Dobrý den,
prosím, mohli byste mi poradit a pomoct? Počítač mi jede pomaleji než před pár dny a internet strašně pomalu. Připojení je dobré, takže to musí být v počítači. Navíc AdAware mi zjistil dvakrát po sobě Malware backdoor bredolab. Jednou jsem ho vymazal a podruhé dal do karantény. Prosím pomožte...
Tady zasílám log z RSIT:
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 927 MB (6%) free of 15 GB
Total RAM: 1023 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:37:01, on 24.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\MSTMON_Q.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jirkaj\Plocha\programy na viry\RSIT.exe
C:\Program Files\trend micro\Jirkaj.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.seznam.cz/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] C:\WINDOWS\system32\MSTMON_Q.EXE
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://neo.csa.cz/dana-cached/setup/Ju ... tupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NOD32 Kernel Service (nod32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 6285 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-06-28 344064]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-06-29 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-05-17 77824]
"EasyTuneV"=C:\Program Files\Gigabyte\ET5\GUI.exe [2004-06-14 200704]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-03-15 524632]
"KONICA MINOLTA PagePro 1350WStatusDisplay"=C:\WINDOWS\system32\MSTMON_Q.EXE [2004-11-26 167936]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2010-05-15 778240]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-11-30 1945600]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Hlavní panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe"="C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-05-15 20:02:23 ----A---- C:\WINDOWS\system32\nms32.dll
2010-05-15 20:02:23 ----A---- C:\WINDOWS\system32\imon.dll
======List of files/folders modified in the last 1 months======
2010-05-24 11:36:57 ----D---- C:\Program Files\trend micro
2010-05-24 11:35:31 ----D---- C:\WINDOWS\Prefetch
2010-05-24 11:28:41 ----D---- C:\Program Files\Mozilla Firefox
2010-05-24 11:28:22 ----D---- C:\WINDOWS\temp
2010-05-24 11:28:16 ----D---- C:\WINDOWS
2010-05-24 11:26:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-24 10:26:54 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-22 14:10:12 ----D---- C:\Program Files\ESET
2010-05-21 17:11:35 ----AC---- C:\WINDOWS\winamp.ini
2010-05-15 20:02:23 ----D---- C:\WINDOWS\system32\drivers
2010-05-15 20:02:23 ----AD---- C:\WINDOWS\system32
2010-05-07 00:54:42 ----SHD---- C:\WINDOWS\Installer
2010-05-04 20:03:54 ----D---- C:\Documents and Settings\Jirkaj\Data aplikací\Skype
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877]
R1 neofltr_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951); \??\C:\WINDOWS\system32\Drivers\NEOFLTR_650_14951.SYS []
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]
R2 amon;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R2 MLPTDR_Q;MLPTDR_Q; \??\C:\WINDOWS\system32\MLPTDR_Q.SYS []
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-15 34064]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-05-18 2319680]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-06-29 1241088]
R3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 MarkFun_NT;MarkFun_NT; \??\C:\Program Files\Gigabyte\ET5\markfun.w32 []
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys []
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys []
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys []
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys []
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys []
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys []
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys []
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys []
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2005-06-29 376832]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-15 1029456]
R2 nod32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2010-05-15 331776]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\System32\tcpsvcs.exe [2002-09-23 19456]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-06-28 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 p2psvc;Síť rovnocenných počítačů; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 PNRPSvc;Protokol PNRP; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-15 92792]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
PC jede pomalu a internet se moc seka + backdoor vir
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: PC jede pomalu a internet se moc seka + backdoor vir
zdravim
stahnete a ulozte nejlepe na plochu ComboFix
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:
dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
stahnete a ulozte nejlepe na plochu ComboFix
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:
dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Re: PC jede pomalu a internet se moc seka + backdoor vir
Tady je log z Combofixu:
ComboFix 10-05-23.07 - Jirkaj 24.05.2010 14:17:16.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.595 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jirkaj\Plocha\programy na viry\ComboFix.exe
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dokumenty\Settings
c:\documents and settings\All Users\Dokumenty\Settings\desktop.ini
C:\fakturka
c:\fakturka\Asw.inf
c:\fakturka\ASWData.mdb
c:\fakturka\ASWData.zal
c:\fakturka\AswLink.ocx
c:\fakturka\Fakturka.cnt
c:\fakturka\Fakturka.exe
c:\fakturka\FAKTURKA.HLP
c:\fakturka\ST6UNST.LOG
C:\UCTO2010
