VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

problem prohližeče

https://forum.viry.cz:443/viewtopic.php?t=97328

Stránka 2 z 3

Re: problem prohližeče

Napsal: 10 úno 2010 13:37
od killer.
2 log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-09 15:43:51
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\marie\LOCALS~1\Temp\pxtdipob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF352D6B8]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xF37B5868]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF352D574]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xF37B4E90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xF37B4D9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xF37B53FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xF37B6210]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0xF37B2786]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF352DA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF352D14C]
SSDT sptd.sys ZwEnumerateKey [0xF72B584E]
SSDT sptd.sys ZwEnumerateValueKey [0xF72B5BEE]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xF75D901C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xF75D9168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xF37B5B54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF352D64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF352D08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF352D0F0]
SSDT sptd.sys ZwQueryKey [0xF72B5CC6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF352D76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF352D72E]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xF37B54EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xF37B5E8C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF352D8AE]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xF37B5DE0]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.text USBPORT.SYS!DllUnload F6ABD8AC 5 Bytes JMP 863EF430
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5BA9380, 0x550AF5, 0xE8000020]
? System32\Drivers\alanhnog.SYS Systém nemůže nalézt uvedenou cestu. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[256] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[256] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[256] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[256] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[256] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[448] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[448] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[448] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[448] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[448] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[448] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[448] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[448] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[448] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[448] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[448] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[448] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[448] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[448] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[448] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[448] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[524] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[524] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[524] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[592] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[592] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[592] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[592] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[592] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[592] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[592] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[592] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[592] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[592] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[592] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\Explorer.EXE[656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[656] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[656] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[656] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[656] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[656] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[656] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[656] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[656] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[656] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[656] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[656] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[656] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[656] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[656] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[656] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[656] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[656] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[656] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[656] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[752] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[752] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[752] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[752] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[752] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[752] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[752] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[752] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[752] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[752] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[752] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[752] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[752] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[772] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[772] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[772] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[772] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[772] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[772] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[772] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[772] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[772] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[772] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[772] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[772] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[772] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[772] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00130F54
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00130FE0
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00130D24
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00130DB0
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00130E3C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[784] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\spoolsv.exe[792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[792] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[792] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[792] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[792] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[792] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[792] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[792] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[792] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[792] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[792] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[792] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[792] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[792] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\ctfmon.exe[820] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[820] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[820] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[820] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[820] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[820] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[820] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[820] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[820] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[820] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[820] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[820] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\ICQ7.0\ICQ.exe[844] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\ICQ7.0\ICQ.exe[844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\ICQ7.0\ICQ.exe[844] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\ICQ7.0\ICQ.exe[844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\ICQ7.0\ICQ.exe[844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\ICQ7.0\ICQ.exe[844] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\ICQ7.0\ICQ.exe[844] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\ICQ7.0\ICQ.exe[844] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\ICQ7.0\ICQ.exe[844] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\ICQ7.0\ICQ.exe[844] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\ICQ7.0\ICQ.exe[844] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\ICQ7.0\ICQ.exe[844] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\ICQ7.0\ICQ.exe[844] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\ICQ7.0\ICQ.exe[844] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\ICQ7.0\ICQ.exe[844] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\ICQ7.0\ICQ.exe[844] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\ICQ7.0\ICQ.exe[844] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\ICQ7.0\ICQ.exe[844] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\ICQ7.0\ICQ.exe[844] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00130F54
.text C:\Program Files\ICQ7.0\ICQ.exe[844] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00130FE0
.text C:\Program Files\ICQ7.0\ICQ.exe[844] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00130D24
.text C:\Program Files\ICQ7.0\ICQ.exe[844] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00130DB0
.text C:\Program Files\ICQ7.0\ICQ.exe[844] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00130E3C
.text C:\Program Files\ICQ7.0\ICQ.exe[844] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00130EC8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[884] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[884] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[884] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[884] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[884] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[884] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[884] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[884] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[884] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[884] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[884] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[884] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[884] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[972] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[972] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[972] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[972] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[972] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[972] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[972] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[972] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[972] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[972] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[972] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[972] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[972] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[972] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[972] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\PnkBstrA.exe[1136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PnkBstrA.exe[1136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PnkBstrA.exe[1136] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PnkBstrA.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PnkBstrA.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PnkBstrA.exe[1136] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PnkBstrA.exe[1136] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PnkBstrA.exe[1136] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PnkBstrA.exe[1136] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PnkBstrA.exe[1136] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PnkBstrA.exe[1136] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PnkBstrA.exe[1136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PnkBstrA.exe[1136] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PnkBstrA.exe[1136] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PnkBstrA.exe[1136] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrA.exe[1136] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PnkBstrA.exe[1136] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PnkBstrA.exe[1136] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\PnkBstrB.exe[1152] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PnkBstrB.exe[1152] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PnkBstrB.exe[1152] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PnkBstrB.exe[1152] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PnkBstrB.exe[1152] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PnkBstrB.exe[1152] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PnkBstrB.exe[1152] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PnkBstrB.exe[1152] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PnkBstrB.exe[1152] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PnkBstrB.exe[1152] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PnkBstrB.exe[1152] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PnkBstrB.exe[1152] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PnkBstrB.exe[1152] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PnkBstrB.exe[1152] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PnkBstrB.exe[1152] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrB.exe[1152] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PnkBstrB.exe[1152] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PnkBstrB.exe[1152] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1192] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1192] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1192] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1192] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1192] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1192] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1192] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1192] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1192] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1192] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1192] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1192] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1192] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1192] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\csrss.exe[1268] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[1268] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090

