Re: problém s účty
Napsal: 27 říj 2011 12:27
Tak jsem se zase po delší době k tomu dostal.Provedl jsem systémový checkdisk s automatickou opravou (příkaz C:\ chkdsk/f , je to doufám správně). Problémy přetrvávají.
Stránka 2 z 3
Re: problém s účty
Napsal: 27 říj 2011 16:28
Dám nějakou konzultaci s kolegy. Mějte, prosím, strpení.
Re: problém s účty
Napsal: 27 říj 2011 18:53
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Re: problém s účty
Napsal: 28 říj 2011 09:26
ComboFix 11-10-28.03 - Láďa 28.10.2011 9:56.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.158 [GMT 2:00]
Spuštěný z: c:\documents and settings\U×ivatel\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\COM+.log
c:\windows\IsUn0405.exe
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\regopt.log
c:\windows\system32\ReadMe.txt
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-23 18:08 . 2008-04-14 06:52 28672 ----a-w- c:\windows\system32\vidcap.ax
2011-10-23 18:08 . 2008-04-14 06:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-10-23 18:08 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-10-23 18:08 . 2008-04-14 06:52 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-10-23 18:08 . 2008-04-13 22:16 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2011-10-23 18:08 . 2008-04-13 22:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-10-22 12:28 . 2011-10-22 12:29 -------- d-----w- c:\program files\CrystalDiskInfo
2011-10-22 07:25 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-10-22 07:24 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-10-22 07:00 . 2010-12-09 15:14 2194944 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-10-22 07:00 . 2010-12-09 15:14 2029056 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-10-22 07:00 . 2010-12-09 15:14 2150912 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-10-22 07:00 . 2010-12-09 15:14 2071552 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-10-21 22:08 . 2008-04-14 06:52 46592 -c--a-w- c:\windows\system32\dllcache\svcext51.dll
2011-10-21 22:07 . 2008-04-14 06:52 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2011-10-21 22:06 . 2007-08-02 12:00 14848 -c--a-w- c:\windows\system32\dllcache\flattemp.exe
2011-10-21 22:05 . 2008-04-14 06:51 68608 -c--a-w- c:\windows\system32\dllcache\isatq.dll
2011-10-21 21:50 . 2007-08-02 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-10-21 21:50 . 2007-08-02 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-10-21 21:50 . 2007-08-02 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-10-21 21:50 . 2007-08-02 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-10-21 21:49 . 2007-08-02 12:00 14573 ----a-r- c:\windows\SETFC.tmp
2011-10-21 21:49 . 2008-04-14 08:52 16825 ----a-r- c:\windows\SETC9.tmp
2011-10-21 21:49 . 2008-04-14 08:52 1088840 ----a-r- c:\windows\SETBD.tmp
2011-10-21 21:49 . 2008-04-14 08:59 1246067 ----a-r- c:\windows\SETBA.tmp
2011-10-21 20:23 . 2011-10-22 08:26 -------- d-----w- c:\documents and settings\lump
2011-10-19 20:30 . 2011-10-19 20:30 -------- d-----w- c:\program files\Common Files\Java
2011-10-19 14:55 . 2011-10-19 14:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Mozilla Thunderbird
2011-10-19 14:55 . 2011-10-19 14:55 -------- d-----w- c:\program files\Mozilla Thunderbird
2011-10-19 14:33 . 2011-10-19 14:33 -------- d-----w- c:\documents and settings\míša\Data aplikací\TeamViewer
2011-10-19 14:07 . 2011-10-19 14:07 -------- d-----w- c:\documents and settings\míša\Local Settings\Data aplikací\Help
2011-10-14 16:07 . 2011-10-14 20:00 -------- d-----w- c:\program files\trend micro
2011-10-14 16:07 . 2011-10-14 16:08 -------- d-----w- C:\rsit
2011-09-29 17:58 . 2011-09-29 17:59 -------- d-----w- c:\program files\Microsoft Works
2011-09-29 17:28 . 2011-09-29 17:28 -------- d-----w- c:\program files\MSECache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-21 20:26 . 2011-05-21 07:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-14 21:30 . 2009-11-23 12:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-03 03:06 . 2010-05-18 21:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2011-06-13 12:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2007-08-02 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2007-08-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2008-04-14 06:51 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-09 09:12 . 2008-04-14 06:51 602112 ----a-w- c:\windows\system32\crypt32(2).dll
2011-09-06 20:45 . 2010-07-05 12:18 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2009-03-09 12:12 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-04-14 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2009-03-09 12:12 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2009-03-09 12:12 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2009-03-09 12:12 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2009-03-09 12:12 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2009-03-09 12:12 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2009-03-09 12:12 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2009-03-09 12:12 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2008-04-14 05:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2008-04-14 06:52 668160 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2008-04-14 06:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 13:56 . 2008-04-14 06:50 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:55 . 2008-04-14 05:50 370176 ----a-w- c:\windows\system32\html.iec
2011-08-31 15:00 . 2009-11-23 12:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-17 13:49 . 2008-04-13 22:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MiTeC InfoDesk"="c:\program files\MiTeC\InfoDesk\InfoDesk.EXE" [2010-09-02 1032704]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\katka\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\míša\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]
.
c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [15.1.2009 16:20 77312]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.4.2011 22:38 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.3.2009 14:12 320856]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [9.4.2009 0:33 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8.4.2009 23:47 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.3.2009 14:12 20568]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [9.4.2009 0:33 65576]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-28 c:\windows\Tasks\FreeCommander.job
- c:\program files\FreeCommander\FreeCommander.exe [2009-09-04 16:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/webhp?rls=ig
uInternet Connection Wizard,ShellNext = iexplore
IE: Crawler Search - tbr:iemenu
TCP: DhcpNameServer = 83.240.0.214 83.240.0.215
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\84s0we31.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKU-Default-RunOnce-tscuninstall - c:\windows\system32\tscupgrd.exe
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
AddRemove-Mozilla Thunderbird (7.0.1) - d:\tbird\uninstall\helper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-28 10:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1036)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-10-28 10:21:26
ComboFix-quarantined-files.txt 2011-10-28 08:21
.