c:\ucto2010\{GLOB}\ADRWEB.000
c:\ucto2010\{GLOB}\BANKY.000
c:\ucto2010\{GLOB}\BANKYHB.008
c:\ucto2010\{GLOB}\CISOKR.097
c:\ucto2010\{GLOB}\DATA.000
c:\ucto2010\{GLOB}\DATA.X00
c:\ucto2010\{GLOB}\EXPDEKLA.099
c:\ucto2010\{GLOB}\EXPDEKLA.T99
c:\ucto2010\{GLOB}\FAQ.000
c:\ucto2010\{GLOB}\FIRMY.000
c:\ucto2010\{GLOB}\FORMS.099
c:\ucto2010\{GLOB}\FORMS.T99
c:\ucto2010\{GLOB}\KODPOJ.004
c:\ucto2010\{GLOB}\MODULY.000
c:\ucto2010\{GLOB}\NAHRNEM.004
c:\ucto2010\{GLOB}\NEZDAN.000
c:\ucto2010\{GLOB}\NEZDAN.X00
c:\ucto2010\{GLOB}\OKRESY.000
c:\ucto2010\{GLOB}\PARAM1.000
c:\ucto2010\{GLOB}\PLATIDLA.004
c:\ucto2010\{GLOB}\POSTY.000
c:\ucto2010\{GLOB}\REPORT.099
c:\ucto2010\{GLOB}\REPORT.T99
c:\ucto2010\{GLOB}\SAZDPH.000
c:\ucto2010\{GLOB}\SAZDPH.X00
c:\ucto2010\{GLOB}\SAZDZP.000
c:\ucto2010\{GLOB}\SAZDZP.X00
c:\ucto2010\{GLOB}\SAZDZPM.004
c:\ucto2010\{GLOB}\SAZODP.009
c:\ucto2010\{GLOB}\SLOVNIK.006
c:\ucto2010\{GLOB}\ZALDZP.004
c:\ucto2010\{GLOB}\ZDRSOC.004
c:\ucto2010\{GLOB}\ZUJ.097
c:\ucto2010\{INFO}\ADRZPRAV.000
c:\ucto2010\{INFO}\ADRZPRAV.T00
c:\ucto2010\{INFO}\INFOAUTO.000
c:\ucto2010\{INFO}\INFOPROB.000
c:\ucto2010\{INFO}\INFOPROB.T00
c:\ucto2010\{INFO}\INFOTEMA.000
c:\ucto2010\{INFO}\KONFEREN.000
c:\ucto2010\{INFO}\KONFEREN.T00
c:\ucto2010\{INFO}\PGMKOD.000
c:\ucto2010\{INFO}\PROGRAMY.000
c:\ucto2010\{INFO}\PROGRAMY.T00
c:\ucto2010\{INFO}\SLUZKOD.000
c:\ucto2010\{NOVA}\ADRESY.000
c:\ucto2010\{NOVA}\ADRESY.T00
c:\ucto2010\{NOVA}\CISABS.004
c:\ucto2010\{NOVA}\CISDOKL.001
c:\ucto2010\{NOVA}\CISDRUH.001
c:\ucto2010\{NOVA}\CISPOH.001
c:\ucto2010\{NOVA}\CISPOZN.000
c:\ucto2010\{NOVA}\CISPOZN.T00
c:\ucto2010\{NOVA}\CIST.000
c:\ucto2010\{NOVA}\CISTXT.006
c:\ucto2010\{NOVA}\CISVYKON.001
c:\ucto2010\{NOVA}\KATEG.004
c:\ucto2010\{NOVA}\PARAM2.000
c:\ucto2010\{NOVA}\PARAM2.T00
c:\ucto2010\{NOVA}\PRACSML.004
c:\ucto2010\{NOVA}\PRACSML.T04
c:\ucto2010\{NOVA}\TRIDY.004
c:\ucto2010\{NOVA}\TYPDOKL.001
c:\ucto2010\{NOVA}\UKOLY.000
c:\ucto2010\{NOVA}\UKOLY.T00
c:\ucto2010\{NOVA}\UZAV.001
c:\ucto2010\{NOVA}\ZAOKFA.006
c:\ucto2010\{OBNV}.BAT
c:\ucto2010\{OBNV}\BANKYHB.008
c:\ucto2010\{OBNV}\KODPOJ.004
c:\ucto2010\{OBNV}\MODULY.000
c:\ucto2010\{OBNV}\NAHRNEM.004
c:\ucto2010\{OBNV}\NEZDAN.000
c:\ucto2010\{OBNV}\PLATIDLA.004
c:\ucto2010\{OBNV}\SAZDPH.000
c:\ucto2010\{OBNV}\SAZDZP.000
c:\ucto2010\{OBNV}\SAZDZPM.004
c:\ucto2010\{OBNV}\SAZODP.009
c:\ucto2010\{OBNV}\SLOVNIK.006
c:\ucto2010\{OBNV}\UCTO2010.CAT
c:\ucto2010\{OBNV}\UCTOOL.EX
c:\ucto2010\{OBNV}\UTISK04.EX
c:\ucto2010\{OBNV}\ZALDZP.004
c:\ucto2010\{OBNV}\ZDRSOC.004
c:\ucto2010\{PDF1}\DAVKYK2.PDF
c:\ucto2010\{PDF1}\DAVKYK3.PDF
c:\ucto2010\{PDF1}\DAVKYP2.PDF
c:\ucto2010\{PDF1}\DAVKYP3.PDF
c:\ucto2010\{PDF1}\DPH15.PDF
c:\ucto2010\{PDF1}\DPH15P.PDF
c:\ucto2010\{PDF1}\DPH16.PDF
c:\ucto2010\{PDF1}\DPH16P.PDF
c:\ucto2010\{PDF1}\DZP.PDF
c:\ucto2010\{PDF1}\DZP_1.PDF
c:\ucto2010\{PDF1}\DZP_2.PDF
c:\ucto2010\{PDF1}\DZP_3.PDF
c:\ucto2010\{PDF1}\DZP_7.PDF
c:\ucto2010\{PDF1}\DZPP.PDF
c:\ucto2010\{PDF1}\ELDP09B.PDF
c:\ucto2010\{PDF1}\ELDP09F.PDF
c:\ucto2010\{PDF1}\ELDP09K.PDF
c:\ucto2010\{PDF1}\ELDP09M.PDF
c:\ucto2010\{PDF1}\ELDP09P.PDF
c:\ucto2010\{PDF1}\ELDPF.PDF
c:\ucto2010\{PDF1}\ELDPK.PDF
c:\ucto2010\{PDF1}\ELDPM.PDF
c:\ucto2010\{PDF1}\ELDPP.PDF
c:\ucto2010\{PDF1}\HROMOZN.PDF
c:\ucto2010\{PDF1}\HROMOZNP.PDF
c:\ucto2010\{PDF1}\CHYBCAST.PDF
c:\ucto2010\{PDF1}\NEMOC.PDF
c:\ucto2010\{PDF1}\NEMOCP.PDF
c:\ucto2010\{PDF1}\ODCITPOL.PDF
c:\ucto2010\{PDF1}\ONZ.PDF
c:\ucto2010\{PDF1}\ONZK.PDF
c:\ucto2010\{PDF1}\ONZP.PDF
c:\ucto2010\{PDF1}\OSSZ.PDF
c:\ucto2010\{PDF1}\OSSZK.PDF
c:\ucto2010\{PDF1}\OSSZP.PDF
c:\ucto2010\{PDF1}\POCZAM.PDF
c:\ucto2010\{PDF1}\POJZAM.PDF
c:\ucto2010\{PDF1}\SILDAN.PDF
c:\ucto2010\{PDF1}\SILDANPO.PDF
c:\ucto2010\{PDF1}\SILDANPR.PDF
c:\ucto2010\{PDF1}\SOUHLAS.PDF
c:\ucto2010\{PDF1}\SOUHLASP.PDF
c:\ucto2010\{PDF1}\VYUCT.PDF
c:\ucto2010\{PDF1}\VYUCTP.PDF
c:\ucto2010\{PDF1}\VYUCTSRP.PDF
c:\ucto2010\{PDF1}\VYUCTSRZ.PDF
c:\ucto2010\{PDF1}\VZP.PDF
c:\ucto2010\{PDF1}\VZPP.PDF
c:\ucto2010\{PDF2}\DLBL.PDF
c:\ucto2010\{PDF2}\DLBL2.PDF
c:\ucto2010\{PDF2}\DLBW.PDF
c:\ucto2010\{PDF2}\DLBW2.PDF
c:\ucto2010\{PDF2}\DLGR.PDF
c:\ucto2010\{PDF2}\DLGR2.PDF
c:\ucto2010\{PDF2}\FABL.PDF
c:\ucto2010\{PDF2}\FABL2.PDF
c:\ucto2010\{PDF2}\FABW.PDF
c:\ucto2010\{PDF2}\FABW2.PDF
c:\ucto2010\{PDF2}\FAGR.PDF
c:\ucto2010\{PDF2}\FAGR2.PDF
c:\ucto2010\{PDF2}\OBBL.PDF
c:\ucto2010\{PDF2}\OBBL2.PDF
c:\ucto2010\{PDF2}\OBBW.PDF
c:\ucto2010\{PDF2}\OBBW2.PDF
c:\ucto2010\{PDF2}\OBGR.PDF
c:\ucto2010\{PDF2}\OBGR2.PDF
c:\ucto2010\{PDF3}\DAVKYK2X.DEF
c:\ucto2010\{PDF3}\DAVKYK2X.PDF
c:\ucto2010\{PDF3}\DAVKYK3X.DEF
c:\ucto2010\{PDF3}\DAVKYK3X.PDF
c:\ucto2010\{PDF3}\DPH15X.DEF
c:\ucto2010\{PDF3}\DPH15X.PDF
c:\ucto2010\{PDF3}\DPH16X.DEF
c:\ucto2010\{PDF3}\DPH16X.PDF
c:\ucto2010\{PDF3}\DZP_1X.DEF
c:\ucto2010\{PDF3}\DZP_1X.PDF
c:\ucto2010\{PDF3}\DZP_2X.DEF
c:\ucto2010\{PDF3}\DZP_2X.PDF
c:\ucto2010\{PDF3}\DZP_3X.DEF
c:\ucto2010\{PDF3}\DZP_3X.PDF
c:\ucto2010\{PDF3}\DZPX.DEF
c:\ucto2010\{PDF3}\DZPX.PDF
c:\ucto2010\{PDF3}\HROMOZNX.DEF
c:\ucto2010\{PDF3}\HROMOZNX.PDF
c:\ucto2010\{PDF3}\CHYBCASX.DEF
c:\ucto2010\{PDF3}\CHYBCASX.PDF
c:\ucto2010\{PDF3}\NEMOCX.DEF
c:\ucto2010\{PDF3}\NEMOCX.PDF
c:\ucto2010\{PDF3}\OSSZKX.DEF
c:\ucto2010\{PDF3}\OSSZKX.PDF
c:\ucto2010\{PDF3}\OSSZX.DEF
c:\ucto2010\{PDF3}\OSSZX.PDF
c:\ucto2010\{PDF3}\POCZAMX.DEF
c:\ucto2010\{PDF3}\POCZAMX.PDF
c:\ucto2010\{PDF3}\POJZAMX.DEF
c:\ucto2010\{PDF3}\POJZAMX.PDF
c:\ucto2010\{PDF3}\SILDANPX.DEF
c:\ucto2010\{PDF3}\SILDANPX.PDF
c:\ucto2010\{PDF3}\SILDANX.DEF
c:\ucto2010\{PDF3}\SILDANX.PDF
c:\ucto2010\{PDF3}\SOUHLASX.DEF
c:\ucto2010\{PDF3}\SOUHLASX.PDF
c:\ucto2010\{PDF3}\VYUCTSRX.DEF
c:\ucto2010\{PDF3}\VYUCTSRX.PDF