Re: problem prohližeče

Napsal: 10 úno 2010 13:38
od killer.
konec 2 logu


.text C:\WINDOWS\system32\csrss.exe[1268] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[1268] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[1268] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[1268] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[1268] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[1268] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[1268] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[1268] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[1268] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[1268] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[1268] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[1268] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[1292] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1292] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1292] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1292] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1292] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1292] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1292] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1292] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1292] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1292] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1292] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1292] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[1292] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[1292] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[1292] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[1292] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1316] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1376] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[1376] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1388] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1388] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1388] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\nvsvc32.exe[1580] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\nvsvc32.exe[1580] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\nvsvc32.exe[1580] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\nvsvc32.exe[1580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\nvsvc32.exe[1580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\nvsvc32.exe[1580] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\nvsvc32.exe[1580] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\nvsvc32.exe[1580] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\nvsvc32.exe[1580] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\nvsvc32.exe[1580] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\nvsvc32.exe[1580] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\nvsvc32.exe[1580] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\nvsvc32.exe[1580] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\nvsvc32.exe[1580] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\nvsvc32.exe[1580] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1648] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1648] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1648] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1648] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1648] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1648] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1648] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1648] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1648] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1648] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1648] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1648] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1648] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1648] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1688] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1688] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1688] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1688] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1688] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1736] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1736] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1736] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Java\jre6\bin\jqs.exe[1800] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jqs.exe[1800] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jqs.exe[1800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jqs.exe[1800] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1800] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1800] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1800] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1800] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1800] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1800] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jqs.exe[1800] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jqs.exe[1800] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1800] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jqs.exe[1800] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre6\bin\jqs.exe[1800] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1800] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1952] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1952] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1952] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1952] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1952] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1952] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1952] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1952] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1952] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1952] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1952] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wuauclt.exe[2092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wuauclt.exe[2092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wuauclt.exe[2092] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wuauclt.exe[2092] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wuauclt.exe[2092] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00130F54
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00130FE0
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00130D24
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00130DB0
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00130E3C
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[2572] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00130EC8
.text C:\WINDOWS\System32\alg.exe[2732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[2732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[2732] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[2732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[2732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[2732] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[2732] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[2732] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[2732] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[2732] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[2732] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[2732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[2732] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[2732] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[2732] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[2732] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[2732] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[2732] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2876] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2876] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2876] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2876] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2876] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2876] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2876] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2876] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2876] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2876] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2876] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2876] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2876] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3076] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3076] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3076] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3076] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3076] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3076] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3076] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3076] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3076] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3076] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3076] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3076] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3604] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3604] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3604] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3604] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3604] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3604] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3604] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3604] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3604] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3604] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3604] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3604] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3604] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3604] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3604] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3604] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

Re: problem prohližeče

Napsal: 10 úno 2010 13:39
od killer.
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72B0ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72B0C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72B0B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72B172E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72B1604] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1376] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003E0002
IAT C:\WINDOWS\system32\services.exe[1376] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003E0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 865C21D8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom 84F771D8

AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{ABB536C3-D746-4E9B-8AEC-C990B0571F0E} 8538E980
Device \Driver\usbohci \Device\USBPDO-0 863AA440
Device \Driver\00000037 \Device\00000044 sptd.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 865C41D8
Device \Driver\dmio \Device\DmControl\DmConfig 865C41D8
Device \Driver\dmio \Device\DmControl\DmPnP 865C41D8
Device \Driver\dmio \Device\DmControl\DmInfo 865C41D8
Device \Driver\usbehci \Device\USBPDO-1 863E81D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1D306588-6124-41D4-88F6-EA8E548C71D3} 8538E980

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 865581D8
Device \Driver\Cdrom \Device\CdRom0 863921D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 865581D8
Device \Driver\Cdrom \Device\CdRom1 863921D8
Device \Driver\atapi \Device\Ide\IdePort0 [F7204B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7204B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 [F7204B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7204B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\nvata \Device\00000067 865C31D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8538E980
Device \Driver\NetBT \Device\NetbiosSmb 8538E980

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBFDO-0 863AA440
Device \Driver\USBSTOR \Device\0000006d 84FDD980
Device \Driver\usbehci \Device\USBFDO-1 863E81D8
Device \Driver\nvata \Device\NvAta0 865C31D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84FE31D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84FE31D8
Device \Driver\USBSTOR \Device\0000006f 84FDD980
Device \Driver\Ftdisk \Device\FtControl 865581D8
Device \Driver\alanhnog \Device\Scsi\alanhnog1Port3Path0Target0Lun0 862341D8
Device \Driver\alanhnog \Device\Scsi\alanhnog1 862341D8
Device \FileSystem\Fastfat \Fat 84F771D8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 84FC61D8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB5 0x56 0xC3 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x55 0x2B 0xA2 0x57 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9A 0x78 0x80 0xC6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB5 0x56 0xC3 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x55 0x2B 0xA2 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x08 0x84 0x53 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -702670749
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1222085385
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB5 0x56 0xC3 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x55 0x2B 0xA2 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x08 0x84 0x53 0xA7 ...

