VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Systém startuje 60minut.

https://forum.viry.cz:443/viewtopic.php?t=98761

Stránka 7 z 16

Re: Systém startuje 60minut.

Napsal: 14 bře 2010 00:18
od MiliNess
Pokud nezabere reinstalace service Packu, bude problém někde v registrech. Jediné co bych pro vás pak mohl udělat je to, že bychom vrátili stav registrů do stavu, kdy byl poprvé nainstalován Windows. Musel byste reinstalovat všechny programy a znovu vše nastavit. Taková kompletní reinstalace bez reinstalace.

Re: Systém startuje 60minut.

Napsal: 14 bře 2010 00:22
od MatesJ
no tak to raději reinstalnem a formátnem, pokud nebude jiná cesta....... je jistota že ten hajzlík není na některém z jiných disků?

co nové drivery pro desku a nebo nový BIOS?

řešíme teď vir a nebo HW?

to je ten sinowal taková ludra?

mám to pak nainstalovat jak, přes nero a stustit .exe????

Re: Systém startuje 60minut.

Napsal: 14 bře 2010 00:27
od MiliNess
Spíš software. Řekl bych, že problém bude v tom, že bylo z registrů odstraněno něco, co odstraněno být nemělo. Uvidíme na konci

Re: Systém startuje 60minut.

Napsal: 14 bře 2010 00:34
od MatesJ
no to mne napadlo taky, zálohu jsem nedělal, stáhl jsem asi před 14 dny WinXP Manager a jeho součástí je i 1 Click Cleaner, ten jsem dal a našel spoustu věcí, které smáznul........

Re: Systém startuje 60minut.

Napsal: 14 bře 2010 00:40
od MatesJ
tak je odinstalováno a jdu na restart........

Re: Systém startuje 60minut.

Napsal: 14 bře 2010 00:50
od MatesJ
za 5 min. bychom mohli začít instalovat SP3, jak na to z toho .iso????

po odinstalu to nabíhalo stejně pomalu......... po naběhnutí win, jde pomalu vždy jen první spuštění jakékoliv aplikace, pak je to již celkem ok asi úplně ok

Re: Systém startuje 60minut.

Napsal: 14 bře 2010 01:06
od MiliNess
Nechte naběhnout systém a vražte CD do mechaniky. Instalace by se měla spustit sama. Eventuelně bude na cd v kořenovém adresáři instalátor.
Jinak by po instalaci vůbec nebylo od věci spustit Gmer. Teď jsem si znovu procházel celý topic a ten rootkit co ho předtím našel Combofix, mimo jiné hákoval váš antivirový program, síťovou kartu a diskový subsystém. To přesně odpovídá problémům, které máte. Mám obavy, zda tam ještě něco nezbylo. Háky vedly do nějakého neznámého modulu na adrese 0x8B0C72B8 a pokud jsem to pochopil dobře, pouze jste přepisoval kód MBR příkazem fixmbr. Ten modul tam tedy někde ještě bude a počítejte s tím, že váš antivirák ho momentálně neodhalí.

Re: Systém startuje 60minut.

Napsal: 14 bře 2010 01:15
od MatesJ
v adresáři jsou dva exáče, auto run a samotný pack....... který......... iso mi samo nenaběhne, spustí to NERO.

přesně jen jsem to přepsal fixmbr......

Jste hlava, v den a nebo před tím problémem mi to hodilo chybu na Grafice, už nevím co, myslel jsem planný poplach, včera mi to vrtalo v hlavě a stáhl jsem nejnovější ovladaše na Grafiku a instaloval, ráno rozlišení na nejníže a snad jen 4bity v barvě, katastrofa......... ikony přes půl monitoru, prý je to neplatný GPU pro systém.......... pak jsem dal starý z CD ke graficew.............jj bude tam hajzl jeden :-)

zkoušel jsem tolik antivirů až běda, nic :-), mám i přímo na sinowal a nic nenalezeno............ bude tam ludra jedna špatná

Re: Systém startuje 60minut.

Napsal: 14 bře 2010 01:22
od MiliNess
Tak spustit přímo ten instalátor SP.
Až to nainstalujete, stáhněte si http://www2.gmer.net/mbr/mbr.exe na plochu a spusťte ho. Vytvoří se log, ten sem pak hoďte.
A pak by to chtělo použít Gmer a také sem hodit log.
Nemusí to být přímo Sinowal, ale něco podobného, co používá podobnou techniku.

Re: Systém startuje 60minut.

Napsal: 14 bře 2010 04:02
od motji
Návod na Gmer (první dva body udělejte jen v případě, že používáte Daemon nebo alcohol)


:arrow: odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

:arrow: Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer


----------------------

:arrow: Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

:arrow: stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


:arrow: start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t
ok

:arrow: vytvoří se log s názvem mbr.log, vložte ho zde

Re: Systém startuje 60minut.