c:\ucto2010\{PDF3}\VYUCTX.DEF
c:\ucto2010\{PDF3}\VYUCTX.PDF
c:\ucto2010\{PDF3}\VZPX.DEF
c:\ucto2010\{PDF3}\VZPX.PDF
c:\ucto2010\{PRIK}\ABSENCE.004
c:\ucto2010\{PRIK}\ADRESY.000
c:\ucto2010\{PRIK}\ADRESY.T00
c:\ucto2010\{PRIK}\ADRESY.X00
c:\ucto2010\{PRIK}\ADRSPEC.000
c:\ucto2010\{PRIK}\ADRSPEC.T00
c:\ucto2010\{PRIK}\ARCHIVM.004
c:\ucto2010\{PRIK}\ARCHIVM.T04
c:\ucto2010\{PRIK}\AUTA.005
c:\ucto2010\{PRIK}\AUTA.T05
c:\ucto2010\{PRIK}\BANKA1.008
c:\ucto2010\{PRIK}\CE_AUTA.006
c:\ucto2010\{PRIK}\CE_AUTA.T06
c:\ucto2010\{PRIK}\CE_TRASY.006
c:\ucto2010\{PRIK}\CEST_FH.006
c:\ucto2010\{PRIK}\CEST_FH.T06
c:\ucto2010\{PRIK}\CEST_FP.006
c:\ucto2010\{PRIK}\CEST_FS.006
c:\ucto2010\{PRIK}\CEST_VH.006
c:\ucto2010\{PRIK}\CEST_VH.T06
c:\ucto2010\{PRIK}\CEST_VP.006
c:\ucto2010\{PRIK}\CEST_VS.006
c:\ucto2010\{PRIK}\CISABS.004
c:\ucto2010\{PRIK}\CISCEST.005
c:\ucto2010\{PRIK}\CISDOKL.001
c:\ucto2010\{PRIK}\CISDRUH.001
c:\ucto2010\{PRIK}\CISDRUH.X01
c:\ucto2010\{PRIK}\CISPOH.001
c:\ucto2010\{PRIK}\CISPOH.X01
c:\ucto2010\{PRIK}\CISPOL.006
c:\ucto2010\{PRIK}\CISPOZN.000
c:\ucto2010\{PRIK}\CISPOZN.T00
c:\ucto2010\{PRIK}\CIST.000
c:\ucto2010\{PRIK}\CISTEXT.001
c:\ucto2010\{PRIK}\CISTXT.006
c:\ucto2010\{PRIK}\CISUCEL.005
c:\ucto2010\{PRIK}\CISUKOL.004
c:\ucto2010\{PRIK}\CISVYKON.001
c:\ucto2010\{PRIK}\CISVYKON.X01
c:\ucto2010\{PRIK}\DAP15.003
c:\ucto2010\{PRIK}\DAP15.T03
c:\ucto2010\{PRIK}\DAP16.003
c:\ucto2010\{PRIK}\DAP16.T03
c:\ucto2010\{PRIK}\DENIK.001
c:\ucto2010\{PRIK}\DENIK.T01
c:\ucto2010\{PRIK}\DETI.004
c:\ucto2010\{PRIK}\DETI15.003
c:\ucto2010\{PRIK}\DETI16.003
c:\ucto2010\{PRIK}\DODL_AH.006
c:\ucto2010\{PRIK}\DODL_AH.T06
c:\ucto2010\{PRIK}\DODL_AP.006
c:\ucto2010\{PRIK}\DODL_AS.006
c:\ucto2010\{PRIK}\DODL_FH.006
c:\ucto2010\{PRIK}\DODL_FH.T06
c:\ucto2010\{PRIK}\DODL_FP.006
c:\ucto2010\{PRIK}\DODL_FS.006
c:\ucto2010\{PRIK}\DODL_VH.006
c:\ucto2010\{PRIK}\DODL_VH.T06
c:\ucto2010\{PRIK}\DODL_VP.006
c:\ucto2010\{PRIK}\DODL_VS.006
c:\ucto2010\{PRIK}\DOPISY.002
c:\ucto2010\{PRIK}\DOPISY.T02
c:\ucto2010\{PRIK}\DOPISYMM.002
c:\ucto2010\{PRIK}\DOPISYMM.T02
c:\ucto2010\{PRIK}\DOVROK.004
c:\ucto2010\{PRIK}\DROBMAJ.009
c:\ucto2010\{PRIK}\DROBMAJ.T09
c:\ucto2010\{PRIK}\EDIT.000
c:\ucto2010\{PRIK}\EDIT.X00
c:\ucto2010\{PRIK}\EDITPAR.000
c:\ucto2010\{PRIK}\EDITTAB.000
c:\ucto2010\{PRIK}\EDITTAB.T00
c:\ucto2010\{PRIK}\EDITTAB.X00
c:\ucto2010\{PRIK}\FAKT_AH.006
c:\ucto2010\{PRIK}\FAKT_AH.T06
c:\ucto2010\{PRIK}\FAKT_AP.006
c:\ucto2010\{PRIK}\FAKT_AS.006
c:\ucto2010\{PRIK}\FAKT_FH.006
c:\ucto2010\{PRIK}\FAKT_FH.T06
c:\ucto2010\{PRIK}\FAKT_FP.006
c:\ucto2010\{PRIK}\FAKT_FS.006
c:\ucto2010\{PRIK}\FAKT_VH.006
c:\ucto2010\{PRIK}\FAKT_VH.T06
c:\ucto2010\{PRIK}\FAKT_VP.006
c:\ucto2010\{PRIK}\FAKT_VS.006
c:\ucto2010\{PRIK}\FINANCE.001
c:\ucto2010\{PRIK}\FINANCE.T01
c:\ucto2010\{PRIK}\JIZDY.005
c:\ucto2010\{PRIK}\JIZDY.T05
c:\ucto2010\{PRIK}\KATEG.004
c:\ucto2010\{PRIK}\MAT_HP.007
c:\ucto2010\{PRIK}\MAT_PP.007
c:\ucto2010\{PRIK}\MATERIAL.001
c:\ucto2010\{PRIK}\MATERIAL.T01
c:\ucto2010\{PRIK}\MZDY.004
c:\ucto2010\{PRIK}\MZDY.T04
c:\ucto2010\{PRIK}\OBJE_FH.006
c:\ucto2010\{PRIK}\OBJE_FH.T06
c:\ucto2010\{PRIK}\OBJE_FP.006
c:\ucto2010\{PRIK}\OBJE_FS.006
c:\ucto2010\{PRIK}\OBJE_VH.006
c:\ucto2010\{PRIK}\OBJE_VH.T06
c:\ucto2010\{PRIK}\OBJE_VP.006
c:\ucto2010\{PRIK}\OBJE_VS.006
c:\ucto2010\{PRIK}\ODPISY.009
c:\ucto2010\{PRIK}\ODVODYM.004
c:\ucto2010\{PRIK}\OSSZ08.003
c:\ucto2010\{PRIK}\OST15.003
c:\ucto2010\{PRIK}\OST16.003
c:\ucto2010\{PRIK}\PAR01A2.001
c:\ucto2010\{PRIK}\PAR01A4.001
c:\ucto2010\{PRIK}\PARAM2.000
c:\ucto2010\{PRIK}\PARAM2.T00
c:\ucto2010\{PRIK}\PARAM4.000
c:\ucto2010\{PRIK}\PARAM4.T00
c:\ucto2010\{PRIK}\PARHB.008
c:\ucto2010\{PRIK}\PARZAS.001
c:\ucto2010\{PRIK}\PHM.005
c:\ucto2010\{PRIK}\PLATBY.001
c:\ucto2010\{PRIK}\PLATBY.T01
c:\ucto2010\{PRIK}\POHLZAV.001
c:\ucto2010\{PRIK}\POHLZAV.T01
c:\ucto2010\{PRIK}\POHYBM.001
c:\ucto2010\{PRIK}\POHYBV.001
c:\ucto2010\{PRIK}\POHYBZ.001
c:\ucto2010\{PRIK}\POJIST.004
c:\ucto2010\{PRIK}\POSTA.002
c:\ucto2010\{PRIK}\POSTA.T02
c:\ucto2010\{PRIK}\PRACOV.004
c:\ucto2010\{PRIK}\PRACOV.T04
c:\ucto2010\{PRIK}\PRACSML.004
c:\ucto2010\{PRIK}\PRACSML.T04
c:\ucto2010\{PRIK}\PRAVJIZD.005
c:\ucto2010\{PRIK}\PRAVJIZD.T05
c:\ucto2010\{PRIK}\PRIKH.008
c:\ucto2010\{PRIK}\PRIKP.008
c:\ucto2010\{PRIK}\SCIT_H.099
c:\ucto2010\{PRIK}\SCIT_H.T99
c:\ucto2010\{PRIK}\SCIT_P.099
c:\ucto2010\{PRIK}\SHIFTF3.000
c:\ucto2010\{PRIK}\SIL.005
c:\ucto2010\{PRIK}\SIL.T05
c:\ucto2010\{PRIK}\SILDAN.005
c:\ucto2010\{PRIK}\SILVOZ.005
c:\ucto2010\{PRIK}\SRAZKY.004
c:\ucto2010\{PRIK}\SRAZKY.T04
c:\ucto2010\{PRIK}\STATY.000
c:\ucto2010\{PRIK}\STRAV.004
c:\ucto2010\{PRIK}\TECHZHOD.009
c:\ucto2010\{PRIK}\TEXTY.002
c:\ucto2010\{PRIK}\TEXTY.T02
c:\ucto2010\{PRIK}\TRIDY.004
c:\ucto2010\{PRIK}\TYPDOKL.001
c:\ucto2010\{PRIK}\UCTY.000
c:\ucto2010\{PRIK}\UKOL.004
c:\ucto2010\{PRIK}\UKOLY.000
c:\ucto2010\{PRIK}\UKOLY.T00
c:\ucto2010\{PRIK}\UPR15.003
c:\ucto2010\{PRIK}\UPR16.003
c:\ucto2010\{PRIK}\UZAV.001
c:\ucto2010\{PRIK}\VYKMAZA.UUU
c:\ucto2010\{PRIK}\VYR_HP.007
c:\ucto2010\{PRIK}\VYR_HV.007
c:\ucto2010\{PRIK}\VYR_PP.007
c:\ucto2010\{PRIK}\VYR_PV.007
c:\ucto2010\{PRIK}\VYRIZUJE.002
c:\ucto2010\{PRIK}\VYROBA.001
c:\ucto2010\{PRIK}\VYROBKY.001
c:\ucto2010\{PRIK}\VYROBKY.T01
c:\ucto2010\{PRIK}\VYUCSRAZ.097
c:\ucto2010\{PRIK}\VYUCZAL.097
c:\ucto2010\{PRIK}\VZP08.003
c:\ucto2010\{PRIK}\ZAL_H.099
c:\ucto2010\{PRIK}\ZAL_H.T99
c:\ucto2010\{PRIK}\ZAOKFA.006
c:\ucto2010\{PRIK}\ZBO_HP.007
c:\ucto2010\{PRIK}\ZBO_HV.007
c:\ucto2010\{PRIK}\ZBO_PP.007
c:\ucto2010\{PRIK}\ZBO_PV.007
c:\ucto2010\{PRIK}\ZBOZI.001
c:\ucto2010\{PRIK}\ZBOZI.T01
c:\ucto2010\{PRIK}\ZP.009
c:\ucto2010\{PRIK}\ZP.T09
c:\ucto2010\{SEST}\SEST00.TXT