---- EOF - GMER 1.0.15 ----

Re: problem prohližeče

Napsal: 10 úno 2010 14:20
od Caroprd111
:arrow: Vyskytuje se problém i v nouzovém režimu :???:

:arrow: Odinstalujte všechny emulátory virtuálních mechanik.

:arrow: Stáhněte SPTD http://www.duplexsecure.com/en/downloads
- vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
- uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC

:arrow: Po provedení předchozích úkonů dejte nový log z Gmer.

:arrow: Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- Rozbalte a spusťte.
- Proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log, který sem vložíte.

- Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

Re: problem prohližeče

Napsal: 10 úno 2010 14:31
od killer.
Do nouzoveho rezimu se nemuzu nejako dostat,pri kliknuti na F10 se mi zobrazi nabidka ale s klavesnici nejde nic delat,takze na nouzovy rezim nemohu najet :( klavesnice nereaguje

Re: problem prohližeče

Napsal: 10 úno 2010 14:34
od Caroprd111
:arrow: Nastavte v BIOSu podporu USB klávesnice nebo si půjčte od někoho PS/2 klávesnici.

Re: problem prohližeče

Napsal: 10 úno 2010 16:33
od killer.
Tak ted uz se do nouzoveho rezimu dostanu ale internetove spojeni neni mozne,na stranky se v nouzovem rezimu nedostanu.

Log 1

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-10 15:44:06
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\marie\LOCALS~1\Temp\pxtdipob.sys


---- System - GMER 1.0.15 ----

SSDT spcz.sys ZwEnumerateKey [0xF72ACDA4]
SSDT spcz.sys ZwEnumerateValueKey [0xF72AD132]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8655D1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \Fat 84F981F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----


Log2
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-10 16:24:36
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\marie\LOCALS~1\Temp\pxtdipob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF3AE96B8]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xF3D71868]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF3AE9574]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xF3D70E90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xF3D70D9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xF3D713FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xF3D72210]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0xF3D6E786]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF3AE9A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF3AE914C]
SSDT spcz.sys ZwEnumerateKey [0xF72ACDA4]
SSDT spcz.sys ZwEnumerateValueKey [0xF72AD132]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xF755901C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xF7559168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xF3D71B54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF3AE964E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF3AE908C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF3AE90F0]
SSDT spcz.sys ZwQueryKey [0xF72AD20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF3AE976E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF3AE972E]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xF3D714EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xF3D71E8C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF3AE98AE]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xF3D71DE0]