Napsal: 14 bře 2010 07:32
od MatesJ
teď ráno to po mě chtělo SP3 instal.......... udělám SP3 a jdu na Váš postup..........

chtěl jsem spustit Daemona a nešel, on není vidět ani v programech, psalo to, že mu chybí právě ten SPTD, takže uninstal mi to nanabídlo, jen instal..........

Re: Systém startuje 60minut.

Napsal: 14 bře 2010 13:09
od MatesJ
takže SP3 je tam, Deamon je pryč a GMER hotov asi po 3 hodinách. Při Gmeru mi to padlo 3x do MODRÉ a PC je oproti včerejšku pořád stejné, něco se děje s Mozillou a nechce se mi někdy otevřít, pak píše, že script nereaguje, PC se seká úplně pokud chci přecházet mezi složkami a nebo otevírat aplikace.

GMER mě zarazil, že navidí moje P:, mám disky C:;D., I:;P:;R:( se přepsalo po MBRfix na F:, shortcut funguje ale systém ho vidí jako F: )

zde log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-14 10:31:59
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\kwxdrpod.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA7F6A678]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

Re: Systém startuje 60minut.

Napsal: 14 bře 2010 13:11
od MatesJ
zde celý:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-14 12:49:09
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\kwxdrpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA7F616B8]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xA88AE868]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA7F61574]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xA88ADE90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xA88ADD9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xA88AE3FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xA88AF210]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0xA88AB786]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA7F61A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA7F6114C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xBA18A01C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xBA18A168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xA88AEB54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA7F6164E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA7F6108C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA7F610F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA7F6176E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA7F6172E]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xA88AE4EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xA88AEE8C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA7F618AE]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xA88AEDE0]

INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B5462541
INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B54625E7

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA7F6A678]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C64 80504500 4 Bytes CALL 0AB2ED8F
PAGE ntkrnlpa.exe!NtCreateSection 805AB3AC 7 Bytes JMP A7F6A67C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.xreloc C:\WINDOWS\system32\drivers\sfsync05.sys unknown last section [0xB9F67000, 0xC9C, 0x40000040]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB52F4000, 0x16DFE2, 0xE8000020]
.text HTTP.sys A3F0931D 2 Bytes [28, 09] {SUB [ECX], CL}
.text HTTP.sys A3F0933C 1 Byte [74]
.text HTTP.sys A3F0934C 2 Bytes [20, 09] {AND [ECX], CL}
.text HTTP.sys A3F09372 2 Bytes [10, 06] {ADC [ESI], AL}
.text HTTP.sys A3F09397 2 Bytes CALL A3F0BEB5 \SystemRoot\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation)
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avast\aswUpdSv.exe[176] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avast\aswUpdSv.exe[176] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avast\aswUpdSv.exe[176] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Avast\aswUpdSv.exe[176] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Avast\aswUpdSv.exe[176] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Avast\aswUpdSv.exe[176] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avast\ashServ.exe[268] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avast\ashServ.exe[268] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avast\ashServ.exe[268] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Avast\ashServ.exe[268] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Avast\ashServ.exe[268] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Avast\ashServ.exe[268] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[624] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[624] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetConnectA 40C1B0D2 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetConnectW 40C1C2C0 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetOpenA 40C23081 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetOpenW 40C236B1 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetOpenUrlA 40C26F5A 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetOpenUrlW 40C68439 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[624] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[624] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[624] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text D:\Dokumenty\Virusy\gmer.exe[652] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text D:\Dokumenty\Virusy\gmer.exe[652] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text D:\Dokumenty\Virusy\gmer.exe[652] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[692] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[692] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[692] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[692] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[692] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe[724] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[848] WININET.dll!InternetConnectA 40C1B0D2 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[848] WININET.dll!InternetConnectW 40C1C2C0 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[848] WININET.dll!InternetOpenA 40C23081 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[848] WININET.dll!InternetOpenW 40C236B1 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[848] WININET.dll!InternetOpenUrlA 40C26F5A 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[848] WININET.dll!InternetOpenUrlW 40C68439 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[848] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[848] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[848] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[936] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[1080] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[1080] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1136] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1136] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[1136] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[1136] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[1136] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[1136] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1184] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[1184] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1196] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1196] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[1196] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1196] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1196] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1196] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[1376] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!connect

Re: Systém startuje 60minut.

Napsal: 14 bře 2010 13:11
od MatesJ
2. cást:

.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1564] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PnkBstrA.exe[1596] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1612] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1612] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1612] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1612] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1612] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetConnectA 40C1B0D2 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetConnectW 40C1C2C0 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetOpenA 40C23081 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetOpenW 40C236B1 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetOpenUrlA 40C26F5A 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetOpenUrlW 40C68439 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1668] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1668] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1836] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PnkBstrB.exe[1860] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1872] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1872] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1872] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1872] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1872] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1972] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[2008] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[2008] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[2008] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[2008] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[2008] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2024] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[2072] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[2072] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[2072] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[2072] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[2072] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[2072] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] WININET.dll!InternetConnectA 40C1B0D2 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] WININET.dll!InternetConnectW 40C1C2C0 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] WININET.dll!InternetOpenA 40C23081 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] WININET.dll!InternetOpenW 40C236B1 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] WININET.dll!InternetOpenUrlA 40C26F5A 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2244] WININET.dll!InternetOpenUrlW 40C68439 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[2408] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[2408] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[2408] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2432] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\PROGRA~1\Avast\ashDisp.exe[2616] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\PROGRA~1\KEMailKb\KEMailKb.EXE[2704] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694

Re: Systém startuje 60minut.

