Re: problém s PC, prosím o kontrolu logu
Napsal: 19 úno 2010 19:24
Pokračujte podle návodu http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 Pokračujte podle návodu http://www.viry.cz/forum/viewtopic.php?f=29&t=58179VIRY.CZ
Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/
problém s PC, prosím o kontrolu logu
Stránka 2 z 3
Pokračujte podle návodu http://www.viry.cz/forum/viewtopic.php?f=29&t=58179Re: problém s PC, prosím o kontrolu logu
Napsal: 19 úno 2010 19:32
v návodu vidím, že scan může trvat i několik hodin, tak to ho asi pustím přes noc a ozvu se zítra 
Re: problém s PC, prosím o kontrolu logu
Napsal: 19 úno 2010 19:33
Bude to tak nejlepší 
Re: problém s PC, prosím o kontrolu logu
Napsal: 20 úno 2010 10:34
Autoscan: completed 7 hours ago (events: 2, objects: 103654, time: 00:29:31)
20.2.2010 2:28:01 Task started
20.2.2010 2:57:32 Task completed
20.2.2010 2:28:01 Task started
20.2.2010 2:57:32 Task completed
Re: problém s PC, prosím o kontrolu logu
Napsal: 20 úno 2010 10:39
Stáhněte RootRepeal http://rootrepeal.googlepages.com/RootRepeal.zip- Rozbalte a spusťte, klikněte na záložku Drivers, pak Files, poté klikněte na Scan.
- Po dokončení skenu klikněte na Save Report, tím uložíte log, zkopírujte ho sem.
Re: problém s PC, prosím o kontrolu logu
Napsal: 20 úno 2010 11:26
Připadám si fakt trapně, nikde nic není 
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/02/20 11:25
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================
Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Táňa\Data aplikací\Mozilla\Firefox\Profiles\0dytrulh.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/02/20 11:25
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================
Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Táňa\Data aplikací\Mozilla\Firefox\Profiles\0dytrulh.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)
Re: problém s PC, prosím o kontrolu logu
Napsal: 20 úno 2010 11:43
no je to zvláštní, ale najednou po všech těch scanech je komp zase docela v pohodě. Dokonce přestal hučet, jako to s oblibou dělal posledních několik dnů. nechápu to
Re: problém s PC, prosím o kontrolu logu
Napsal: 20 úno 2010 11:47
Popište mi podrobněji problém s Root Repeal.
Re: problém s PC, prosím o kontrolu logu
Napsal: 20 úno 2010 12:13
já jsem si nevšimla, že by s nim byl nějaký problém... 
No ten scan doběhl strašně rychle, nebyla to snad ani minuta, ale žádná chybová hláška, nic neobvyklého... Okno normálně zůstalo otevřené... Vážně nevím, co bych k tomu řekla...
No ten scan doběhl strašně rychle, nebyla to snad ani minuta, ale žádná chybová hláška, nic neobvyklého... Okno normálně zůstalo otevřené... Vážně nevím, co bych k tomu řekla...Re: problém s PC, prosím o kontrolu logu
Napsal: 20 úno 2010 12:27
Vydržte, poradím se s kolegy
Re: problém s PC, prosím o kontrolu logu
Napsal: 20 úno 2010 19:21
Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878Re: problém s PC, prosím o kontrolu logu
Napsal: 21 úno 2010 10:22
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-21 10:21:40
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\TA1D2F~1\LOCALS~1\Temp\kwaiaaob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
Rootkit quick scan 2010-02-21 10:21:40
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\TA1D2F~1\LOCALS~1\Temp\kwaiaaob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
Re: problém s PC, prosím o kontrolu logu
Napsal: 21 úno 2010 10:38
OK, ještě druhý log.
Re: problém s PC, prosím o kontrolu logu
Napsal: 21 úno 2010 10:59
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-21 10:56:33
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\TA1D2F~1\LOCALS~1\Temp\kwaiaaob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAADAD6B8]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xAAF44868]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAADAD574]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xAAF43E90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xAAF43D9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xAAF443FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xAAF45210]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0xAAF41786]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAADADA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAADAD14C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xF762001C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xF7620168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xAAF44B54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAADAD64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAADAD08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAADAD0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAADAD76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAADAD72E]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xAAF444EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xAAF44E8C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAADAD8AE]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xAAF44DE0]
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF70B1F80]
pnidata C:\WINDOWS\System32\DRIVERS\secdrv.sys unknown last section [0xAA565F00, 0x24000, 0x48000000]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\System32\hkcmd.exe[120] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\System32\hkcmd.exe[120] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00130F54
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00130D24
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00130E3C
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00130FE0
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00130DB0
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[520] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[520] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[520] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[520] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[520] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\csrss.exe[988] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[988] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1012] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[1012] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[1012] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[1012] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[1012] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00070950
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1056] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[1056] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[1056] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[1056] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[1056] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1068] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[1068] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1068] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1068] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1068] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1296] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1296] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1296] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
Rootkit scan 2010-02-21 10:56:33
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\TA1D2F~1\LOCALS~1\Temp\kwaiaaob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAADAD6B8]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xAAF44868]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAADAD574]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xAAF43E90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xAAF43D9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xAAF443FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xAAF45210]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0xAAF41786]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAADADA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAADAD14C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xF762001C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xF7620168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xAAF44B54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAADAD64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAADAD08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAADAD0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAADAD76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAADAD72E]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xAAF444EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xAAF44E8C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAADAD8AE]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xAAF44DE0]
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF70B1F80]
pnidata C:\WINDOWS\System32\DRIVERS\secdrv.sys unknown last section [0xAA565F00, 0x24000, 0x48000000]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\System32\hkcmd.exe[120] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\System32\hkcmd.exe[120] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\System32\hkcmd.exe[120] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00130F54
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00130D24
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00130E3C
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00130FE0
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00130DB0
.text C:\Program Files\Mozilla Firefox\firefox.exe[468] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[520] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[520] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[520] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[520] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[520] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[520] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[708] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre6\bin\jqs.exe[812] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[836] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[848] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[928] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\csrss.exe[988] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[988] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1012] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[1012] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[1012] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[1012] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[1012] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00070950
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1032] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1056] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[1056] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[1056] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[1056] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[1056] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1068] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1068] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[1068] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1068] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1068] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1068] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1136] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1296] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1296] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1296] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
Re: problém s PC, prosím o kontrolu logu
Napsal: 21 úno 2010 11:00
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1420] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1420] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1420] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00080EC8
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1488] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1488] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1488] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1488] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1488] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608
.text C:\WINDOWS\System32\wdfmgr.exe[1520] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000707AC
.text C:\WINDOWS\System32\wdfmgr.exe[1520] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1608] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1608] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1608] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1608] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1608] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1608] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1608] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1608] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1608] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[1832] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[1832] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[1884] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[1884] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1884] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[1884] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[1884] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[1884] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[1884] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[1884] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[1884] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[1884] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[1884] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[2348] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[2348] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[2348] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[2348] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[2348] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\totalcmd\TOTALCMD.EXE[2424] user32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\totalcmd\TOTALCMD.EXE[2424] user32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\totalcmd\TOTALCMD.EXE[2424] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00130F54
.text C:\totalcmd\TOTALCMD.EXE[2424] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00130D24
.text C:\totalcmd\TOTALCMD.EXE[2424] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00130E3C
.text C:\totalcmd\TOTALCMD.EXE[2424] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00130FE0
.text C:\totalcmd\TOTALCMD.EXE[2424] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00130DB0
.text C:\totalcmd\TOTALCMD.EXE[2424] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00130EC8
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wuauclt.exe[3296] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wuauclt.exe[3296] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1056] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[1056] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- EOF - GMER 1.0.15 ----
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1340] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1420] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1420] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1420] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00080EC8
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1488] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1488] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1488] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1488] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1488] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464
.text C:\WINDOWS\System32\wdfmgr.exe[1520] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608
.text C:\WINDOWS\System32\wdfmgr.exe[1520] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000707AC
.text C:\WINDOWS\System32\wdfmgr.exe[1520] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1608] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1608] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1608] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1608] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1608] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1608] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1608] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1608] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1608] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[1832] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[1832] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[1832] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[1884] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[1884] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[1884] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1884] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[1884] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[1884] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[1884] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[1884] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[1884] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[1884] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[1884] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[1884] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1972] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2028] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[2348] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[2348] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[2348] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[2348] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[2348] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[2348] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2376] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\totalcmd\TOTALCMD.EXE[2424] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\totalcmd\TOTALCMD.EXE[2424] user32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\totalcmd\TOTALCMD.EXE[2424] user32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\totalcmd\TOTALCMD.EXE[2424] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00130F54
.text C:\totalcmd\TOTALCMD.EXE[2424] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00130D24
.text C:\totalcmd\TOTALCMD.EXE[2424] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00130E3C
.text C:\totalcmd\TOTALCMD.EXE[2424] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00130FE0
.text C:\totalcmd\TOTALCMD.EXE[2424] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00130DB0
.text C:\totalcmd\TOTALCMD.EXE[2424] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00130EC8
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Documents and Settings\Táňa\Dokumenty\Stažené soubory\gmer.exe[2540] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\NOTEPAD.EXE[2732] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wuauclt.exe[3296] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wuauclt.exe[3296] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wuauclt.exe[3296] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1056] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[1056] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- EOF - GMER 1.0.15 ----