Před spuštěním: Volných bajtů: 12 355 973 120
Po spuštění: Volných bajtů: 12 500 856 832
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 6036CCC932F9C2BA05C9320538B81E51
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.158 [GMT 2:00]
Spuštěný z: c:\documents and settings\U×ivatel\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\COM+.log
c:\windows\IsUn0405.exe
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\regopt.log
c:\windows\system32\ReadMe.txt
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-23 18:08 . 2008-04-14 06:52 28672 ----a-w- c:\windows\system32\vidcap.ax
2011-10-23 18:08 . 2008-04-14 06:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-10-23 18:08 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-10-23 18:08 . 2008-04-14 06:52 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-10-23 18:08 . 2008-04-13 22:16 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2011-10-23 18:08 . 2008-04-13 22:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-10-22 12:28 . 2011-10-22 12:29 -------- d-----w- c:\program files\CrystalDiskInfo
2011-10-22 07:25 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-10-22 07:24 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-10-22 07:00 . 2010-12-09 15:14 2194944 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-10-22 07:00 . 2010-12-09 15:14 2029056 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-10-22 07:00 . 2010-12-09 15:14 2150912 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-10-22 07:00 . 2010-12-09 15:14 2071552 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-10-21 22:08 . 2008-04-14 06:52 46592 -c--a-w- c:\windows\system32\dllcache\svcext51.dll
2011-10-21 22:07 . 2008-04-14 06:52 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2011-10-21 22:06 . 2007-08-02 12:00 14848 -c--a-w- c:\windows\system32\dllcache\flattemp.exe
2011-10-21 22:05 . 2008-04-14 06:51 68608 -c--a-w- c:\windows\system32\dllcache\isatq.dll
2011-10-21 21:50 . 2007-08-02 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-10-21 21:50 . 2007-08-02 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-10-21 21:50 . 2007-08-02 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-10-21 21:50 . 2007-08-02 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-10-21 21:49 . 2007-08-02 12:00 14573 ----a-r- c:\windows\SETFC.tmp
2011-10-21 21:49 . 2008-04-14 08:52 16825 ----a-r- c:\windows\SETC9.tmp
2011-10-21 21:49 . 2008-04-14 08:52 1088840 ----a-r- c:\windows\SETBD.tmp
2011-10-21 21:49 . 2008-04-14 08:59 1246067 ----a-r- c:\windows\SETBA.tmp
2011-10-21 20:23 . 2011-10-22 08:26 -------- d-----w- c:\documents and settings\lump
2011-10-19 20:30 . 2011-10-19 20:30 -------- d-----w- c:\program files\Common Files\Java
2011-10-19 14:55 . 2011-10-19 14:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Mozilla Thunderbird
2011-10-19 14:55 . 2011-10-19 14:55 -------- d-----w- c:\program files\Mozilla Thunderbird
2011-10-19 14:33 . 2011-10-19 14:33 -------- d-----w- c:\documents and settings\míša\Data aplikací\TeamViewer
2011-10-19 14:07 . 2011-10-19 14:07 -------- d-----w- c:\documents and settings\míša\Local Settings\Data aplikací\Help
2011-10-14 16:07 . 2011-10-14 20:00 -------- d-----w- c:\program files\trend micro
2011-10-14 16:07 . 2011-10-14 16:08 -------- d-----w- C:\rsit
2011-09-29 17:58 . 2011-09-29 17:59 -------- d-----w- c:\program files\Microsoft Works
2011-09-29 17:28 . 2011-09-29 17:28 -------- d-----w- c:\program files\MSECache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-21 20:26 . 2011-05-21 07:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-14 21:30 . 2009-11-23 12:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-03 03:06 . 2010-05-18 21:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2011-06-13 12:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2007-08-02 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2007-08-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2008-04-14 06:51 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-09 09:12 . 2008-04-14 06:51 602112 ----a-w- c:\windows\system32\crypt32(2).dll
2011-09-06 20:45 . 2010-07-05 12:18 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2009-03-09 12:12 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-04-14 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2009-03-09 12:12 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2009-03-09 12:12 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2009-03-09 12:12 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2009-03-09 12:12 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2009-03-09 12:12 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2009-03-09 12:12 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2009-03-09 12:12 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2008-04-14 05:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2008-04-14 06:52 668160 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2008-04-14 06:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 13:56 . 2008-04-14 06:50 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:55 . 2008-04-14 05:50 370176 ----a-w- c:\windows\system32\html.iec
2011-08-31 15:00 . 2009-11-23 12:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-17 13:49 . 2008-04-13 22:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MiTeC InfoDesk"="c:\program files\MiTeC\InfoDesk\InfoDesk.EXE" [2010-09-02 1032704]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\katka\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\míša\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]
.
c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [15.1.2009 16:20 77312]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.4.2011 22:38 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.3.2009 14:12 320856]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [9.4.2009 0:33 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8.4.2009 23:47 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.3.2009 14:12 20568]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [9.4.2009 0:33 65576]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-28 c:\windows\Tasks\FreeCommander.job
- c:\program files\FreeCommander\FreeCommander.exe [2009-09-04 16:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/webhp?rls=ig
uInternet Connection Wizard,ShellNext = iexplore
IE: Crawler Search - tbr:iemenu
TCP: DhcpNameServer = 83.240.0.214 83.240.0.215
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\84s0we31.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKU-Default-RunOnce-tscuninstall - c:\windows\system32\tscupgrd.exe
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
AddRemove-Mozilla Thunderbird (7.0.1) - d:\tbird\uninstall\helper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-28 10:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1036)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-10-28 10:21:26
ComboFix-quarantined-files.txt 2011-10-28 08:21
.