c:\ucto2010\{SEST}\SEST01.TXT
c:\ucto2010\{SEST}\SEST02.TXT
c:\ucto2010\{SEST}\SEST03.TXT
c:\ucto2010\{SEST}\SEST04.TXT
c:\ucto2010\{SEST}\SEST05.TXT
c:\ucto2010\{SEST}\SEST06.PDF
c:\ucto2010\{SEST}\SEST06.TXT
c:\ucto2010\{SEST}\SEST07.PDF
c:\ucto2010\{SEST}\SEST07.TXT
c:\ucto2010\{SEST}\SEST08.PDF
c:\ucto2010\{SEST}\SEST08.TXT
c:\ucto2010\{SLOZ}\BALIK_O.HTM
c:\ucto2010\{SLOZ}\BALIK_O.JS
c:\ucto2010\{SLOZ}\BALIK_P.HTM
c:\ucto2010\{SLOZ}\BALIK_P.JS
c:\ucto2010\{SLOZ}\SLOZ_A.HTM
c:\ucto2010\{SLOZ}\SLOZ_A.JS
c:\ucto2010\{SLOZ}\SLOZ_C.HTM
c:\ucto2010\{SLOZ}\SLOZ_C.JS
c:\ucto2010\{STAN}\DANZAT.004
c:\ucto2010\{STAN}\KALEXEK.099
c:\ucto2010\{STAN}\KASA.099
c:\ucto2010\{STAN}\LEAS.099
c:\ucto2010\{STAN}\LEAS.T99
c:\ucto2010\{STAN}\PAR01A3.001
c:\ucto2010\{STAN}\PAR03A3.003
c:\ucto2010\{STAN}\PAR03A3.T03
c:\ucto2010\{STAN}\PARAM3.000
c:\ucto2010\{STAN}\PARAM3.T00
c:\ucto2010\{STAN}\PATHS.000
c:\ucto2010\{STAN}\PGM.000
c:\ucto2010\{STAN}\SCITAC.099
c:\ucto2010\{STAN}\STAT.000
c:\ucto2010\{STAN}\TELSEZN.099
c:\ucto2010\{STAN}\VEDKALK.099
c:\ucto2010\{TISK}\CALLER.EXE
c:\ucto2010\{TISK}\CMDIALOG.VBX
c:\ucto2010\{TISK}\DISKSIZW.EXE
c:\ucto2010\{TISK}\DISKY.EXE
c:\ucto2010\{TISK}\ELPODPIS.EXE
c:\ucto2010\{TISK}\FAND2PDF.EXE
c:\ucto2010\{TISK}\FANDCLIP.EXE
c:\ucto2010\{TISK}\IEUCTO.EXE
c:\ucto2010\{TISK}\MSINET.OCX
c:\ucto2010\{TISK}\MSMAPI32.OCX
c:\ucto2010\{TISK}\MSVBVM60.DLL
c:\ucto2010\{TISK}\PDFTISK1.EXE
c:\ucto2010\{TISK}\PDFTISK2.EXE
c:\ucto2010\{TISK}\PDFTISK3.EXE
c:\ucto2010\{TISK}\REGISTER.EXE
c:\ucto2010\{TISK}\SETUPCP.EXE
c:\ucto2010\{TISK}\SIFRCSSZ.CER
c:\ucto2010\{TISK}\UCTOFONT.FON
c:\ucto2010\{TISK}\UCTOFT98.EXE
c:\ucto2010\{TISK}\UCTOFTP.EXE
c:\ucto2010\{TISK}\UCTOGRAF.EXE
c:\ucto2010\{TISK}\UCTOGRAF.INI
c:\ucto2010\{TISK}\UCTOLNK.EXE
c:\ucto2010\{TISK}\UCTOLNK.UUU
c:\ucto2010\{TISK}\UCTOLNK.W7
c:\ucto2010\{TISK}\UCTOLNK.WV
c:\ucto2010\{TISK}\UCTOLNK.WXP
c:\ucto2010\{TISK}\UCTOOL.EXE
c:\ucto2010\{TISK}\UEMAIL.EXE
c:\ucto2010\{TISK}\UEMAIL06.EXE
c:\ucto2010\{TISK}\UTISK01.EXE
c:\ucto2010\{TISK}\UTISK04.EXE
c:\ucto2010\{TISK}\UTISK98.EXE
c:\ucto2010\{TISK}\UTISK98.INI
c:\ucto2010\{TISK}\VBRUN300.DLL
c:\ucto2010\{TISK}\WINVERZE.EXE
c:\ucto2010\{UDOC}\CENIK.TXT
c:\ucto2010\{UDOC}\D2008.PDF
c:\ucto2010\{UDOC}\FAKTURA.TXT
c:\ucto2010\{UDOC}\INFO.TXT
c:\ucto2010\{UDOC}\LICENCE.TXT
c:\ucto2010\{UDOC}\OBJ.TXT
c:\ucto2010\{UDOC}\OBJZPR.TXT
c:\ucto2010\{UDOC}\ONAS.TXT
c:\ucto2010\{UDOC}\POUPG.TXT
c:\ucto2010\{UDOC}\PRIRUCKA.TXT
c:\ucto2010\{UDOC}\PRPRDOK.TXT
c:\ucto2010\{UDOC}\R2010.PDF
c:\ucto2010\{UDOC}\U2010.PDF
c:\ucto2010\{UDOC}\ZPROSTRE.TXT
c:\ucto2010\{WWWW}\VERZEWWW.UUU
c:\ucto2010\ÚČTO2010.W9X
c:\ucto2010\B&W.PAL
c:\ucto2010\BLUE.PAL
c:\ucto2010\BROWN.PAL
c:\ucto2010\CAT.BAT
c:\ucto2010\CISABS.UUU
c:\ucto2010\CISDRUH.UUU
c:\ucto2010\CISPOH.UUU
c:\ucto2010\CISSLOUP.000
c:\ucto2010\CONFIG.TXT
c:\ucto2010\DELFILE.EXE
c:\ucto2010\DISKSIZE.EXE
c:\ucto2010\DNY.000
c:\ucto2010\FAND.CFG
c:\ucto2010\FAND.RES
c:\ucto2010\FANDCFG.09
c:\ucto2010\FANDCFG.10
c:\ucto2010\FANDHTML.EXE
c:\ucto2010\FANDINST.EXE
c:\ucto2010\FANDT602.EXE
c:\ucto2010\FILESIZE.EXE
c:\ucto2010\FNDFILES.EXE
c:\ucto2010\GONOSOVA\ADRESY.000
c:\ucto2010\GONOSOVA\ADRESY.T00
c:\ucto2010\GONOSOVA\ADRESY.X00
c:\ucto2010\GONOSOVA\CISABS.004
c:\ucto2010\GONOSOVA\CISDOKL.001
c:\ucto2010\GONOSOVA\CISDRUH.001
c:\ucto2010\GONOSOVA\CISDRUH.X01
c:\ucto2010\GONOSOVA\CISPOH.001
c:\ucto2010\GONOSOVA\CISPOH.X01
c:\ucto2010\GONOSOVA\CISPOZN.000
c:\ucto2010\GONOSOVA\CISPOZN.T00
c:\ucto2010\GONOSOVA\CIST.000
c:\ucto2010\GONOSOVA\CISTXT.006
c:\ucto2010\GONOSOVA\CISVYKON.001
c:\ucto2010\GONOSOVA\CISVYKON.X01
c:\ucto2010\GONOSOVA\DAP16.003
c:\ucto2010\GONOSOVA\DAP16.T03
c:\ucto2010\GONOSOVA\DAP16.X03
c:\ucto2010\GONOSOVA\EDIT.000
c:\ucto2010\GONOSOVA\EDIT.X00
c:\ucto2010\GONOSOVA\EDITPAR.000
c:\ucto2010\GONOSOVA\EDITPAR.X00
c:\ucto2010\GONOSOVA\FINANCE.001
c:\ucto2010\GONOSOVA\FINANCE.T01
c:\ucto2010\GONOSOVA\KATEG.004
c:\ucto2010\GONOSOVA\PAR01A2.001
c:\ucto2010\GONOSOVA\PAR01A4.001
c:\ucto2010\GONOSOVA\PAR03A4.003
c:\ucto2010\GONOSOVA\PARAM2.000
c:\ucto2010\GONOSOVA\PARAM2.T00
c:\ucto2010\GONOSOVA\PARAM4.000
c:\ucto2010\GONOSOVA\PARAM4.T00
c:\ucto2010\GONOSOVA\PARZAS.001
c:\ucto2010\GONOSOVA\PRACSML.004
c:\ucto2010\GONOSOVA\PRACSML.T04
c:\ucto2010\GONOSOVA\TRIDY.004
c:\ucto2010\GONOSOVA\TYPDOKL.001
c:\ucto2010\GONOSOVA\UKOLY.000
c:\ucto2010\GONOSOVA\UKOLY.T00
c:\ucto2010\GONOSOVA\UZAV.001
c:\ucto2010\GONOSOVA\ZAOKFA.006
c:\ucto2010\HEAD602.UUU
c:\ucto2010\HELP.000
c:\ucto2010\HELP.T00
c:\ucto2010\HELP02.000
c:\ucto2010\HELP02.T00
c:\ucto2010\HELP03.000
c:\ucto2010\HELP03.T00
c:\ucto2010\HELP04.000
c:\ucto2010\HELP04.T00
c:\ucto2010\HELP05.000
c:\ucto2010\HELP05.T00
c:\ucto2010\HELP06.000
c:\ucto2010\HELP06.T00
c:\ucto2010\HELP08.000
c:\ucto2010\HELP08.T00
c:\ucto2010\HELP98.000
c:\ucto2010\HELP98.T00
c:\ucto2010\HELP99.000
c:\ucto2010\HELP99.T00
c:\ucto2010\IMPORT.PRO
c:\ucto2010\IMPORT.TRO
c:\ucto2010\INFOHLP.000
c:\ucto2010\INFOHLP.T00
c:\ucto2010\ISSHARE.EXE
c:\ucto2010\KALENDAR.000
c:\ucto2010\KALKDPH.000
c:\ucto2010\KALKPOJP.000
c:\ucto2010\KALKPOJZ.000
c:\ucto2010\KALKPRUM.000
c:\ucto2010\KALKPV08.000
c:\ucto2010\KALKTABD.000
c:\ucto2010\KATEG.UUU
c:\ucto2010\KOCIOLEK\ADRESY.000
c:\ucto2010\KOCIOLEK\ADRESY.T00
c:\ucto2010\KOCIOLEK\ADRESY.X00
c:\ucto2010\KOCIOLEK\CISABS.004
c:\ucto2010\KOCIOLEK\CISDOKL.001
c:\ucto2010\KOCIOLEK\CISDRUH.001
c:\ucto2010\KOCIOLEK\CISDRUH.X01
c:\ucto2010\KOCIOLEK\CISPOH.001
c:\ucto2010\KOCIOLEK\CISPOH.X01
c:\ucto2010\KOCIOLEK\CISPOZN.000
c:\ucto2010\KOCIOLEK\CISPOZN.T00
c:\ucto2010\KOCIOLEK\CIST.000
c:\ucto2010\KOCIOLEK\CISTXT.006
c:\ucto2010\KOCIOLEK\CISVYKON.001
c:\ucto2010\KOCIOLEK\CISVYKON.X01