INT 0x62 ? 865CBBF8
INT 0x63 ? 8626FED8
INT 0x73 ? 8626FED8
INT 0x82 ? 865CBBF8
INT 0x83 ? 8655EBF8

---- Kernel code sections - GMER 1.0.15 ----

? spcz.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload F70578AC 5 Bytes JMP 8626F4B8
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6143380, 0x550AF5, 0xE8000020]
.text win32k.sys!FONTOBJ_pxoGetXform + 8E68 BF8BF400 19 Bytes [73, 70, 69, 6A, 0C, E8, D2, ...]
.text win32k.sys!FONTOBJ_pxoGetXform + 8E7D BF8BF415 10 Bytes [FF, 6A, 20, 68, 00, 00, 40, ...] {JMP FAR DWORD [EDX+0x20]; PUSH 0x400000; PUSH 0x2}
.text win32k.sys!FONTOBJ_pxoGetXform + 8E89 BF8BF421 1 Byte [F0]
.text win32k.sys!FONTOBJ_pxoGetXform + 8E89 BF8BF421 12 Bytes [F0, 51, 8D, 4D, DC, 51, 50, ...]
.text win32k.sys!FONTOBJ_pxoGetXform + 8E96 BF8BF42E 4 Bytes [DC, 89, 45, E0]
.text ...
.text win32k.sys!EngDeletePalette + 2 BF8C57A2 129 Bytes [55, 8B, EC, 56, FF, 75, 08, ...]
.text win32k.sys!EngDeletePalette + 84 BF8C5824 63 Bytes [15, 60, DE, 98, BF, 56, E8, ...]
.text win32k.sys!EngDeletePalette + C4 BF8C5864 171 Bytes [00, 8B, 06, 3B, 45, 08, 75, ...]
.text win32k.sys!EngDeletePalette + 170 BF8C5910 123 Bytes CALL 1C8C5915
.text win32k.sys!EngDeletePalette + 1EC BF8C598C 64 Bytes CALL BF800CC3 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text ...
.text win32k.sys!PATHOBJ_vEnumStart + 18 BF8C6BCF 10 Bytes [90, 90, 90, 90, 90, 8B, 45, ...] {NOP ; NOP ; NOP ; NOP ; NOP ; MOV EAX, [EBP-0x14]; MOV EAX, [EAX]}
.text win32k.sys!PATHOBJ_vEnumStart + 23 BF8C6BDA 5 Bytes [00, 33, C9, 3D, 01]
.text win32k.sys!PATHOBJ_vEnumStart + 29 BF8C6BE0 115 Bytes [00, E0, 0F, 94, C1, 8B, C1, ...]
.text win32k.sys!PATHOBJ_vEnumStart + 9D BF8C6C54 2 Bytes [8B, 45]
.text win32k.sys!PATHOBJ_vEnumStart + A0 BF8C6C57 51 Bytes CALL BF800C23 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text ...
.text win32k.sys!EngStrokePath + 10 BF8C89E0 105 Bytes [F7, DE, 1B, F6, 57, 8B, 7D, ...]
.text win32k.sys!EngStrokePath + 7A BF8C8A4A 13 Bytes [FF, 75, 24, 57, FF, 75, 18, ...]
.text win32k.sys!EngStrokePath + 88 BF8C8A58 15 Bytes [CE, 00, 00, EB, E6, 90, 90, ...] {INTO ; ADD [EAX], AL; JMP 0xffffffffffffffeb; NOP ; NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP}
.text win32k.sys!EngStrokePath + 98 BF8C8A68 17 Bytes [45, 08, 8B, 50, 18, 8B, 48, ...] {INC EBP; OR [EBX+0x488b1850], CL; OR AL, 0x53; MOV EBX, [EAX+0x14]; PUSH ESI; MOV ESI, [EBP+0xc]; PUSH EDI}
.text win32k.sys!EngStrokePath + AA BF8C8A7A 112 Bytes [78, 10, 8B, 40, 04, 8D, 04, ...]
.text ...
.text win32k.sys!EngSort BF8D2FC4 9 Bytes [8B, FF, 55, 8B, EC, 81, EC, ...]
.text win32k.sys!EngSort + A BF8D2FCE 64 Bytes [00, 53, 8B, 5D, 10, F6, C3, ...]
.text win32k.sys!EngSort + 4B BF8D300F 156 Bytes [00, 00, 39, B5, 50, FF, FF, ...]
.text win32k.sys!EngSort + E8 BF8D30AC 2 Bytes [FF, 55]
.text win32k.sys!EngSort + EB BF8D30AF 101 Bytes [EC, 8B, 45, 08, 8B, 4D, 0C, ...]
.text ...
.text win32k.sys!EngLineTo + 44 BF8D4AC0 127 Bytes [5D, FC, 89, 4D, F8, 75, 4B, ...]
.text win32k.sys!EngLineTo + C4 BF8D4B40 187 Bytes [00, 00, 57, 8D, 45, F4, 50, ...]
.text win32k.sys!EngLineTo + 180 BF8D4BFC 9 Bytes [EC, 83, EC, 18, 56, 8D, 45, ...] {IN AL, DX ; SUB ESP, 0x18; PUSH ESI; LEA EAX, [EBP-0x8]; PUSH EAX}
.text win32k.sys!EngLineTo + 18A BF8D4C06 7 Bytes CALL BF80F0F7 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngLineTo + 192 BF8D4C0E 55 Bytes [75, 0C, 8D, 45, F8, 50, 56, ...]
.text ...
.text win32k.sys!EngDeleteSemaphore + 21 BF8DFA78 13 Bytes [FF, 55, 8B, EC, 56, 8B, F1, ...] {CALL [EBP-0x75]; IN AL, DX ; PUSH ESI; MOV ESI, ECX; MOV ECX, [EBP+0x8]; AND DWORD [ECX], 0x0}
.text win32k.sys!EngDeleteSemaphore + 2F BF8DFA86 8 Bytes [06, 8B, 40, 68, 85, C0, 74, ...] {PUSH ES; MOV EAX, [EAX+0x68]; TEST EAX, EAX; JZ 0x1f}
.text win32k.sys!EngDeleteSemaphore + 38 BF8DFA8F 21 Bytes [40, 10, 89, 01, 8B, 06, 8B, ...]
.text win32k.sys!EngDeleteSemaphore + 4E BF8DFAA5 23 Bytes [5E, 5D, C2, 04, 00, 90, 90, ...]
.text win32k.sys!EngDeleteSemaphore + 66 BF8DFABD 13 Bytes [48, 04, 85, C9, 75, 04, 5D, ...]
.text ...
.text win32k.sys!PATHOBJ_bMoveTo + 8 BF8E3D7C 19 Bytes [8D, 45, 0C, 50, 6A, 00, E8, ...] {LEA EAX, [EBP+0xc]; PUSH EAX; PUSH 0x0; CALL 0xfffffffffff67ffb; POP EBP; RET 0xc; NOP ; NOP ; NOP ; NOP }
.text win32k.sys!PATHOBJ_bPolyLineTo BF8E3D90 5 Bytes [8B, FF, 55, 8B, EC] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP}
.text win32k.sys!PATHOBJ_bPolyLineTo + 6 BF8E3D96 37 Bytes [75, 10, 8B, 4D, 08, FF, 75, ...]
.text win32k.sys!PATHOBJ_bPolyLineTo + 2C BF8E3DBC 8 Bytes [89, 41, 08, 33, C0, 89, 51, ...] {MOV [ECX+0x8], EAX; XOR EAX, EAX; MOV [ECX+0x20], EDX}
.text win32k.sys!PATHOBJ_bPolyLineTo + 35 BF8E3DC5 7 Bytes [02, 8D, 91, 24, 01, 00, 00]
.text win32k.sys!PATHOBJ_bPolyLineTo + 3D BF8E3DCD 5 Bytes [91, 1C, 01, 00, 00] {XCHG ECX, EAX; SBB AL, 0x1; ADD [EAX], AL}
.text ...
.text win32k.sys!PATHOBJ_bCloseFigure + 11 BF8E4202 79 Bytes CALL BF8B93E9 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!PATHOBJ_bCloseFigure + 61 BF8E4252 31 Bytes [03, 8B, 40, 38, 8D, 4D, E8, ...]
.text win32k.sys!PATHOBJ_bCloseFigure + 81 BF8E4272 24 Bytes [8D, 4D, A8, 0F, 84, 4F, FA, ...]