Napsal: 14 bře 2010 13:12
od MatesJ
3. tí část:

.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\WINDOWS\Domino.exe[2800] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\WINDOWS\Domino.exe[2800] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\WINDOWS\Domino.exe[2800] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[2860] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] WININET.dll!InternetConnectA 40C1B0D2 5 Bytes JMP 00140F54
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] WININET.dll!InternetConnectW 40C1C2C0 5 Bytes JMP 00140FE0
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] WININET.dll!InternetOpenA 40C23081 5 Bytes JMP 00140D24
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] WININET.dll!InternetOpenW 40C236B1 5 Bytes JMP 00140DB0
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] WININET.dll!InternetOpenUrlA 40C26F5A 5 Bytes JMP 00140E3C
.text C:\Program Files\Java\jre6\bin\jusched.exe[2892] WININET.dll!InternetOpenUrlW 40C68439 5 Bytes JMP 00140EC8
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2920] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[2936] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[2936] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[2936] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2976] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\taskmgr.exe[2980] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\taskmgr.exe[2980] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\taskmgr.exe[2980] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\taskmgr.exe[2980] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\taskmgr.exe[2980] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\taskmgr.exe[2980] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3040] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wuauclt.exe[3092] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wuauclt.exe[3092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wuauclt.exe[3092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wuauclt.exe[3184] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wuauclt.exe[3184] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wuauclt.exe[3184] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wuauclt.exe[3184] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wuauclt.exe[3184] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wuauclt.exe[3184] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avast\ashMaiSv.exe[3548] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avast\ashMaiSv.exe[3548] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Avast\ashMaiSv.exe[3548] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Avast\ashMaiSv.exe[3548] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Avast\ashMaiSv.exe[3548] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avast\ashMaiSv.exe[3548] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avast\ashWebSv.exe[3600] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avast\ashWebSv.exe[3600] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Avast\ashWebSv.exe[3600] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Avast\ashWebSv.exe[3600] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Avast\ashWebSv.exe[3600] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avast\ashWebSv.exe[3600] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!ExAcquireFastMutex] [805F66F2] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!ExReleaseFastMutex] [805F7E90] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!KfAcquireSpinLock] [805E3416] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!KfReleaseSpinLock] [805DCB2E] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!KeAcquireInStackQueuedSpinLock] [805DC47E] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!KeReleaseInStackQueuedSpinLock] [805E2ECA] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\HTTP.sys[HAL.dll!KeGetCurrentIrql] [805E3252] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1184] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003E0002
IAT C:\WINDOWS\system32\services.exe[1184] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003E0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\atapi \Device\Ide\IdePort0 8B21E7A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8B21E7A8
Device \Driver\atapi \Device\Ide\IdePort1 8B21E7A8
Device \Driver\atapi \Device\Ide\IdePort2 8B21E7A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8B21E7A8
Device \Driver\atapi \Device\Ide\IdePort3 8B21E7A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 8B21E7A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 8B21E7A8
Device \Driver\usbstor \Device\00000085 8B272FF0
Device \Driver\usbstor \Device\00000088 8B272FF0

AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbstor \Device\00000089 8B272FF0

AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbstor \Device\0000008a 8B272FF0
Device \Driver\usbstor \Device\0000008b 8B272FF0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSpxoe.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSpxoe.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSktpa.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSwupe.dat
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSirxy.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSyavu.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSacun.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSqqcn.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSehys.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSwghd.log
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0x58 0xD1 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x22 0xCF 0x14 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA4 0x84 0x58 0x85 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x30 0xC7 0xAC 0x50 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x75 0xF9 0xF6 0x26 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0x58 0xD1 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x22 0xCF 0x14 0x49 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA4 0x84 0x58 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x30 0xC7 0xAC 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x75 0xF9 0xF6 0x26 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0x58 0xD1 0x0E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x22 0xCF 0x14 0x49 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA4 0x84 0x58 0x85 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x30 0xC7 0xAC 0x50 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x75 0xF9 0xF6 0x26 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0x58 0xD1 0x0E ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x22 0xCF 0x14 0x49 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA4 0x84 0x58 0x85 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x30 0xC7 0xAC 0x50 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x75 0xF9 0xF6 0x26 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- EOF - GMER 1.0.15 ----
Všechny časy jsou v UTC+01:00
Stránka 7 z 16

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz