte na ikonu programu a spusťte
- dejte volbu Spustit kontrolu - pak potvrdte start sken
- pokud program najde infikovaný soubor, ukáže se Vám předvolená akce Cure, v tom případě potvrdte tlačítko Continue
- pokud bude chtít program restartovat počítač, klikněte na tlačítko Reboot Now
- pokud si restart nevyžádá, klikněte na tlačítko Report. Měl vy na Vás vyskočit log, obsah logu zkopírujte do svého topicu.
- pokud se log nezobrazí, je uložený ve Vašem kořenovém adresáři.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?