.text win32k.sys!PATHOBJ_bCloseFigure + 9A BF8E428B 55 Bytes CALL BF8A7A78 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!PATHOBJ_bCloseFigure + D2 BF8E42C3 13 Bytes [01, 75, 0C, 8D, 4D, E8, E8, ...] {ADD [EBP+0xc], ESI; LEA ECX, [EBP-0x18]; CALL 0xfffffffffff76981; TEST EAX, EAX}
.text ...
.text win32k.sys!EngFillPath + 2F BF8E6E17 45 Bytes [F6, 07, 01, 0F, 85, 58, FF, ...]
.text win32k.sys!EngFillPath + 5D BF8E6E45 15 Bytes [75, 85, 33, C0, 50, FF, 75, ...]
.text win32k.sys!EngFillPath + 6D BF8E6E55 151 Bytes [00, 33, FF, 39, 7D, F8, 0F, ...]
.text win32k.sys!EngFillPath + 105 BF8E6EED 85 Bytes [00, 5F, 8B, C6, 5E, 5B, C9, ...]
.text win32k.sys!EngFillPath + 15B BF8E6F43 67 Bytes CALL BF8E71B4 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text ...
.text win32k.sys!PATHOBJ_vGetBounds + 37 BF8E8C44 48 Bytes [55, 8B, EC, FF, 75, 08, 8D, ...]
.text win32k.sys!PATHOBJ_vGetBounds + 68 BF8E8C75 21 Bytes [33, F6, 46, EB, EF, 80, C3, ...]
.text win32k.sys!PATHOBJ_vGetBounds + 7E BF8E8C8B 45 Bytes [0F, 9F, C0, 89, 45, EC, E9, ...]
.text win32k.sys!PATHOBJ_vGetBounds + AC BF8E8CB9 54 Bytes [D0, 74, 33, 33, DB, 8A, 5D, ...]
.text win32k.sys!PATHOBJ_vGetBounds + E3 BF8E8CF0 57 Bytes [55, DC, 03, 45, DC, 01, 55, ...]
.text ...
.text win32k.sys!FONTOBJ_pifi + 30 BF8FAC40 6 Bytes [90, 90, 8B, FF, 55, 8B]
.text win32k.sys!FONTOBJ_pifi + 37 BF8FAC47 33 Bytes [FF, 15, E0, DB, 98, BF, 50, ...]
.text win32k.sys!FONTOBJ_pifi + 59 BF8FAC69 51 Bytes CALL BF8FADB5 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!FONTOBJ_pifi + 8D BF8FAC9D 9 Bytes [81, 8C, 00, 00, 00, 5D, C2, ...]
.text win32k.sys!FONTOBJ_pifi + 97 BF8FACA7 93 Bytes [81, 84, 00, 00, 00, EB, F4, ...]
.text ...
.text win32k.sys!EngAllocUserMem + 9 BF8FBEE5 18 Bytes [4D, F0, FF, 33, DB, 89, 5D, ...]
.text win32k.sys!EngAllocUserMem + 1C BF8FBEF8 1 Byte [00]
.text win32k.sys!EngAllocUserMem + 1C BF8FBEF8 11 Bytes [00, 8D, 45, 08, 50, 53, 8D, ...]
.text win32k.sys!EngAllocUserMem + 28 BF8FBF04 36 Bytes [FF, 15, 64, DE, 98, BF, 3B, ...]
.text win32k.sys!EngAllocUserMem + 4D BF8FBF29 57 Bytes [15, 9C, DB, 98, BF, 8B, F0, ...]
.text ...
.text win32k.sys!EngMarkBandingSurface + 5A BF8FC4FC 76 Bytes [90, 90, 90, 90, 8B, FF, 55, ...]
.text win32k.sys!EngMarkBandingSurface + A7 BF8FC549 79 Bytes [8B, 06, 89, 45, D8, 8B, 45, ...]
.text win32k.sys!EngMarkBandingSurface + F7 BF8FC599 25 Bytes [74, 14, FF, 75, E0, 8B, CE, ...]
.text win32k.sys!EngMarkBandingSurface + 111 BF8FC5B3 8 Bytes [75, 13, 8B, 75, FC, 8D, 4D, ...] {JNZ 0x15; MOV ESI, [EBP-0x4]; LEA ECX, [EBP-0x10]}
.text win32k.sys!EngMarkBandingSurface + 11A BF8FC5BC 42 Bytes [DF, 0F, FE, FF, 5F, 8B, C6, ...]
.text ...
.text win32k.sys!BRUSHOBJ_ulGetBrushColor + 2 BF8FCDA6 20 Bytes [55, 8B, EC, 8B, 45, 08, F6, ...]
.text win32k.sys!BRUSHOBJ_ulGetBrushColor + 17 BF8FCDBB 29 Bytes [40, 0C, 5D, C2, 04, 00, 83, ...]
.text win32k.sys!BRUSHOBJ_ulGetBrushColor + 35 BF8FCDD9 60 Bytes [55, 8B, EC, 56, FF, 15, E0, ...]
.text win32k.sys!BRUSHOBJ_ulGetBrushColor + 73 BF8FCE17 31 Bytes [8B, D8, 83, 67, 08, F7, 83, ...]
.text win32k.sys!BRUSHOBJ_ulGetBrushColor + 93 BF8FCE37 206 Bytes [00, 00, B9, 40, 42, 0F, 00, ...]
.text ...
.text win32k.sys!EngStrokeAndFillPath + 5D BF8FE7F5 6 Bytes [0B, C2, 89, 45, F8, 8B]
.text win32k.sys!EngStrokeAndFillPath + 64 BF8FE7FC 20 Bytes [1C, F6, 07, 01, 0F, 85, 59, ...]
.text win32k.sys!EngStrokeAndFillPath + 79 BF8FE811 8 Bytes [20, FF, 75, 10, FF, 75, 0C, ...] {AND BH, BH; JNZ 0x14; PUSH DWORD [EBP+0xc]; PUSH ESI}
.text win32k.sys!EngStrokeAndFillPath + 82 BF8FE81A 3 Bytes CALL BF8E6DE9 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngStrokeAndFillPath + 86 BF8FE81E 20 Bytes [85, C0, 74, 27, FF, 75, F8, ...]
.text ...
.text win32k.sys!STROBJ_bEnum + 3A BF8FECA7 117 Bytes [56, 24, 85, D2, 75, 94, 01, ...]
.text win32k.sys!STROBJ_bEnum + B0 BF8FED1D 22 Bytes [FF, 75, 08, 8B, CE, C7, 45, ...]
.text win32k.sys!STROBJ_bEnum + C9 BF8FED36 23 Bytes [90, 90, 8B, FF, 55, 8B, EC, ...]
.text win32k.sys!STROBJ_bEnum + E1 BF8FED4E 171 Bytes [89, 7D, F4, 89, 7D, F8, E8, ...]
.text win32k.sys!STROBJ_bEnum + 18D BF8FEDFA 93 Bytes [C6, 5E, C9, C2, 08, 00, FF, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[260] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[260] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[260] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[260] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[260] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[416] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[416] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[416] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[416] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[416] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[416] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[416] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[416] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[416] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[416] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[416] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[416] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[552] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[552] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[588] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[588] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[588] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[588] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[588] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[588] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[588] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[588] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[588] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[588] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[588] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[588] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[588] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[588] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[588] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[588] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[596] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[596] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[596] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[596] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[596] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\Explorer.EXE[608] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[608] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[608] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[608] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[608] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[608] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[608] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[608] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[608] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[608] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[608] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[608] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[608] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[608] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[608] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[608] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[608] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[608] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[608] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[608] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[608] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[608] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00130F54
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00130FE0
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00130D24
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00130DB0
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00130E3C
.text C:\Documents and Settings\marie\Plocha\gmer\gmer.exe[816] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00130EC8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[848] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[848] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[848] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[848] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[848] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[848] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[848] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[848] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[848] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[848] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[848] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[912] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[912] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[912] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[912] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[912] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[912] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[912] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[912] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[912] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[912] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[912] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[912] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[912] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[912] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\spoolsv.exe[932] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[932] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[932] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[932] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[932] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[932] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[932] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[932] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[932] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[932] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[932] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[932] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[932] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[932] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[932] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[932] WS2_32.dll!connect