Před spuštěním: Volných bajtů: 12 355 973 120
Po spuštění: Volných bajtů: 12 500 856 832
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 6036CCC932F9C2BA05C9320538B81E51
Re: problém s účty
Napsal: 28 říj 2011 10:32
Ještě dočistíme. Otevřte poznámový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Firefox::
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =382950&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
Re: problém s účty
Napsal: 28 říj 2011 16:27
ComboFix 11-10-28.04 - Láďa 28.10.2011 16:59:36.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.257 [GMT 2:00]
Spuštěný z: c:\combofix\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\U×ivatel\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-23 18:08 . 2008-04-14 06:52 28672 ----a-w- c:\windows\system32\vidcap.ax
2011-10-23 18:08 . 2008-04-14 06:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-10-23 18:08 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-10-23 18:08 . 2008-04-14 06:52 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-10-23 18:08 . 2008-04-13 22:16 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2011-10-23 18:08 . 2008-04-13 22:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-10-22 12:28 . 2011-10-22 12:29 -------- d-----w- c:\program files\CrystalDiskInfo
2011-10-22 07:25 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-10-22 07:24 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-10-22 07:00 . 2010-12-09 15:14 2194944 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-10-22 07:00 . 2010-12-09 15:14 2029056 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-10-22 07:00 . 2010-12-09 15:14 2150912 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-10-22 07:00 . 2010-12-09 15:14 2071552 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-10-21 22:08 . 2008-04-14 06:52 46592 -c--a-w- c:\windows\system32\dllcache\svcext51.dll
2011-10-21 22:07 . 2008-04-14 06:52 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2011-10-21 22:06 . 2007-08-02 12:00 14848 -c--a-w- c:\windows\system32\dllcache\flattemp.exe
2011-10-21 22:05 . 2008-04-14 06:51 68608 -c--a-w- c:\windows\system32\dllcache\isatq.dll
2011-10-21 21:50 . 2007-08-02 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-10-21 21:50 . 2007-08-02 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-10-21 21:50 . 2007-08-02 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-10-21 21:50 . 2007-08-02 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-10-21 21:49 . 2007-08-02 12:00 14573 ----a-r- c:\windows\SETFC.tmp
2011-10-21 21:49 . 2008-04-14 08:52 16825 ----a-r- c:\windows\SETC9.tmp
2011-10-21 21:49 . 2008-04-14 08:52 1088840 ----a-r- c:\windows\SETBD.tmp
2011-10-21 21:49 . 2008-04-14 08:59 1246067 ----a-r- c:\windows\SETBA.tmp
2011-10-21 20:23 . 2011-10-22 08:26 -------- d-----w- c:\documents and settings\lump
2011-10-19 20:30 . 2011-10-19 20:30 -------- d-----w- c:\program files\Common Files\Java
2011-10-19 14:55 . 2011-10-19 14:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Mozilla Thunderbird
2011-10-19 14:55 . 2011-10-19 14:55 -------- d-----w- c:\program files\Mozilla Thunderbird
2011-10-19 14:33 . 2011-10-19 14:33 -------- d-----w- c:\documents and settings\míša\Data aplikací\TeamViewer
2011-10-19 14:07 . 2011-10-19 14:07 -------- d-----w- c:\documents and settings\míša\Local Settings\Data aplikací\Help
2011-10-14 16:07 . 2011-10-14 20:00 -------- d-----w- c:\program files\trend micro
2011-10-14 16:07 . 2011-10-14 16:08 -------- d-----w- C:\rsit
2011-09-29 17:58 . 2011-09-29 17:59 -------- d-----w- c:\program files\Microsoft Works
2011-09-29 17:28 . 2011-09-29 17:28 -------- d-----w- c:\program files\MSECache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-21 20:26 . 2011-05-21 07:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-14 21:30 . 2009-11-23 12:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-03 03:06 . 2010-05-18 21:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2011-06-13 12:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2007-08-02 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2007-08-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2008-04-14 06:51 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-09 09:12 . 2008-04-14 06:51 602112 ----a-w- c:\windows\system32\crypt32(2).dll
2011-09-06 20:45 . 2010-07-05 12:18 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2009-03-09 12:12 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-04-14 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2009-03-09 12:12 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2009-03-09 12:12 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2009-03-09 12:12 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2009-03-09 12:12 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2009-03-09 12:12 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2009-03-09 12:12 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2009-03-09 12:12 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2008-04-14 05:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2008-04-14 06:52 668160 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2008-04-14 06:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 13:56 . 2008-04-14 06:50 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:55 . 2008-04-14 05:50 370176 ----a-w- c:\windows\system32\html.iec
2011-08-31 15:00 . 2009-11-23 12:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-17 13:49 . 2008-04-13 22:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-28_08.15.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-28 10:53 . 2011-10-28 10:53 16384 c:\windows\Temp\Perflib_Perfdata_308.dat
+ 2011-10-28 15:17 . 2011-10-28 15:17 53248 c:\windows\Temp\catchme.dll
- 2011-10-28 08:15 . 2011-10-28 08:15 53248 c:\windows\Temp\catchme.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MiTeC InfoDesk"="c:\program files\MiTeC\InfoDesk\InfoDesk.EXE" [2010-09-02 1032704]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\katka\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\míša\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]
.
c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [15.1.2009 16:20 77312]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.4.2011 22:38 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.3.2009 14:12 320856]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [9.4.2009 0:33 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8.4.2009 23:47 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.3.2009 14:12 20568]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [9.4.2009 0:33 65576]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-28 c:\windows\Tasks\FreeCommander.job
- c:\program files\FreeCommander\FreeCommander.exe [2009-09-04 16:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/webhp?rls=ig
uInternet Connection Wizard,ShellNext = iexplore
IE: Crawler Search - tbr:iemenu
TCP: DhcpNameServer = 83.240.0.214 83.240.0.215
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\84s0we31.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-28 17:17
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1036)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3908)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-10-28 17:23:26
ComboFix-quarantined-files.txt 2011-10-28 15:23
ComboFix2.txt 2011-10-28 08:21
.
Před spuštěním: Volných bajtů: 12 460 822 528
Po spuštění: Volných bajtů: 12 443 774 976
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 97DD63161CADC0E381C38AE5C66AE3ED
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.257 [GMT 2:00]
Spuštěný z: c:\combofix\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\U×ivatel\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-23 18:08 . 2008-04-14 06:52 28672 ----a-w- c:\windows\system32\vidcap.ax
2011-10-23 18:08 . 2008-04-14 06:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-10-23 18:08 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-10-23 18:08 . 2008-04-14 06:52 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-10-23 18:08 . 2008-04-13 22:16 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2011-10-23 18:08 . 2008-04-13 22:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-10-22 12:28 . 2011-10-22 12:29 -------- d-----w- c:\program files\CrystalDiskInfo
2011-10-22 07:25 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-10-22 07:24 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-10-22 07:00 . 2010-12-09 15:14 2194944 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-10-22 07:00 . 2010-12-09 15:14 2029056 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-10-22 07:00 . 2010-12-09 15:14 2150912 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-10-22 07:00 . 2010-12-09 15:14 2071552 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-10-21 22:08 . 2008-04-14 06:52 46592 -c--a-w- c:\windows\system32\dllcache\svcext51.dll
2011-10-21 22:07 . 2008-04-14 06:52 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2011-10-21 22:06 . 2007-08-02 12:00 14848 -c--a-w- c:\windows\system32\dllcache\flattemp.exe
2011-10-21 22:05 . 2008-04-14 06:51 68608 -c--a-w- c:\windows\system32\dllcache\isatq.dll
2011-10-21 21:50 . 2007-08-02 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-10-21 21:50 . 2007-08-02 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-10-21 21:50 . 2007-08-02 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-10-21 21:50 . 2007-08-02 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-10-21 21:49 . 2007-08-02 12:00 14573 ----a-r- c:\windows\SETFC.tmp
2011-10-21 21:49 . 2008-04-14 08:52 16825 ----a-r- c:\windows\SETC9.tmp
2011-10-21 21:49 . 2008-04-14 08:52 1088840 ----a-r- c:\windows\SETBD.tmp
2011-10-21 21:49 . 2008-04-14 08:59 1246067 ----a-r- c:\windows\SETBA.tmp
2011-10-21 20:23 . 2011-10-22 08:26 -------- d-----w- c:\documents and settings\lump
2011-10-19 20:30 . 2011-10-19 20:30 -------- d-----w- c:\program files\Common Files\Java
2011-10-19 14:55 . 2011-10-19 14:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Mozilla Thunderbird
2011-10-19 14:55 . 2011-10-19 14:55 -------- d-----w- c:\program files\Mozilla Thunderbird
2011-10-19 14:33 . 2011-10-19 14:33 -------- d-----w- c:\documents and settings\míša\Data aplikací\TeamViewer
2011-10-19 14:07 . 2011-10-19 14:07 -------- d-----w- c:\documents and settings\míša\Local Settings\Data aplikací\Help
2011-10-14 16:07 . 2011-10-14 20:00 -------- d-----w- c:\program files\trend micro
2011-10-14 16:07 . 2011-10-14 16:08 -------- d-----w- C:\rsit
2011-09-29 17:58 . 2011-09-29 17:59 -------- d-----w- c:\program files\Microsoft Works
2011-09-29 17:28 . 2011-09-29 17:28 -------- d-----w- c:\program files\MSECache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-21 20:26 . 2011-05-21 07:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-14 21:30 . 2009-11-23 12:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-03 03:06 . 2010-05-18 21:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2011-06-13 12:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2007-08-02 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2007-08-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2008-04-14 06:51 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-09 09:12 . 2008-04-14 06:51 602112 ----a-w- c:\windows\system32\crypt32(2).dll
2011-09-06 20:45 . 2010-07-05 12:18 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2009-03-09 12:12 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-04-14 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2009-03-09 12:12 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2009-03-09 12:12 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2009-03-09 12:12 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2009-03-09 12:12 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2009-03-09 12:12 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2009-03-09 12:12 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2009-03-09 12:12 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2008-04-14 05:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2008-04-14 06:52 668160 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2008-04-14 06:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 13:56 . 2008-04-14 06:50 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:55 . 2008-04-14 05:50 370176 ----a-w- c:\windows\system32\html.iec
2011-08-31 15:00 . 2009-11-23 12:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-17 13:49 . 2008-04-13 22:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-28_08.15.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-28 10:53 . 2011-10-28 10:53 16384 c:\windows\Temp\Perflib_Perfdata_308.dat
+ 2011-10-28 15:17 . 2011-10-28 15:17 53248 c:\windows\Temp\catchme.dll
- 2011-10-28 08:15 . 2011-10-28 08:15 53248 c:\windows\Temp\catchme.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MiTeC InfoDesk"="c:\program files\MiTeC\InfoDesk\InfoDesk.EXE" [2010-09-02 1032704]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\katka\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\míša\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]
.
c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [15.1.2009 16:20 77312]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.4.2011 22:38 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.3.2009 14:12 320856]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [9.4.2009 0:33 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8.4.2009 23:47 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.3.2009 14:12 20568]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [9.4.2009 0:33 65576]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-28 c:\windows\Tasks\FreeCommander.job
- c:\program files\FreeCommander\FreeCommander.exe [2009-09-04 16:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/webhp?rls=ig
uInternet Connection Wizard,ShellNext = iexplore
IE: Crawler Search - tbr:iemenu
TCP: DhcpNameServer = 83.240.0.214 83.240.0.215
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\84s0we31.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-28 17:17
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1036)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3908)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-10-28 17:23:26
ComboFix-quarantined-files.txt 2011-10-28 15:23
ComboFix2.txt 2011-10-28 08:21
.
Před spuštěním: Volných bajtů: 12 460 822 528
Po spuštění: Volných bajtů: 12 443 774 976
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 97DD63161CADC0E381C38AE5C66AE3ED
Re: problém s účty
Napsal: 28 říj 2011 17:38
Log již vypadá čistý. Nastala nějaká změna?
Re: problém s účty
Napsal: 28 říj 2011 18:17
Problémy s přístupností disku C:\ stále přetrvávají
Re: problém s účty
Napsal: 28 říj 2011 18:56
OK. Zkuste sken GMER: http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 a dejte oba logy.
Re: problém s účty
Napsal: 28 říj 2011 19:41
První log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-10-28 20:17:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160812A rev.2AAA
Running: gmer.exe; Driver: C:\WINDOWS\TEMP\fgnoqkod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA97D5D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA97D5BC5]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-10-28 20:17:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160812A rev.2AAA
Running: gmer.exe; Driver: C:\WINDOWS\TEMP\fgnoqkod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA97D5D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA97D5BC5]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
Re: problém s účty
Napsal: 28 říj 2011 19:46
Druhý log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-28 20:33:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160812A rev.2AAA
Running: gmer.exe; Driver: C:\WINDOWS\TEMP\fgnoqkod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA97B1374]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA98182B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA97D5829]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA97B3996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA97B39EE]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xA9ACA868]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA97B3B04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA97D51DD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA97B38EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xA9AC9E90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xA9AC9D9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA97B3A3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA97B3940]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xA9ACA3FC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA97B3AB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA97B1398]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xA9ACB210]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA97D5EEF]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA97D61A5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA97B3D88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA97D5D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA97D5BC5]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA9818368]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA97B1162]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xF8749168]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA97B13BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA97B3EFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA97B1E54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA97B39C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA97B3A16]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xA9ACAB54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA97B3B2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA97D5539]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA97B3918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA97B3BC0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA97B3A7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA97B396E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA97B3CA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA97B3ADC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA9818400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA97D5A40]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA97B1D1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA97D5892]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA98206E2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA97D4850]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xA9ACA4EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA97B13E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA97B1404]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xA9ACAE8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA97B11BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA97B12F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA97D5FF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA97B12D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA97B131C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA97B1428]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xA9ACADE0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + D8 804E2744 16 Bytes [96, 39, 7B, A9, EE, 39, 7B, ...] {XCHG ESI, EAX; CMP [EBX-0x57], EDI; OUT DX, AL ; CMP [EBX-0x57], EDI; PUSH 0x4a9aca8; CMP EDI, [EBX-0x57]}
.text ntoskrnl.exe!_abnormal_termination + 140 804E27AC 12 Bytes [98, 13, 7B, A9, 10, B2, AC, ...] {CWDE ; ADC EDI, [EBX-0x57]; ADC [EDX+0x5eefa9ac], DH; JGE 0xffffffffffffffb5}
.text ntoskrnl.exe!_abnormal_termination + 214 804E2880 16 Bytes [C6, 39, 7B, A9, 16, 3A, 7B, ...]
PAGE ntoskrnl.exe!ObInsertObject 805650BA 5 Bytes JMP A982AE84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB08 1 Byte [A2]
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB08 4 Bytes CALL A97B24AF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A038B 5 Bytes JMP A98293DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6E85000, 0x1B601E, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF809992 5 Bytes JMP A97B4E48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813986 5 Bytes JMP A97B4D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF824339 5 Bytes JMP A97B40DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CA3 5 Bytes JMP A97B4FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316EE 5 Bytes JMP A97B51BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF83A12C 5 Bytes JMP A97B4CC4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF851A23 5 Bytes JMP A97B4016 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E5B4 5 Bytes JMP A97B4326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E63F 5 Bytes JMP A97B44CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F8B2 5 Bytes JMP A97B3FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF864C81 5 Bytes JMP A97B4D7E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873FD0 5 Bytes JMP A97B44A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89482D 5 Bytes JMP A97B4EFA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895305 5 Bytes JMP A97B5118 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89DC40 5 Bytes JMP A97B414A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9D8 BF8C21B0 5 Bytes JMP A97B41E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA612 5 Bytes JMP A97B4254 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA892 5 Bytes JMP A97B428E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2F7 5 Bytes JMP A97B3F32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF913433 5 Bytes JMP A97B4096 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF914007 5 Bytes JMP A97B41AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF916980 5 Bytes JMP A97B45E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18FC BF9463F2 5 Bytes JMP A97B5070 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA6D62300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF883F300, 0x1B7E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\spoolsv.exe[604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\spoolsv.exe[604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[604] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\spoolsv.exe[604] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\spoolsv.exe[604] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\spoolsv.exe[604] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\spoolsv.exe[604] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\spoolsv.exe[604] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\spoolsv.exe[604] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[604] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[604] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00420804
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00420A08
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00420600
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004201F8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004203FC
.text C:\WINDOWS\System32\smss.exe[880] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1000] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[1000] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[1036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\winlogon.exe[1036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1036] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\winlogon.exe[1036] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\winlogon.exe[1036] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\winlogon.exe[1036] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\winlogon.exe[1036] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\winlogon.exe[1036] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\winlogon.exe[1036] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[1036] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[1036] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[1080] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\services.exe[1080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1080] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\services.exe[1080] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\services.exe[1080] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\services.exe[1080] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\services.exe[1080] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\services.exe[1080] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\lsass.exe[1092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\lsass.exe[1092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\lsass.exe[1092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\lsass.exe[1092] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\lsass.exe[1092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\lsass.exe[1092] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\lsass.exe[1092] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\lsass.exe[1092] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1092] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1092] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00741014
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00740804
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00740A08
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00740C0C
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00740E10
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 007401F8
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 007403FC
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00740600
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00750804
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00750A08
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00750600
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007501F8
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007503FC
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00130DB0
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00130F54
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00130D24
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00130E3C
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00130FE0
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00130EC8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000601F8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000603FC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002F1014
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002F0804
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002F0A08
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002F0C0C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002F0E10
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002F01F8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002F03FC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002F0600
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 004A1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 004A0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 004A0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 004A0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 004A0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004A01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004A03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 004A0600
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\svchost.exe[1276] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1276] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1276] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\svchost.exe[1352] WS2_32.dll!socket 71A94211 5 Bytes
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-28 20:33:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160812A rev.2AAA
Running: gmer.exe; Driver: C:\WINDOWS\TEMP\fgnoqkod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA97B1374]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA98182B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA97D5829]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA97B3996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA97B39EE]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xA9ACA868]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA97B3B04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA97D51DD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA97B38EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xA9AC9E90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xA9AC9D9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA97B3A3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA97B3940]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xA9ACA3FC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA97B3AB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA97B1398]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xA9ACB210]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA97D5EEF]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA97D61A5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA97B3D88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA97D5D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA97D5BC5]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA9818368]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA97B1162]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xF8749168]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA97B13BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA97B3EFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA97B1E54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA97B39C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA97B3A16]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xA9ACAB54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA97B3B2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA97D5539]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA97B3918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA97B3BC0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA97B3A7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA97B396E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA97B3CA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA97B3ADC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA9818400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA97D5A40]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA97B1D1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA97D5892]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA98206E2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA97D4850]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xA9ACA4EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA97B13E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA97B1404]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xA9ACAE8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA97B11BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA97B12F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA97D5FF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA97B12D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA97B131C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA97B1428]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xA9ACADE0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + D8 804E2744 16 Bytes [96, 39, 7B, A9, EE, 39, 7B, ...] {XCHG ESI, EAX; CMP [EBX-0x57], EDI; OUT DX, AL ; CMP [EBX-0x57], EDI; PUSH 0x4a9aca8; CMP EDI, [EBX-0x57]}
.text ntoskrnl.exe!_abnormal_termination + 140 804E27AC 12 Bytes [98, 13, 7B, A9, 10, B2, AC, ...] {CWDE ; ADC EDI, [EBX-0x57]; ADC [EDX+0x5eefa9ac], DH; JGE 0xffffffffffffffb5}
.text ntoskrnl.exe!_abnormal_termination + 214 804E2880 16 Bytes [C6, 39, 7B, A9, 16, 3A, 7B, ...]
PAGE ntoskrnl.exe!ObInsertObject 805650BA 5 Bytes JMP A982AE84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB08 1 Byte [A2]
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB08 4 Bytes CALL A97B24AF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A038B 5 Bytes JMP A98293DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6E85000, 0x1B601E, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF809992 5 Bytes JMP A97B4E48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813986 5 Bytes JMP A97B4D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF824339 5 Bytes JMP A97B40DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CA3 5 Bytes JMP A97B4FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316EE 5 Bytes JMP A97B51BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF83A12C 5 Bytes JMP A97B4CC4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF851A23 5 Bytes JMP A97B4016 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E5B4 5 Bytes JMP A97B4326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E63F 5 Bytes JMP A97B44CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F8B2 5 Bytes JMP A97B3FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF864C81 5 Bytes JMP A97B4D7E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873FD0 5 Bytes JMP A97B44A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89482D 5 Bytes JMP A97B4EFA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895305 5 Bytes JMP A97B5118 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89DC40 5 Bytes JMP A97B414A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9D8 BF8C21B0 5 Bytes JMP A97B41E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA612 5 Bytes JMP A97B4254 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA892 5 Bytes JMP A97B428E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2F7 5 Bytes JMP A97B3F32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF913433 5 Bytes JMP A97B4096 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF914007 5 Bytes JMP A97B41AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF916980 5 Bytes JMP A97B45E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18FC BF9463F2 5 Bytes JMP A97B5070 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA6D62300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF883F300, 0x1B7E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\spoolsv.exe[604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\spoolsv.exe[604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[604] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\spoolsv.exe[604] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\spoolsv.exe[604] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\spoolsv.exe[604] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\spoolsv.exe[604] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\spoolsv.exe[604] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\spoolsv.exe[604] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[604] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[604] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00420804
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00420A08
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00420600
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004201F8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[828] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004203FC
.text C:\WINDOWS\System32\smss.exe[880] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1000] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[1000] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[1036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\winlogon.exe[1036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1036] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\winlogon.exe[1036] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\winlogon.exe[1036] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\winlogon.exe[1036] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\winlogon.exe[1036] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\winlogon.exe[1036] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\winlogon.exe[1036] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\winlogon.exe[1036] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[1036] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[1036] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[1080] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\services.exe[1080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1080] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\services.exe[1080] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\services.exe[1080] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\services.exe[1080] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\services.exe[1080] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\services.exe[1080] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\lsass.exe[1092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\lsass.exe[1092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\lsass.exe[1092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\lsass.exe[1092] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\lsass.exe[1092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\lsass.exe[1092] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\lsass.exe[1092] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\lsass.exe[1092] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1092] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1092] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00741014
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00740804
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00740A08
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00740C0C
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00740E10
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 007401F8
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 007403FC
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00740600
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00750804
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00750A08
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00750600
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007501F8
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007503FC
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00130DB0
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00130F54
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00130D24
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00130E3C
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00130FE0
.text C:\Program Files\SeaMonkey\seamonkey.exe[1236] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00130EC8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000601F8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000603FC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002F1014
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002F0804
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002F0A08
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002F0C0C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002F0E10
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002F01F8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002F03FC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002F0600
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1240] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 004A1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 004A0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 004A0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 004A0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 004A0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004A01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004A03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 004A0600
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\svchost.exe[1276] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1276] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1276] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\svchost.exe[1352] WS2_32.dll!socket 71A94211 5 Bytes
Re: problém s účty
Napsal: 28 říj 2011 19:49
Druhý log druhá část:
JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1352] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1352] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\svchost.exe[1396] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1396] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1396] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1396] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1396] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1396] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1396] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1396] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1396] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\System32\svchost.exe[1484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\System32\svchost.exe[1484] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1484] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1484] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1484] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1484] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1484] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1484] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1484] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1484] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00080EC8
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00731014
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00730804
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00730A08
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00730C0C
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00730E10
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 007301F8
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 007303FC
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00730600
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00740804
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 10714B17 C:\Program Files\SeaMonkey\xul.dll (Mozilla Foundation)
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 10714B85 C:\Program Files\SeaMonkey\xul.dll (Mozilla Foundation)
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 10717A80 C:\Program Files\SeaMonkey\xul.dll (Mozilla Foundation)
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00740A08
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00740600
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007401F8
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007403FC
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10712510 C:\Program Files\SeaMonkey\xul.dll (Mozilla Foundation)
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00130DB0
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00130F54
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00130D24
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00130E3C
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00130FE0
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00130EC8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00430804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00430A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00430600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004301F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004303FC
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\svchost.exe[1732] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1732] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1732] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1832] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\svchost.exe[1832] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\svchost.exe[1832] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\svchost.exe[1832] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\svchost.exe[1832] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\svchost.exe[1832] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1832] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1832] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\HPZipm12.exe[1876] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\HPZipm12.exe[1876] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\HPZipm12.exe[1876] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\HPZipm12.exe[1876] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\HPZipm12.exe[1876] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\HPZipm12.exe[1876] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\HPZipm12.exe[1876] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\HPZipm12.exe[1876] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] wininet.dll!InternetOpenW 771AAF49 5 Bytes JMP 00130DB0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] wininet.dll!InternetConnectA 771B345A 5 Bytes JMP 00130F54
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] wininet.dll!InternetOpenA 771B5796 5 Bytes JMP 00130D24
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] wininet.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00130E3C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] wininet.dll!InternetConnectW 771BEE28 5 Bytes JMP 00130FE0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] wininet.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\svchost.exe[2200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\svchost.exe[2200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[2200] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\svchost.exe[2200] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\svchost.exe[2200] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\svchost.exe[2200] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\svchost.exe[2200] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!CreateRemoteThread 7C8104CC 5
JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1352] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1352] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\svchost.exe[1396] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1396] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1396] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1396] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1396] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1396] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1396] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1396] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1396] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\System32\svchost.exe[1484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\System32\svchost.exe[1484] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1484] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1484] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1484] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1484] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1484] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1484] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1484] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1484] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00080EC8
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00731014
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00730804
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00730A08
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00730C0C
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00730E10
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 007301F8
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 007303FC
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00730600
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00740804
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 10714B17 C:\Program Files\SeaMonkey\xul.dll (Mozilla Foundation)
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 10714B85 C:\Program Files\SeaMonkey\xul.dll (Mozilla Foundation)
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 10717A80 C:\Program Files\SeaMonkey\xul.dll (Mozilla Foundation)
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00740A08
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00740600
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007401F8
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007403FC
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10712510 C:\Program Files\SeaMonkey\xul.dll (Mozilla Foundation)
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00130DB0
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00130F54
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00130D24
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00130E3C
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00130FE0
.text C:\Program Files\SeaMonkey\plugin-container.exe[1516] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00130EC8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1540] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00430804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00430A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00430600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004301F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1548] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004303FC
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\svchost.exe[1732] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1732] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1732] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1832] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\svchost.exe[1832] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\svchost.exe[1832] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\svchost.exe[1832] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\svchost.exe[1832] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\svchost.exe[1832] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1832] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1832] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\HPZipm12.exe[1876] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\HPZipm12.exe[1876] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\HPZipm12.exe[1876] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\HPZipm12.exe[1876] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\HPZipm12.exe[1876] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\HPZipm12.exe[1876] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\HPZipm12.exe[1876] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\HPZipm12.exe[1876] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\HPZipm12.exe[1876] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\HPZipm12.exe[1876] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] wininet.dll!InternetOpenW 771AAF49 5 Bytes JMP 00130DB0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] wininet.dll!InternetConnectA 771B345A 5 Bytes JMP 00130F54
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] wininet.dll!InternetOpenA 771B5796 5 Bytes JMP 00130D24
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] wininet.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00130E3C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] wininet.dll!InternetConnectW 771BEE28 5 Bytes JMP 00130FE0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1980] wininet.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\svchost.exe[2200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\svchost.exe[2200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[2200] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\svchost.exe[2200] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\svchost.exe[2200] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\svchost.exe[2200] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\svchost.exe[2200] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!CreateRemoteThread 7C8104CC 5
Re: problém s účty
Napsal: 28 říj 2011 19:51
Druhý log třetí část:
Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 004A1014
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 004A0804
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 004A0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 004A0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 004A0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004A01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004A03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 004A0600
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 005B1014
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 005B0804
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 005B0A08
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 3 Bytes JMP 005B0C0C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ADVAPI32.dll!ChangeServiceConfig2A + 4 77E27105 1 Byte [88]
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 005B0E10
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005B01F8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005B03FC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 005B0600
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] advapi32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] advapi32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] advapi32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] advapi32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] advapi32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] advapi32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] advapi32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] advapi32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00830804
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00830A08
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00830600
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 008301F8
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 008303FC
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00130DB0
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00130F54
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00130D24
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00130E3C
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00130FE0
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00130EC8
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00130DB0
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00130F54
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00130D24
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00130E3C
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00130FE0
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00130EC8
.text C:\WINDOWS\System32\alg.exe[3224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\System32\alg.exe[3224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3224] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600
.text C:\WINDOWS\System32\alg.exe[3224] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[3224] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[3224] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009D1014
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009D0804
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009D0A08
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009D0C0C
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009D0E10
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009D01F8
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009D03FC
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009D0600
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009E0804
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009E0A08
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009E0600
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009E01F8
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009E03FC
.text C:\WINDOWS\Explorer.EXE[3672] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\Explorer.EXE[3672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3672] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3672] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014
.text C:\WINDOWS\Explorer.EXE[3672] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804
.text C:\WINDOWS\Explorer.EXE[3672] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08
.text C:\WINDOWS\Explorer.EXE[3672] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C
.text C:\WINDOWS\Explorer.EXE[3672] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10
.text C:\WINDOWS\Explorer.EXE[3672] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8
.text C:\WINDOWS\Explorer.EXE[3672] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC
.text C:\WINDOWS\Explorer.EXE[3672] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600
.text C:\WINDOWS\Explorer.EXE[3672] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00330804
.text C:\WINDOWS\Explorer.EXE[3672] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00330A08
.text C:\WINDOWS\Explorer.EXE[3672] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00330600
.text C:\WINDOWS\Explorer.EXE[3672] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003301F8
.text C:\WINDOWS\Explorer.EXE[3672] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003303FC
.text C:\WINDOWS\Explorer.EXE[3672] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[3672] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[3672] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[3672] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[3672] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[3672] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[3672] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[3672] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[3672] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00450804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00450A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00450600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00130DB0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00130F54
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00130D24
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00130E3C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00130FE0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00130EC8
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] advapi32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] advapi32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] advapi32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] advapi32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] advapi32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] advapi32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] advapi32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] advapi32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00760804
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00760A08
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00760600
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007601F8
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007603FC
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] wininet.dll!InternetOpenW 771AAF49 5 Bytes JMP 00130DB0
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] wininet.dll!InternetConnectA 771B345A 5 Bytes JMP 00130F54
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] wininet.dll!InternetOpenA 771B5796 5 Bytes JMP 00130D24
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] wininet.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00130E3C
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] wininet.dll!InternetConnectW 771BEE28 5 Bytes JMP 00130FE0
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] wininet.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00130EC8
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\ClocX\ClocX.exe[3792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\ClocX\ClocX.exe[3792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ClocX\ClocX.exe[3792] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ClocX\ClocX.exe[3792] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\ClocX\ClocX.exe[3792] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\ClocX\ClocX.exe[3792] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\ClocX\ClocX.exe[3792] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\ClocX\ClocX.exe[3792] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\ClocX\ClocX.exe[3792] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00451014
.text C:\Program Files\ClocX\ClocX.exe[3792] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00450804
.text C:\Program Files\ClocX\ClocX.exe[3792] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00450A08
.text C:\Program Files\ClocX\ClocX.exe[3792] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00450C0C
.text C:\Program Files\ClocX\ClocX.exe[3792] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00450E10
.text C:\Program Files\ClocX\ClocX.exe[3792] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004501F8
.text C:\Program Files\ClocX\ClocX.exe[3792] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004503FC
.text C:\Program Files\ClocX\ClocX.exe[3792] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00450600
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\Program Files\Secunia\PSI\psi.exe[3960] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004E0804
.text C:\Program Files\Secunia\PSI\psi.exe[3960] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004E0A08
.text C:\Program Files\Secunia\PSI\psi.exe[3960] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004E0600
.text C:\Program Files\Secunia\PSI\psi.exe[3960] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004E01F8
.text C:\Program Files\Secunia\PSI\psi.exe[3960] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004E03FC
.text C:\Program Files\Secunia\PSI\psi.exe[3960] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00130DB0
.text C:\Program Files\Secunia\PSI\psi.exe[3960] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00130F54
.text C:\Program Files\Secunia\PSI\psi.exe[3960] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00130D24
.text C:\Program Files\Secunia\PSI\psi.exe[3960] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00130E3C
.text C:\Program Files\Secunia\PSI\psi.exe[3960] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00130FE0
.text C:\Program Files\Secunia\PSI\psi.exe[3960] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00130EC8
.text C:\Program Files\Secunia\PSI\psi.exe[3960] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Secunia\PSI\psi.exe[3960] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Secunia\PSI\psi.exe[3960] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1080] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00640002
IAT C:\WINDOWS\system32\services.exe[1080] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00640000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip
\Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 004A1014
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 004A0804
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 004A0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 004A0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 004A0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004A01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004A03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[2632] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 004A0600
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 005B1014
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 005B0804
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 005B0A08
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 3 Bytes JMP 005B0C0C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ADVAPI32.dll!ChangeServiceConfig2A + 4 77E27105 1 Byte [88]
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 005B0E10
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005B01F8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005B03FC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2636] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 005B0600
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] advapi32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] advapi32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] advapi32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] advapi32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] advapi32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] advapi32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] advapi32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] advapi32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00830804
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00830A08
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00830600
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 008301F8
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 008303FC
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00130DB0
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00130F54
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00130D24
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00130E3C
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00130FE0
.text C:\Program Files\FreeCommander\FreeCommander.exe[2720] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00130EC8
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00130DB0
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00130F54
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00130D24
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00130E3C
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00130FE0
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2752] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00130EC8
.text C:\WINDOWS\System32\alg.exe[3224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\System32\alg.exe[3224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3224] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600
.text C:\WINDOWS\System32\alg.exe[3224] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[3224] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[3224] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009D1014
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009D0804
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009D0A08
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009D0C0C
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009D0E10
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009D01F8
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009D03FC
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009D0600
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009E0804
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009E0A08
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009E0600
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009E01F8
.text C:\WINDOWS\TEMP\FreeCommander2720\2\gmer.exe[3592] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009E03FC
.text C:\WINDOWS\Explorer.EXE[3672] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\Explorer.EXE[3672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3672] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[3672] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3672] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014
.text C:\WINDOWS\Explorer.EXE[3672] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804
.text C:\WINDOWS\Explorer.EXE[3672] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08
.text C:\WINDOWS\Explorer.EXE[3672] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C
.text C:\WINDOWS\Explorer.EXE[3672] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10
.text C:\WINDOWS\Explorer.EXE[3672] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8
.text C:\WINDOWS\Explorer.EXE[3672] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC
.text C:\WINDOWS\Explorer.EXE[3672] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600
.text C:\WINDOWS\Explorer.EXE[3672] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00330804
.text C:\WINDOWS\Explorer.EXE[3672] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00330A08
.text C:\WINDOWS\Explorer.EXE[3672] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00330600
.text C:\WINDOWS\Explorer.EXE[3672] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003301F8
.text C:\WINDOWS\Explorer.EXE[3672] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003303FC
.text C:\WINDOWS\Explorer.EXE[3672] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[3672] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[3672] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[3672] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[3672] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[3672] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[3672] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[3672] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[3672] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00450804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00450A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00450600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00130DB0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00130F54
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00130D24
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00130E3C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00130FE0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00130EC8
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] advapi32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] advapi32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] advapi32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] advapi32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] advapi32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] advapi32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] advapi32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] advapi32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00760804
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00760A08
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00760600
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007601F8
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007603FC
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] wininet.dll!InternetOpenW 771AAF49 5 Bytes JMP 00130DB0
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] wininet.dll!InternetConnectA 771B345A 5 Bytes JMP 00130F54
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] wininet.dll!InternetOpenA 771B5796 5 Bytes JMP 00130D24
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] wininet.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00130E3C
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] wininet.dll!InternetConnectW 771BEE28 5 Bytes JMP 00130FE0
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] wininet.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00130EC8
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\MiTeC\InfoDesk\InfoDesk.EXE[3780] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\ClocX\ClocX.exe[3792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\ClocX\ClocX.exe[3792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ClocX\ClocX.exe[3792] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\ClocX\ClocX.exe[3792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ClocX\ClocX.exe[3792] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\ClocX\ClocX.exe[3792] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\ClocX\ClocX.exe[3792] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\ClocX\ClocX.exe[3792] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\ClocX\ClocX.exe[3792] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\ClocX\ClocX.exe[3792] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00451014
.text C:\Program Files\ClocX\ClocX.exe[3792] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00450804
.text C:\Program Files\ClocX\ClocX.exe[3792] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00450A08
.text C:\Program Files\ClocX\ClocX.exe[3792] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00450C0C
.text C:\Program Files\ClocX\ClocX.exe[3792] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00450E10
.text C:\Program Files\ClocX\ClocX.exe[3792] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004501F8
.text C:\Program Files\ClocX\ClocX.exe[3792] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004503FC
.text C:\Program Files\ClocX\ClocX.exe[3792] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00450600
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Secunia\PSI\psi.exe[3960] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Secunia\PSI\psi.exe[3960] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\Program Files\Secunia\PSI\psi.exe[3960] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004E0804
.text C:\Program Files\Secunia\PSI\psi.exe[3960] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004E0A08
.text C:\Program Files\Secunia\PSI\psi.exe[3960] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004E0600
.text C:\Program Files\Secunia\PSI\psi.exe[3960] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004E01F8
.text C:\Program Files\Secunia\PSI\psi.exe[3960] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004E03FC
.text C:\Program Files\Secunia\PSI\psi.exe[3960] WININET.dll!InternetOpenW 771AAF49 5 Bytes JMP 00130DB0
.text C:\Program Files\Secunia\PSI\psi.exe[3960] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 00130F54
.text C:\Program Files\Secunia\PSI\psi.exe[3960] WININET.dll!InternetOpenA 771B5796 5 Bytes JMP 00130D24
.text C:\Program Files\Secunia\PSI\psi.exe[3960] WININET.dll!InternetOpenUrlA 771B5A62 5 Bytes JMP 00130E3C
.text C:\Program Files\Secunia\PSI\psi.exe[3960] WININET.dll!InternetConnectW 771BEE28 5 Bytes JMP 00130FE0
.text C:\Program Files\Secunia\PSI\psi.exe[3960] WININET.dll!InternetOpenUrlW 771C5B9A 5 Bytes JMP 00130EC8
.text C:\Program Files\Secunia\PSI\psi.exe[3960] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Secunia\PSI\psi.exe[3960] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Secunia\PSI\psi.exe[3960] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1080] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00640002
IAT C:\WINDOWS\system32\services.exe[1080] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00640000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip
\Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
Re: problém s účty
Napsal: 28 říj 2011 20:00
Ani rootkit nemáte. Vypadá to na poškozený systém. Ještě požádám kolegu, který umí jeden speciální soft, aby se na to podíval. Pokud se to nepodaří ani jemu, bude to reinstal systému. Děkuji.
Re: problém s účty
Napsal: 28 říj 2011 20:11
Já také mnohokrát děkuji za Váš čas a ochotu. Doufám, že to nějak dopadne.