c:\ucto2010\KOCIOLEK\DAP16.003
c:\ucto2010\KOCIOLEK\DAP16.T03
c:\ucto2010\KOCIOLEK\DAP16.X03
c:\ucto2010\KOCIOLEK\EDITPAR.000
c:\ucto2010\KOCIOLEK\EDITPAR.X00
c:\ucto2010\KOCIOLEK\FINANCE.001
c:\ucto2010\KOCIOLEK\FINANCE.T01
c:\ucto2010\KOCIOLEK\KATEG.004
c:\ucto2010\KOCIOLEK\PAR01A2.001
c:\ucto2010\KOCIOLEK\PAR01A4.001
c:\ucto2010\KOCIOLEK\PAR03A4.003
c:\ucto2010\KOCIOLEK\PARAM2.000
c:\ucto2010\KOCIOLEK\PARAM2.T00
c:\ucto2010\KOCIOLEK\PARAM4.000
c:\ucto2010\KOCIOLEK\PARAM4.T00
c:\ucto2010\KOCIOLEK\PARZAS.001
c:\ucto2010\KOCIOLEK\PRACSML.004
c:\ucto2010\KOCIOLEK\PRACSML.T04
c:\ucto2010\KOCIOLEK\TRIDY.004
c:\ucto2010\KOCIOLEK\TYPDOKL.001
c:\ucto2010\KOCIOLEK\UKOLY.000
c:\ucto2010\KOCIOLEK\UKOLY.T00
c:\ucto2010\KOCIOLEK\UZAV.001
c:\ucto2010\KOCIOLEK\ZAOKFA.006
c:\ucto2010\LASTAKT.TXT
c:\ucto2010\LCD1.PAL
c:\ucto2010\LCD2.PAL
c:\ucto2010\MAKEDIR.BAT
c:\ucto2010\MF5460-1.UUU
c:\ucto2010\MODUL01.PRO
c:\ucto2010\MODUL01.TRO
c:\ucto2010\MODUL02.PRO
c:\ucto2010\MODUL02.TRO
c:\ucto2010\MODUL03.PRO
c:\ucto2010\MODUL03.TRO
c:\ucto2010\MODUL04.PRO
c:\ucto2010\MODUL04.TRO
c:\ucto2010\MODUL05.PRO
c:\ucto2010\MODUL05.TRO
c:\ucto2010\MODUL06.PRO
c:\ucto2010\MODUL06.TRO
c:\ucto2010\MODUL07.PRO
c:\ucto2010\MODUL07.TRO
c:\ucto2010\MODUL08.PRO
c:\ucto2010\MODUL08.TRO
c:\ucto2010\MODUL09.PRO
c:\ucto2010\MODUL09.TRO
c:\ucto2010\MODUL97.PRO
c:\ucto2010\MODUL97.TRO
c:\ucto2010\MODUL98.PRO
c:\ucto2010\MODUL98.TRO
c:\ucto2010\MODUL99.PRO
c:\ucto2010\MODUL99.TRO
c:\ucto2010\MZDYPU.000
c:\ucto2010\NUMKB.EXE
c:\ucto2010\NUMKB3.EXE
c:\ucto2010\OPRAVY.UUU
c:\ucto2010\PGM.CAT
c:\ucto2010\PGM.RDB
c:\ucto2010\PGM.TTT
c:\ucto2010\PRINTER.TXT
c:\ucto2010\RADKY.TXT
c:\ucto2010\RENFILES.BAT
c:\ucto2010\RO.EXE
c:\ucto2010\SEARCHX.EXE
c:\ucto2010\SEST01.PRO
c:\ucto2010\SEST01.TRO
c:\ucto2010\SEST02.PRO
c:\ucto2010\SEST02.TRO
c:\ucto2010\SEST03.PRO
c:\ucto2010\SEST03.TRO
c:\ucto2010\SEST04.PRO
c:\ucto2010\SEST04.TRO
c:\ucto2010\SEST05.PRO
c:\ucto2010\SEST05.TRO
c:\ucto2010\SEST06.PRO
c:\ucto2010\SEST06.TRO
c:\ucto2010\SEST07.PRO
c:\ucto2010\SEST07.TRO
c:\ucto2010\SEST08.PRO
c:\ucto2010\SEST08.TRO
c:\ucto2010\SEST09.PRO
c:\ucto2010\SEST09.TRO
c:\ucto2010\SESTAVY.CAT
c:\ucto2010\SESTAVY.RDB
c:\ucto2010\SESTAVY.TTT
c:\ucto2010\SETDATE.EXE
c:\ucto2010\SETFILES.EXE
c:\ucto2010\SEZNTISK.000
c:\ucto2010\SEZNTISK.T00
c:\ucto2010\SLOVY.000
c:\ucto2010\SPEC01.PRO
c:\ucto2010\SPEC01.TRO
c:\ucto2010\SPEC02.PRO
c:\ucto2010\SPEC02.TRO
c:\ucto2010\SPEC03.PRO
c:\ucto2010\SPEC03.TRO
c:\ucto2010\SPEC04.PRO
c:\ucto2010\SPEC04.TRO
c:\ucto2010\SPEC05.PRO
c:\ucto2010\SPEC05.TRO
c:\ucto2010\SPEC06.PRO
c:\ucto2010\SPEC06.TRO
c:\ucto2010\SPEC07.PRO
c:\ucto2010\SPEC07.TRO
c:\ucto2010\SUBDIR.EXE
c:\ucto2010\SUDLICH.EXE
c:\ucto2010\SUHAJ\ADRESY.000
c:\ucto2010\SUHAJ\ADRESY.T00
c:\ucto2010\SUHAJ\ADRESY.X00
c:\ucto2010\SUHAJ\CISABS.004
c:\ucto2010\SUHAJ\CISDOKL.001
c:\ucto2010\SUHAJ\CISDRUH.001
c:\ucto2010\SUHAJ\CISDRUH.X01
c:\ucto2010\SUHAJ\CISPOH.001
c:\ucto2010\SUHAJ\CISPOH.X01
c:\ucto2010\SUHAJ\CISPOZN.000
c:\ucto2010\SUHAJ\CISPOZN.T00
c:\ucto2010\SUHAJ\CIST.000
c:\ucto2010\SUHAJ\CISTXT.006
c:\ucto2010\SUHAJ\CISVYKON.001
c:\ucto2010\SUHAJ\CISVYKON.X01
c:\ucto2010\SUHAJ\DAP16.003
c:\ucto2010\SUHAJ\DAP16.T03
c:\ucto2010\SUHAJ\DAP16.X03
c:\ucto2010\SUHAJ\EDIT.000
c:\ucto2010\SUHAJ\EDIT.X00
c:\ucto2010\SUHAJ\EDITPAR.000
c:\ucto2010\SUHAJ\EDITPAR.X00
c:\ucto2010\SUHAJ\FINANCE.001
c:\ucto2010\SUHAJ\FINANCE.T01
c:\ucto2010\SUHAJ\KATEG.004
c:\ucto2010\SUHAJ\OSSZ09.003
c:\ucto2010\SUHAJ\PAR01A2.001
c:\ucto2010\SUHAJ\PAR01A4.001
c:\ucto2010\SUHAJ\PAR03A4.003
c:\ucto2010\SUHAJ\PARAM2.000
c:\ucto2010\SUHAJ\PARAM2.T00
c:\ucto2010\SUHAJ\PARAM4.000
c:\ucto2010\SUHAJ\PARAM4.T00
c:\ucto2010\SUHAJ\PARZAS.001
c:\ucto2010\SUHAJ\PRACSML.004
c:\ucto2010\SUHAJ\PRACSML.T04
c:\ucto2010\SUHAJ\TRIDY.004
c:\ucto2010\SUHAJ\TYPDOKL.001
c:\ucto2010\SUHAJ\UKOLY.000
c:\ucto2010\SUHAJ\UKOLY.T00
c:\ucto2010\SUHAJ\UZAV.001
c:\ucto2010\SUHAJ\VZP09.003
c:\ucto2010\SUHAJ\ZAOKFA.006
c:\ucto2010\TIPY.000
c:\ucto2010\TIPY.T00
c:\ucto2010\TIPY.X00
c:\ucto2010\TTT.CAT
c:\ucto2010\TTT.RDB
c:\ucto2010\TTT.TTT
c:\ucto2010\TTTNEW.UUU
c:\ucto2010\TXTNARTF.EXE
c:\ucto2010\U.BAT
c:\ucto2010\UCTO.000
c:\ucto2010\UCTO.PAL
c:\ucto2010\UCTO2010.CAT
c:\ucto2010\UCTO2010.ICO
c:\ucto2010\UCTO2010.RDB
c:\ucto2010\UCTO2010.TTT
c:\ucto2010\UCTOINFO.PRO
c:\ucto2010\UCTOINFO.TRO
c:\ucto2010\UCTOL.000
c:\ucto2010\UCTOTXT.UUU
c:\ucto2010\UFAND.EXE
c:\ucto2010\UFAND.OVR
c:\ucto2010\UFANDHLP.000
c:\ucto2010\UFANDHLP.T00
c:\ucto2010\UK.BAT
c:\ucto2010\UPG.PRO
c:\ucto2010\UPG.TRO
c:\ucto2010\UPG01.PRO
c:\ucto2010\UPG01.TRO
c:\ucto2010\UPG02.PRO
c:\ucto2010\UPG02.TRO
c:\ucto2010\UPG03.PRO
c:\ucto2010\UPG03.TRO
c:\ucto2010\UPG04.PRO
c:\ucto2010\UPG04.TRO
c:\ucto2010\UPG05.PRO
c:\ucto2010\UPG05.TRO
c:\ucto2010\UPG06.PRO
c:\ucto2010\UPG06.TRO
c:\ucto2010\UPG07.PRO
c:\ucto2010\UPG07.TRO
c:\ucto2010\UPG08.PRO
c:\ucto2010\UPG08.TRO
c:\ucto2010\UPG09.PRO
c:\ucto2010\UPG09.TRO
c:\ucto2010\UPG97.PRO
c:\ucto2010\UPG97.TRO
c:\ucto2010\UPG99.PRO
c:\ucto2010\UPG99.TRO
c:\ucto2010\UPGPAR.000
c:\ucto2010\VEDLCIN.UUU
c:\ucto2010\VERZE.UUU
c:\ucto2010\VYBERTXT.EXE
c:\ucto2010\VZORTISK.000
c:\ucto2010\ZASTUPCE.CAT
c:\ucto2010\ZASTUPCE.INI
c:\ucto2010\ZASTUPCE.RDB
c:\ucto2010\ZASTUPCE.TTT
c:\ucto2010\ZETROZET.PAL
c:\ucto2010\ZZZ.BAT
c:\windows\system\DOTMTR_0.FON
c:\windows\system\MPALTINO.FON
c:\windows\system32\3693720789.dat
c:\windows\system32\drivers\7bf0d42f.sys
c:\windows\system32\drivers\be3a3504.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_7bf0d42f
-------\Service_be3a3504
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-24 do 2010-05-24 )))))))))))))))))))))))))))))))
.