Re: problem prohližeče

Napsal: 10 úno 2010 16:34
od killer.
pokracovani logu 2
.text C:\WINDOWS\System32\alg.exe[1028] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[1028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[1028] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[1028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[1028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[1028] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[1028] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[1028] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[1028] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[1028] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[1028] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[1028] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[1028] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[1028] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[1028] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[1028] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[1028] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[1028] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Java\jre6\bin\jqs.exe[1088] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1088] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jqs.exe[1088] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jqs.exe[1088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jqs.exe[1088] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1088] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1088] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1088] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1088] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1088] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1088] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jqs.exe[1088] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jqs.exe[1088] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1088] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jqs.exe[1088] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre6\bin\jqs.exe[1088] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1088] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrB.exe[1112] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PnkBstrB.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PnkBstrB.exe[1112] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PnkBstrB.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PnkBstrB.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PnkBstrB.exe[1112] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PnkBstrB.exe[1112] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PnkBstrB.exe[1112] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PnkBstrB.exe[1112] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PnkBstrB.exe[1112] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PnkBstrB.exe[1112] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PnkBstrB.exe[1112] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PnkBstrB.exe[1112] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PnkBstrB.exe[1112] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PnkBstrB.exe[1112] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrB.exe[1112] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PnkBstrB.exe[1112] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PnkBstrB.exe[1112] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\PnkBstrA.exe[1148] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PnkBstrA.exe[1148] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PnkBstrA.exe[1148] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PnkBstrA.exe[1148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PnkBstrA.exe[1148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PnkBstrA.exe[1148] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PnkBstrA.exe[1148] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PnkBstrA.exe[1148] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PnkBstrA.exe[1148] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PnkBstrA.exe[1148] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PnkBstrA.exe[1148] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PnkBstrA.exe[1148] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PnkBstrA.exe[1148] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PnkBstrA.exe[1148] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PnkBstrA.exe[1148] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrA.exe[1148] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PnkBstrA.exe[1148] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PnkBstrA.exe[1148] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[1184] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[1184] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[1184] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[1184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[1184] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[1184] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[1184] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[1184] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[1184] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[1184] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[1184] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[1184] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[1184] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[1184] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[1184] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\csrss.exe[1240] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[1240] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[1240] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[1240] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[1240] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[1240] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[1240] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[1240] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[1240] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[1240] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[1240] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[1240] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[1240] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[1240] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[1240] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\wuauclt.exe[1244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wuauclt.exe[1244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wuauclt.exe[1244] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wuauclt.exe[1244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wuauclt.exe[1244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wuauclt.exe[1244] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wuauclt.exe[1244] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wuauclt.exe[1244] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wuauclt.exe[1244] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wuauclt.exe[1244] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wuauclt.exe[1244] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wuauclt.exe[1244] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wuauclt.exe[1244] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wuauclt.exe[1244] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wuauclt.exe[1244] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wuauclt.exe[1244] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wuauclt.exe[1244] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wuauclt.exe[1244] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[1248] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[1248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[1248] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[1248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[1248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[1248] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[1248] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[1248] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[1248] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[1248] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[1248] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[1248] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[1248] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[1248] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[1248] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[1248] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[1248] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe[1248] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\winlogon.exe[1280] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1280] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1280] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1280] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1280] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1280] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1280] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1280] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1280] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1280] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1280] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1280] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[1280] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[1280] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[1280] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[1280] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1320] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1320] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1320] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1320] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1320] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1320] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1320] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1320] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1320] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1320] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1320] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1320] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1320] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1320] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1320] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1320] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00130F54
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00130FE0
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00130D24
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00130DB0
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00130E3C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1344] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\services.exe[1396] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1396] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1396] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1396] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1396] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1396] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1396] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1396] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1396] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1396] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1396] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1396] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[1396] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1408] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1408] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1408] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1408] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1408] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1408] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1408] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1408] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1408] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1408] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1408] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[1408] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1408] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1408] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1408] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\ctfmon.exe[1464] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[1464] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[1464] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[1464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[1464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[1464] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[1464] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[1464] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[1464] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[1464] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[1464] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[1464] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[1464] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[1464] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[1464] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\ICQ7.0\ICQ.exe[1524]

Re: problem prohližeče

Napsal: 10 úno 2010 16:35
od killer.
pokracovani logu 2

kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00130F54
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00130FE0
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00130D24
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00130DB0
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00130E3C
.text C:\Program Files\ICQ7.0\ICQ.exe[1524] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00130EC8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1536] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1536] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1536] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1536] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1536] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1536] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1536] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1536] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1536] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1536] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1536] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1536] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1536] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\nvsvc32.exe[1604] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\nvsvc32.exe[1604] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\nvsvc32.exe[1604] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\nvsvc32.exe[1604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\nvsvc32.exe[1604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\nvsvc32.exe[1604] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\nvsvc32.exe[1604] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\nvsvc32.exe[1604] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\nvsvc32.exe[1604] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\nvsvc32.exe[1604] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\nvsvc32.exe[1604] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\nvsvc32.exe[1604] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\nvsvc32.exe[1604] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\nvsvc32.exe[1604] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\nvsvc32.exe[1604] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1680] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1680] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1680] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1680] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1680] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1756] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1756] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1756] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1844] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00030EC8
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1916] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1916] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1916] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1916] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1916] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1916] WININET.dll!InternetConnectA 40C1DEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1916] WININET.dll!InternetConnectW 40C1F862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1916] WININET.dll!InternetOpenA 40C2D690 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1916] WININET.dll!InternetOpenW 40C2DB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1916] WININET.dll!InternetOpenUrlA 40C2F3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1916] WININET.dll!InternetOpenUrlW 40C76DDF 5 Bytes JMP 00080EC8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3036] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3036] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3036] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3036] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3036] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3036] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3036] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3036] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3036] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3036] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3036] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3036] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3036] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3148] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3148] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3148] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3148] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3148] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3148] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3148] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3148] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3148] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3148] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3148] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3148] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3148] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3148] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3148] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3148] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3212] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3212] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3212] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3212] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3212] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3212] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3212] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3212] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3212] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3212] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3212] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3212] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3212] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3320] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3320] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3320] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3320] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3320] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3320] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3320] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3320] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3320] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3320] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3320] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3320] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3320] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3320] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3320] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3320] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7295042] spcz.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F729513E] spcz.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72950C0] spcz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7295800] spcz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72956D6] spcz.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1396] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003E0002
IAT C:\WINDOWS\system32\services.exe[1396] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003E0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8655D1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom 84F981F8

AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{ABB536C3-D746-4E9B-8AEC-C990B0571F0E} 853B61F8
Device \Driver\usbohci \Device\USBPDO-0 8626E500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8655F1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8655F1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8655F1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8655F1F8
Device \Driver\usbehci \Device\USBPDO-1 863C81F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1D306588-6124-41D4-88F6-EA8E548C71D3} 853B61F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 865CC1F8
Device \Driver\USBSTOR \Device\00000071 865021F8
Device \Driver\Cdrom \Device\CdRom0 862111F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 865CC1F8
Device \Driver\atapi \Device\Ide\IdePort0 [F71E8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F71E8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 [F71E8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F71E8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\nvata \Device\00000066 8655E1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 853B61F8
Device \Driver\NetBT \Device\NetbiosSmb 853B61F8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBFDO-0 8626E500
Device \Driver\USBSTOR \Device\0000006d 865021F8
Device \Driver\usbehci \Device\USBFDO-1 863C81F8
Device \Driver\nvata \Device\NvAta0 8655E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84FB01F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84FB01F8
Device \Driver\Ftdisk \Device\FtControl 865CC1F8
Device \FileSystem\Fastfat \Fat 84F981F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 84FFE1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB5 0x56 0xC3 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x55 0x2B 0xA2 0x57 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9A 0x78 0x80 0xC6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEE 0x15 0x04 0xCE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -702670749
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1222085385
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEE 0x15 0x04 0xCE ...

---- EOF - GMER 1.0.15 ----

Re: problem prohližeče

Napsal: 10 úno 2010 17:10
od Caroprd111
:arrow: Musíte dát "Nouzový režim s prací v síti".

Re: problem prohližeče

Napsal: 10 úno 2010 17:46
od killer.
aha omlouvam se,tak ani v nouzovem rezimu nektere stranky nefunguji(nezobrazuji se cele vety a stranky jsou neuplne)u IE to je ale lepsi nez v mozille.Tak me napadlo jestli teda nemam preinstalovat operacni system,snad by to pomohlo ale to jsem chtel udelat az kdyz by nebylo zadne jine reseni :(

Re: problem prohližeče

Napsal: 10 úno 2010 17:50
od Caroprd111
:arrow: Přeinstalujte Internet Explorer http://support.microsoft.com/kb/318378/cs

:arrow: Použijte Revo Uninstaller http://www.stahuj.centrum.cz/utility_a_ ... installer/ na odinstalování firefoxu, pročistěte PC Ccleanerem a nainstalujte firefox znovu.

:arrow: Vyzkoušejte, jestli se problém vyskytuje i v opeře


:arrow: Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
- Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

:arrow: Záložka Čistič
- Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

:arrow: Záložka Registry
- Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
:arrow: OK :arrow: Zavřít

Re: problem prohližeče

Napsal: 10 úno 2010 19:14
od killer.
odinstalace IE se nepovedla napsalo mi to ze to neni potreba,jen se doinstalovalo par aktualizaci,jinak vse jsem udelal jak jste napsal,v opere to je stejne jak v firefoxu a navic ted ty stranky jsou docela dost roztazene :?:

Re: problem prohližeče

Napsal: 10 úno 2010 19:15
od Caroprd111
Vydržte, poradím se s kolegy.

Re: problem prohližeče

Napsal: 10 úno 2010 19:29
od Caroprd111
Použijte ATF Cleaner http://www.atribune.org/public-beta/ATF-Cleaner.exe

po spuštění staženého souboru se objeví okno, zatrhněte Select All, klikněte na Empty Selected a Exit

stejným způsobem vymažte případně cache Firefoxu a Opery, restartujte PC.

Tímto krokem přijdete o všechna hesla uložená ve FF /Opeře!


thx "meteorolog"
Všechny časy jsou v UTC+01:00
Stránka 2 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz