Re: Procesor
Napsal: 31 pro 2009 11:21
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-31 01:48:49
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\marek\LOCALS~1\Temp\uxtdypog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB13F76B8]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xB16D1868]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB13F7574]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xB16D0E90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xB16D0D9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xB16D13FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xB16D2210]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0xB16CE786]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB13F7A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB13F714C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xBA7BC01C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xBA7BC168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xB16D1B54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB13F764E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB13F708C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB13F70F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB13F776E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB13F772E]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xB16D14EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xB16D1E8C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB13F78AE]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xB16D1DE0]
---- Kernel code sections - GMER 1.0.15 ----
.reloc C:\WINDOWS\system32\drivers\acehlp10.sys section is executable [0xB9FE6700, 0x2919C, 0xE0000060]
.reloc C:\WINDOWS\system32\drivers\acedrv10.sys section is executable [0xB0BF0000, 0x4549F, 0xE0000060]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\Program Files\xampp\apache\bin\apache.exe[132] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000708C4
.text C:\Program Files\xampp\apache\bin\apache.exe[132] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00070838
.text C:\Program Files\xampp\apache\bin\apache.exe[132] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00070950
.text C:\Program Files\xampp\apache\bin\apache.exe[132] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000707AC
.text C:\Program Files\xampp\apache\bin\apache.exe[132] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00070720
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] ntdll.dll!RtlLargeIntegerToChar + 1CA 7C960C6E 1 Byte [92]
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] WININET.dll!InternetConnectA 771C344A 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] WININET.dll!InternetConnectW 771CEE30 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[412] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wdfmgr.exe[496] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\wdfmgr.exe[496] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00070720
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[584] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[584] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[584] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[584] WININET.dll!InternetConnectA 771C344A 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[584] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[584] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[584] WININET.dll!InternetConnectW 771CEE30 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[584] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[584] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[584] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[584] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\SOUNDMAN.EXE[804] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\SOUNDMAN.EXE[804] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[840] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[840] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[840] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
Rootkit scan 2009-12-31 01:48:49
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\marek\LOCALS~1\Temp\uxtdypog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB13F76B8]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xB16D1868]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB13F7574]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xB16D0E90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xB16D0D9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xB16D13FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xB16D2210]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0xB16CE786]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB13F7A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB13F714C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xBA7BC01C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xBA7BC168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xB16D1B54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB13F764E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB13F708C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB13F70F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB13F776E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB13F772E]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xB16D14EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xB16D1E8C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB13F78AE]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xB16D1DE0]
---- Kernel code sections - GMER 1.0.15 ----
.reloc C:\WINDOWS\system32\drivers\acehlp10.sys section is executable [0xB9FE6700, 0x2919C, 0xE0000060]
.reloc C:\WINDOWS\system32\drivers\acedrv10.sys section is executable [0xB0BF0000, 0x4549F, 0xE0000060]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\Program Files\xampp\apache\bin\apache.exe[132] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\Program Files\xampp\apache\bin\apache.exe[132] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000708C4
.text C:\Program Files\xampp\apache\bin\apache.exe[132] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00070838
.text C:\Program Files\xampp\apache\bin\apache.exe[132] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00070950
.text C:\Program Files\xampp\apache\bin\apache.exe[132] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000707AC
.text C:\Program Files\xampp\apache\bin\apache.exe[132] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00070720
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\xampp\mysql\bin\mysqld-nt.exe[244] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[292] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[328] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] ntdll.dll!RtlLargeIntegerToChar + 1CA 7C960C6E 1 Byte [92]
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] WININET.dll!InternetConnectA 771C344A 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] WININET.dll!InternetConnectW 771CEE30 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[364] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[412] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wdfmgr.exe[496] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wdfmgr.exe[496] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\wdfmgr.exe[496] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00070720
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[584] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[584] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[584] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[584] WININET.dll!InternetConnectA 771C344A 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[584] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[584] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[584] WININET.dll!InternetConnectW 771CEE30 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[584] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[584] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[584] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[584] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[784] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\SOUNDMAN.EXE[804] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\SOUNDMAN.EXE[804] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\SOUNDMAN.EXE[804] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[840] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[840] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[840] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
Tento program znáte?
.
.