2010-05-15 18:02 . 2010-05-15 18:02 114688 ----a-w- c:\windows\system32\nms32.dll
2010-05-15 18:02 . 2010-05-15 18:02 180224 ----a-w- c:\windows\system32\imon.dll
2010-05-15 18:02 . 2010-05-15 18:02 298576 ----a-w- c:\windows\system32\drivers\amon.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 09:36 . 2009-08-11 06:41 -------- d-----w- c:\program files\trend micro
2010-05-22 12:10 . 2006-07-26 12:54 -------- d-----w- c:\program files\ESET
2010-04-03 07:02 . 2002-09-23 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2010-04-03 07:02 . 2002-09-23 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2010-03-15 20:10 . 2009-04-02 19:24 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-06 17:44 . 2010-03-06 17:44 8158488 ----a-w- C:\Firefox Setup 3.6.exe
2010-03-02 16:55 . 2010-03-02 16:55 5327 -c--a-w- c:\windows\unins000.dat
2010-03-02 16:55 . 2010-03-02 16:55 1188443 ----a-w- c:\windows\unins000.exe
2006-12-13 03:12 . 2009-01-27 07:52 66648 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-12-13 03:12 . 2009-01-27 07:52 54352 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-13 03:12 . 2009-01-27 07:52 34928 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-12-13 03:12 . 2009-01-27 07:52 46696 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-12-13 03:12 . 2009-01-27 07:52 172120 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-01-23 18:32 . 2008-10-19 16:53 88 --sh--r- c:\windows\system32\7631F4AED4.sys
2009-01-23 18:32 . 2008-10-19 16:47 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-30 1945600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-06-28 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824]
"EasyTuneV"="c:\program files\Gigabyte\ET5\GUI.exe" [2004-06-14 200704]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-15 524632]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-26 167936]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-05-15 778240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-6-29 32768]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2.4.2009 21:10 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.6.2007 12:25 682232]
R1 neofltr_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\drivers\NEOFLTR_650_14951.SYS [3.2.2010 14:48 85288]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [15.8.2009 20:34 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [22.7.2003 9:44 18848]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [15.11.2007 22:30 34064]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [15.8.2009 20:34 65576]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 21:06 1029456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Obsah adresáře 'Naplánované úlohy'
2010-05-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:10]
2009-08-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-23 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.seznam.cz/
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: imon.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\Jirkaj\Data aplikací\Mozilla\Firefox\Profiles\xdqk23y1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-24 14:55
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867BD1E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7640fc3
\Driver\ACPI -> ACPI.sys @ 0xf73b3cb8
\Driver\atapi -> 0x867511e8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf723aba0
PacketIndicateHandler -> NDIS.sys @ 0xf7247b21
SendHandler -> NDIS.sys @ 0xf722587b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1300)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(2312)
c:\windows\system32\msi.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Celkový čas: 2010-05-24 15:01:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-24 13:01
Před spuštěním: 901 816 320
Po spuštění: 918 261 760
- - End Of File - - FE62FBF0EBA9CFCA84F24DE95C89AE2C
ComboFix 10-05-23.07 - Jirkaj 24.05.2010 14:17:16.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.595 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jirkaj\Plocha\programy na viry\ComboFix.exe
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dokumenty\Settings
c:\documents and settings\All Users\Dokumenty\Settings\desktop.ini
C:\fakturka
c:\fakturka\Asw.inf
c:\fakturka\ASWData.mdb
c:\fakturka\ASWData.zal
c:\fakturka\AswLink.ocx
c:\fakturka\Fakturka.cnt
c:\fakturka\Fakturka.exe
c:\fakturka\FAKTURKA.HLP
c:\fakturka\ST6UNST.LOG
C:\UCTO2010
c:\ucto2010\{GLOB}\ADRWEB.000
c:\ucto2010\{GLOB}\BANKY.000
c:\ucto2010\{GLOB}\BANKYHB.008
c:\ucto2010\{GLOB}\CISOKR.097
c:\ucto2010\{GLOB}\DATA.000
c:\ucto2010\{GLOB}\DATA.X00
c:\ucto2010\{GLOB}\EXPDEKLA.099
c:\ucto2010\{GLOB}\EXPDEKLA.T99
c:\ucto2010\{GLOB}\FAQ.000
c:\ucto2010\{GLOB}\FIRMY.000
c:\ucto2010\{GLOB}\FORMS.099
c:\ucto2010\{GLOB}\FORMS.T99
c:\ucto2010\{GLOB}\KODPOJ.004
c:\ucto2010\{GLOB}\MODULY.000
c:\ucto2010\{GLOB}\NAHRNEM.004
c:\ucto2010\{GLOB}\NEZDAN.000
c:\ucto2010\{GLOB}\NEZDAN.X00
c:\ucto2010\{GLOB}\OKRESY.000
c:\ucto2010\{GLOB}\PARAM1.000
c:\ucto2010\{GLOB}\PLATIDLA.004
c:\ucto2010\{GLOB}\POSTY.000
c:\ucto2010\{GLOB}\REPORT.099
c:\ucto2010\{GLOB}\REPORT.T99
c:\ucto2010\{GLOB}\SAZDPH.000
c:\ucto2010\{GLOB}\SAZDPH.X00
c:\ucto2010\{GLOB}\SAZDZP.000
c:\ucto2010\{GLOB}\SAZDZP.X00
c:\ucto2010\{GLOB}\SAZDZPM.004
c:\ucto2010\{GLOB}\SAZODP.009
c:\ucto2010\{GLOB}\SLOVNIK.006
c:\ucto2010\{GLOB}\ZALDZP.004
c:\ucto2010\{GLOB}\ZDRSOC.004
c:\ucto2010\{GLOB}\ZUJ.097
c:\ucto2010\{INFO}\ADRZPRAV.000
c:\ucto2010\{INFO}\ADRZPRAV.T00
c:\ucto2010\{INFO}\INFOAUTO.000
c:\ucto2010\{INFO}\INFOPROB.000
c:\ucto2010\{INFO}\INFOPROB.T00
c:\ucto2010\{INFO}\INFOTEMA.000
c:\ucto2010\{INFO}\KONFEREN.000
c:\ucto2010\{INFO}\KONFEREN.T00
c:\ucto2010\{INFO}\PGMKOD.000
c:\ucto2010\{INFO}\PROGRAMY.000
c:\ucto2010\{INFO}\PROGRAMY.T00
c:\ucto2010\{INFO}\SLUZKOD.000
c:\ucto2010\{NOVA}\ADRESY.000
c:\ucto2010\{NOVA}\ADRESY.T00
c:\ucto2010\{NOVA}\CISABS.004
c:\ucto2010\{NOVA}\CISDOKL.001
c:\ucto2010\{NOVA}\CISDRUH.001
c:\ucto2010\{NOVA}\CISPOH.001
c:\ucto2010\{NOVA}\CISPOZN.000
c:\ucto2010\{NOVA}\CISPOZN.T00
c:\ucto2010\{NOVA}\CIST.000
c:\ucto2010\{NOVA}\CISTXT.006
c:\ucto2010\{NOVA}\CISVYKON.001
c:\ucto2010\{NOVA}\KATEG.004
c:\ucto2010\{NOVA}\PARAM2.000
c:\ucto2010\{NOVA}\PARAM2.T00
c:\ucto2010\{NOVA}\PRACSML.004
c:\ucto2010\{NOVA}\PRACSML.T04
c:\ucto2010\{NOVA}\TRIDY.004
c:\ucto2010\{NOVA}\TYPDOKL.001
c:\ucto2010\{NOVA}\UKOLY.000
c:\ucto2010\{NOVA}\UKOLY.T00
c:\ucto2010\{NOVA}\UZAV.001
c:\ucto2010\{NOVA}\ZAOKFA.006
c:\ucto2010\{OBNV}.BAT
c:\ucto2010\{OBNV}\BANKYHB.008
c:\ucto2010\{OBNV}\KODPOJ.004
c:\ucto2010\{OBNV}\MODULY.000
c:\ucto2010\{OBNV}\NAHRNEM.004
c:\ucto2010\{OBNV}\NEZDAN.000
c:\ucto2010\{OBNV}\PLATIDLA.004
c:\ucto2010\{OBNV}\SAZDPH.000
c:\ucto2010\{OBNV}\SAZDZP.000
c:\ucto2010\{OBNV}\SAZDZPM.004
c:\ucto2010\{OBNV}\SAZODP.009
c:\ucto2010\{OBNV}\SLOVNIK.006
c:\ucto2010\{OBNV}\UCTO2010.CAT
c:\ucto2010\{OBNV}\UCTOOL.EX
c:\ucto2010\{OBNV}\UTISK04.EX
c:\ucto2010\{OBNV}\ZALDZP.004
c:\ucto2010\{OBNV}\ZDRSOC.004
c:\ucto2010\{PDF1}\DAVKYK2.PDF
c:\ucto2010\{PDF1}\DAVKYK3.PDF
c:\ucto2010\{PDF1}\DAVKYP2.PDF
c:\ucto2010\{PDF1}\DAVKYP3.PDF
c:\ucto2010\{PDF1}\DPH15.PDF
c:\ucto2010\{PDF1}\DPH15P.PDF
c:\ucto2010\{PDF1}\DPH16.PDF
c:\ucto2010\{PDF1}\DPH16P.PDF
c:\ucto2010\{PDF1}\DZP.PDF
c:\ucto2010\{PDF1}\DZP_1.PDF
c:\ucto2010\{PDF1}\DZP_2.PDF
c:\ucto2010\{PDF1}\DZP_3.PDF
c:\ucto2010\{PDF1}\DZP_7.PDF
c:\ucto2010\{PDF1}\DZPP.PDF
c:\ucto2010\{PDF1}\ELDP09B.PDF
c:\ucto2010\{PDF1}\ELDP09F.PDF
c:\ucto2010\{PDF1}\ELDP09K.PDF
c:\ucto2010\{PDF1}\ELDP09M.PDF
c:\ucto2010\{PDF1}\ELDP09P.PDF
c:\ucto2010\{PDF1}\ELDPF.PDF
c:\ucto2010\{PDF1}\ELDPK.PDF
c:\ucto2010\{PDF1}\ELDPM.PDF
c:\ucto2010\{PDF1}\ELDPP.PDF
c:\ucto2010\{PDF1}\HROMOZN.PDF
c:\ucto2010\{PDF1}\HROMOZNP.PDF
c:\ucto2010\{PDF1}\CHYBCAST.PDF
c:\ucto2010\{PDF1}\NEMOC.PDF
c:\ucto2010\{PDF1}\NEMOCP.PDF
c:\ucto2010\{PDF1}\ODCITPOL.PDF
c:\ucto2010\{PDF1}\ONZ.PDF
c:\ucto2010\{PDF1}\ONZK.PDF
c:\ucto2010\{PDF1}\ONZP.PDF
c:\ucto2010\{PDF1}\OSSZ.PDF
c:\ucto2010\{PDF1}\OSSZK.PDF
c:\ucto2010\{PDF1}\OSSZP.PDF
c:\ucto2010\{PDF1}\POCZAM.PDF
c:\ucto2010\{PDF1}\POJZAM.PDF
c:\ucto2010\{PDF1}\SILDAN.PDF
c:\ucto2010\{PDF1}\SILDANPO.PDF
c:\ucto2010\{PDF1}\SILDANPR.PDF
c:\ucto2010\{PDF1}\SOUHLAS.PDF
c:\ucto2010\{PDF1}\SOUHLASP.PDF
c:\ucto2010\{PDF1}\VYUCT.PDF
c:\ucto2010\{PDF1}\VYUCTP.PDF
c:\ucto2010\{PDF1}\VYUCTSRP.PDF
c:\ucto2010\{PDF1}\VYUCTSRZ.PDF
c:\ucto2010\{PDF1}\VZP.PDF
c:\ucto2010\{PDF1}\VZPP.PDF
c:\ucto2010\{PDF2}\DLBL.PDF
c:\ucto2010\{PDF2}\DLBL2.PDF
c:\ucto2010\{PDF2}\DLBW.PDF
c:\ucto2010\{PDF2}\DLBW2.PDF
c:\ucto2010\{PDF2}\DLGR.PDF
c:\ucto2010\{PDF2}\DLGR2.PDF
c:\ucto2010\{PDF2}\FABL.PDF
c:\ucto2010\{PDF2}\FABL2.PDF
c:\ucto2010\{PDF2}\FABW.PDF
c:\ucto2010\{PDF2}\FABW2.PDF
c:\ucto2010\{PDF2}\FAGR.PDF
c:\ucto2010\{PDF2}\FAGR2.PDF
c:\ucto2010\{PDF2}\OBBL.PDF
c:\ucto2010\{PDF2}\OBBL2.PDF
c:\ucto2010\{PDF2}\OBBW.PDF
c:\ucto2010\{PDF2}\OBBW2.PDF
c:\ucto2010\{PDF2}\OBGR.PDF
c:\ucto2010\{PDF2}\OBGR2.PDF
c:\ucto2010\{PDF3}\DAVKYK2X.DEF
c:\ucto2010\{PDF3}\DAVKYK2X.PDF
c:\ucto2010\{PDF3}\DAVKYK3X.DEF
c:\ucto2010\{PDF3}\DAVKYK3X.PDF
c:\ucto2010\{PDF3}\DPH15X.DEF
c:\ucto2010\{PDF3}\DPH15X.PDF
c:\ucto2010\{PDF3}\DPH16X.DEF
c:\ucto2010\{PDF3}\DPH16X.PDF
c:\ucto2010\{PDF3}\DZP_1X.DEF
c:\ucto2010\{PDF3}\DZP_1X.PDF
c:\ucto2010\{PDF3}\DZP_2X.DEF
c:\ucto2010\{PDF3}\DZP_2X.PDF
c:\ucto2010\{PDF3}\DZP_3X.DEF
c:\ucto2010\{PDF3}\DZP_3X.PDF
c:\ucto2010\{PDF3}\DZPX.DEF
c:\ucto2010\{PDF3}\DZPX.PDF
c:\ucto2010\{PDF3}\HROMOZNX.DEF
c:\ucto2010\{PDF3}\HROMOZNX.PDF
c:\ucto2010\{PDF3}\CHYBCASX.DEF
c:\ucto2010\{PDF3}\CHYBCASX.PDF
c:\ucto2010\{PDF3}\NEMOCX.DEF
c:\ucto2010\{PDF3}\NEMOCX.PDF
c:\ucto2010\{PDF3}\OSSZKX.DEF
c:\ucto2010\{PDF3}\OSSZKX.PDF
c:\ucto2010\{PDF3}\OSSZX.DEF
c:\ucto2010\{PDF3}\OSSZX.PDF
c:\ucto2010\{PDF3}\POCZAMX.DEF
c:\ucto2010\{PDF3}\POCZAMX.PDF
c:\ucto2010\{PDF3}\POJZAMX.DEF
c:\ucto2010\{PDF3}\POJZAMX.PDF
c:\ucto2010\{PDF3}\SILDANPX.DEF
c:\ucto2010\{PDF3}\SILDANPX.PDF
c:\ucto2010\{PDF3}\SILDANX.DEF
c:\ucto2010\{PDF3}\SILDANX.PDF
c:\ucto2010\{PDF3}\SOUHLASX.DEF
c:\ucto2010\{PDF3}\SOUHLASX.PDF
c:\ucto2010\{PDF3}\VYUCTSRX.DEF
c:\ucto2010\{PDF3}\VYUCTSRX.PDF
c:\ucto2010\{PDF3}\VYUCTX.DEF
c:\ucto2010\{PDF3}\VYUCTX.PDF
c:\ucto2010\{PDF3}\VZPX.DEF
c:\ucto2010\{PDF3}\VZPX.PDF
c:\ucto2010\{PRIK}\ABSENCE.004
c:\ucto2010\{PRIK}\ADRESY.000
c:\ucto2010\{PRIK}\ADRESY.T00
c:\ucto2010\{PRIK}\ADRESY.X00
c:\ucto2010\{PRIK}\ADRSPEC.000
c:\ucto2010\{PRIK}\ADRSPEC.T00
c:\ucto2010\{PRIK}\ARCHIVM.004
c:\ucto2010\{PRIK}\ARCHIVM.T04
c:\ucto2010\{PRIK}\AUTA.005
c:\ucto2010\{PRIK}\AUTA.T05
c:\ucto2010\{PRIK}\BANKA1.008
c:\ucto2010\{PRIK}\CE_AUTA.006
c:\ucto2010\{PRIK}\CE_AUTA.T06
c:\ucto2010\{PRIK}\CE_TRASY.006
c:\ucto2010\{PRIK}\CEST_FH.006
c:\ucto2010\{PRIK}\CEST_FH.T06
c:\ucto2010\{PRIK}\CEST_FP.006
c:\ucto2010\{PRIK}\CEST_FS.006
c:\ucto2010\{PRIK}\CEST_VH.006
c:\ucto2010\{PRIK}\CEST_VH.T06
c:\ucto2010\{PRIK}\CEST_VP.006
c:\ucto2010\{PRIK}\CEST_VS.006
c:\ucto2010\{PRIK}\CISABS.004
c:\ucto2010\{PRIK}\CISCEST.005
c:\ucto2010\{PRIK}\CISDOKL.001
c:\ucto2010\{PRIK}\CISDRUH.001
c:\ucto2010\{PRIK}\CISDRUH.X01
c:\ucto2010\{PRIK}\CISPOH.001
c:\ucto2010\{PRIK}\CISPOH.X01
c:\ucto2010\{PRIK}\CISPOL.006
c:\ucto2010\{PRIK}\CISPOZN.000
c:\ucto2010\{PRIK}\CISPOZN.T00
c:\ucto2010\{PRIK}\CIST.000
c:\ucto2010\{PRIK}\CISTEXT.001
c:\ucto2010\{PRIK}\CISTXT.006
c:\ucto2010\{PRIK}\CISUCEL.005
c:\ucto2010\{PRIK}\CISUKOL.004
c:\ucto2010\{PRIK}\CISVYKON.001
c:\ucto2010\{PRIK}\CISVYKON.X01
c:\ucto2010\{PRIK}\DAP15.003
c:\ucto2010\{PRIK}\DAP15.T03
c:\ucto2010\{PRIK}\DAP16.003
c:\ucto2010\{PRIK}\DAP16.T03
c:\ucto2010\{PRIK}\DENIK.001
c:\ucto2010\{PRIK}\DENIK.T01
c:\ucto2010\{PRIK}\DETI.004
c:\ucto2010\{PRIK}\DETI15.003
c:\ucto2010\{PRIK}\DETI16.003
c:\ucto2010\{PRIK}\DODL_AH.006
c:\ucto2010\{PRIK}\DODL_AH.T06
c:\ucto2010\{PRIK}\DODL_AP.006
c:\ucto2010\{PRIK}\DODL_AS.006
c:\ucto2010\{PRIK}\DODL_FH.006
c:\ucto2010\{PRIK}\DODL_FH.T06
c:\ucto2010\{PRIK}\DODL_FP.006
c:\ucto2010\{PRIK}\DODL_FS.006
c:\ucto2010\{PRIK}\DODL_VH.006
c:\ucto2010\{PRIK}\DODL_VH.T06
c:\ucto2010\{PRIK}\DODL_VP.006
c:\ucto2010\{PRIK}\DODL_VS.006
c:\ucto2010\{PRIK}\DOPISY.002
c:\ucto2010\{PRIK}\DOPISY.T02
c:\ucto2010\{PRIK}\DOPISYMM.002
c:\ucto2010\{PRIK}\DOPISYMM.T02
c:\ucto2010\{PRIK}\DOVROK.004
c:\ucto2010\{PRIK}\DROBMAJ.009
c:\ucto2010\{PRIK}\DROBMAJ.T09
c:\ucto2010\{PRIK}\EDIT.000
c:\ucto2010\{PRIK}\EDIT.X00
c:\ucto2010\{PRIK}\EDITPAR.000
c:\ucto2010\{PRIK}\EDITTAB.000
c:\ucto2010\{PRIK}\EDITTAB.T00
c:\ucto2010\{PRIK}\EDITTAB.X00
c:\ucto2010\{PRIK}\FAKT_AH.006
c:\ucto2010\{PRIK}\FAKT_AH.T06
c:\ucto2010\{PRIK}\FAKT_AP.006
c:\ucto2010\{PRIK}\FAKT_AS.006
c:\ucto2010\{PRIK}\FAKT_FH.006
c:\ucto2010\{PRIK}\FAKT_FH.T06
c:\ucto2010\{PRIK}\FAKT_FP.006
c:\ucto2010\{PRIK}\FAKT_FS.006
c:\ucto2010\{PRIK}\FAKT_VH.006
c:\ucto2010\{PRIK}\FAKT_VH.T06
c:\ucto2010\{PRIK}\FAKT_VP.006
c:\ucto2010\{PRIK}\FAKT_VS.006
c:\ucto2010\{PRIK}\FINANCE.001
c:\ucto2010\{PRIK}\FINANCE.T01
c:\ucto2010\{PRIK}\JIZDY.005
c:\ucto2010\{PRIK}\JIZDY.T05
c:\ucto2010\{PRIK}\KATEG.004
c:\ucto2010\{PRIK}\MAT_HP.007
c:\ucto2010\{PRIK}\MAT_PP.007
c:\ucto2010\{PRIK}\MATERIAL.001
c:\ucto2010\{PRIK}\MATERIAL.T01
c:\ucto2010\{PRIK}\MZDY.004
c:\ucto2010\{PRIK}\MZDY.T04
c:\ucto2010\{PRIK}\OBJE_FH.006
c:\ucto2010\{PRIK}\OBJE_FH.T06
c:\ucto2010\{PRIK}\OBJE_FP.006
c:\ucto2010\{PRIK}\OBJE_FS.006
c:\ucto2010\{PRIK}\OBJE_VH.006
c:\ucto2010\{PRIK}\OBJE_VH.T06
c:\ucto2010\{PRIK}\OBJE_VP.006
c:\ucto2010\{PRIK}\OBJE_VS.006
c:\ucto2010\{PRIK}\ODPISY.009
c:\ucto2010\{PRIK}\ODVODYM.004
c:\ucto2010\{PRIK}\OSSZ08.003
c:\ucto2010\{PRIK}\OST15.003
c:\ucto2010\{PRIK}\OST16.003
c:\ucto2010\{PRIK}\PAR01A2.001
c:\ucto2010\{PRIK}\PAR01A4.001
c:\ucto2010\{PRIK}\PARAM2.000
c:\ucto2010\{PRIK}\PARAM2.T00
c:\ucto2010\{PRIK}\PARAM4.000
c:\ucto2010\{PRIK}\PARAM4.T00
c:\ucto2010\{PRIK}\PARHB.008
c:\ucto2010\{PRIK}\PARZAS.001
c:\ucto2010\{PRIK}\PHM.005
c:\ucto2010\{PRIK}\PLATBY.001
c:\ucto2010\{PRIK}\PLATBY.T01
c:\ucto2010\{PRIK}\POHLZAV.001
c:\ucto2010\{PRIK}\POHLZAV.T01
c:\ucto2010\{PRIK}\POHYBM.001
c:\ucto2010\{PRIK}\POHYBV.001
c:\ucto2010\{PRIK}\POHYBZ.001
c:\ucto2010\{PRIK}\POJIST.004
c:\ucto2010\{PRIK}\POSTA.002
c:\ucto2010\{PRIK}\POSTA.T02
c:\ucto2010\{PRIK}\PRACOV.004
c:\ucto2010\{PRIK}\PRACOV.T04
c:\ucto2010\{PRIK}\PRACSML.004
c:\ucto2010\{PRIK}\PRACSML.T04
c:\ucto2010\{PRIK}\PRAVJIZD.005
c:\ucto2010\{PRIK}\PRAVJIZD.T05
c:\ucto2010\{PRIK}\PRIKH.008
c:\ucto2010\{PRIK}\PRIKP.008
c:\ucto2010\{PRIK}\SCIT_H.099
c:\ucto2010\{PRIK}\SCIT_H.T99
c:\ucto2010\{PRIK}\SCIT_P.099
c:\ucto2010\{PRIK}\SHIFTF3.000
c:\ucto2010\{PRIK}\SIL.005
c:\ucto2010\{PRIK}\SIL.T05
c:\ucto2010\{PRIK}\SILDAN.005
c:\ucto2010\{PRIK}\SILVOZ.005
c:\ucto2010\{PRIK}\SRAZKY.004
c:\ucto2010\{PRIK}\SRAZKY.T04
c:\ucto2010\{PRIK}\STATY.000
c:\ucto2010\{PRIK}\STRAV.004
c:\ucto2010\{PRIK}\TECHZHOD.009
c:\ucto2010\{PRIK}\TEXTY.002
c:\ucto2010\{PRIK}\TEXTY.T02
c:\ucto2010\{PRIK}\TRIDY.004
c:\ucto2010\{PRIK}\TYPDOKL.001
c:\ucto2010\{PRIK}\UCTY.000
c:\ucto2010\{PRIK}\UKOL.004
c:\ucto2010\{PRIK}\UKOLY.000
c:\ucto2010\{PRIK}\UKOLY.T00
c:\ucto2010\{PRIK}\UPR15.003
c:\ucto2010\{PRIK}\UPR16.003
c:\ucto2010\{PRIK}\UZAV.001
c:\ucto2010\{PRIK}\VYKMAZA.UUU
c:\ucto2010\{PRIK}\VYR_HP.007
c:\ucto2010\{PRIK}\VYR_HV.007
c:\ucto2010\{PRIK}\VYR_PP.007
c:\ucto2010\{PRIK}\VYR_PV.007
c:\ucto2010\{PRIK}\VYRIZUJE.002
c:\ucto2010\{PRIK}\VYROBA.001
c:\ucto2010\{PRIK}\VYROBKY.001
c:\ucto2010\{PRIK}\VYROBKY.T01
c:\ucto2010\{PRIK}\VYUCSRAZ.097
c:\ucto2010\{PRIK}\VYUCZAL.097
c:\ucto2010\{PRIK}\VZP08.003
c:\ucto2010\{PRIK}\ZAL_H.099
c:\ucto2010\{PRIK}\ZAL_H.T99
c:\ucto2010\{PRIK}\ZAOKFA.006
c:\ucto2010\{PRIK}\ZBO_HP.007
c:\ucto2010\{PRIK}\ZBO_HV.007
c:\ucto2010\{PRIK}\ZBO_PP.007
c:\ucto2010\{PRIK}\ZBO_PV.007
c:\ucto2010\{PRIK}\ZBOZI.001
c:\ucto2010\{PRIK}\ZBOZI.T01
c:\ucto2010\{PRIK}\ZP.009
c:\ucto2010\{PRIK}\ZP.T09
c:\ucto2010\{SEST}\SEST00.TXT
c:\ucto2010\{SEST}\SEST01.TXT
c:\ucto2010\{SEST}\SEST02.TXT
c:\ucto2010\{SEST}\SEST03.TXT
c:\ucto2010\{SEST}\SEST04.TXT
c:\ucto2010\{SEST}\SEST05.TXT
c:\ucto2010\{SEST}\SEST06.PDF
c:\ucto2010\{SEST}\SEST06.TXT
c:\ucto2010\{SEST}\SEST07.PDF
c:\ucto2010\{SEST}\SEST07.TXT
c:\ucto2010\{SEST}\SEST08.PDF
c:\ucto2010\{SEST}\SEST08.TXT
c:\ucto2010\{SLOZ}\BALIK_O.HTM
c:\ucto2010\{SLOZ}\BALIK_O.JS
c:\ucto2010\{SLOZ}\BALIK_P.HTM
c:\ucto2010\{SLOZ}\BALIK_P.JS
c:\ucto2010\{SLOZ}\SLOZ_A.HTM
c:\ucto2010\{SLOZ}\SLOZ_A.JS
c:\ucto2010\{SLOZ}\SLOZ_C.HTM
c:\ucto2010\{SLOZ}\SLOZ_C.JS
c:\ucto2010\{STAN}\DANZAT.004
c:\ucto2010\{STAN}\KALEXEK.099
c:\ucto2010\{STAN}\KASA.099
c:\ucto2010\{STAN}\LEAS.099
c:\ucto2010\{STAN}\LEAS.T99
c:\ucto2010\{STAN}\PAR01A3.001
c:\ucto2010\{STAN}\PAR03A3.003
c:\ucto2010\{STAN}\PAR03A3.T03
c:\ucto2010\{STAN}\PARAM3.000
c:\ucto2010\{STAN}\PARAM3.T00
c:\ucto2010\{STAN}\PATHS.000
c:\ucto2010\{STAN}\PGM.000
c:\ucto2010\{STAN}\SCITAC.099
c:\ucto2010\{STAN}\STAT.000
c:\ucto2010\{STAN}\TELSEZN.099
c:\ucto2010\{STAN}\VEDKALK.099
c:\ucto2010\{TISK}\CALLER.EXE
c:\ucto2010\{TISK}\CMDIALOG.VBX
c:\ucto2010\{TISK}\DISKSIZW.EXE
c:\ucto2010\{TISK}\DISKY.EXE
c:\ucto2010\{TISK}\ELPODPIS.EXE
c:\ucto2010\{TISK}\FAND2PDF.EXE
c:\ucto2010\{TISK}\FANDCLIP.EXE
c:\ucto2010\{TISK}\IEUCTO.EXE
c:\ucto2010\{TISK}\MSINET.OCX
c:\ucto2010\{TISK}\MSMAPI32.OCX
c:\ucto2010\{TISK}\MSVBVM60.DLL
c:\ucto2010\{TISK}\PDFTISK1.EXE
c:\ucto2010\{TISK}\PDFTISK2.EXE
c:\ucto2010\{TISK}\PDFTISK3.EXE
c:\ucto2010\{TISK}\REGISTER.EXE
c:\ucto2010\{TISK}\SETUPCP.EXE
c:\ucto2010\{TISK}\SIFRCSSZ.CER
c:\ucto2010\{TISK}\UCTOFONT.FON
c:\ucto2010\{TISK}\UCTOFT98.EXE
c:\ucto2010\{TISK}\UCTOFTP.EXE
c:\ucto2010\{TISK}\UCTOGRAF.EXE
c:\ucto2010\{TISK}\UCTOGRAF.INI
c:\ucto2010\{TISK}\UCTOLNK.EXE
c:\ucto2010\{TISK}\UCTOLNK.UUU
c:\ucto2010\{TISK}\UCTOLNK.W7
c:\ucto2010\{TISK}\UCTOLNK.WV
c:\ucto2010\{TISK}\UCTOLNK.WXP
c:\ucto2010\{TISK}\UCTOOL.EXE
c:\ucto2010\{TISK}\UEMAIL.EXE
c:\ucto2010\{TISK}\UEMAIL06.EXE
c:\ucto2010\{TISK}\UTISK01.EXE
c:\ucto2010\{TISK}\UTISK04.EXE
c:\ucto2010\{TISK}\UTISK98.EXE
c:\ucto2010\{TISK}\UTISK98.INI
c:\ucto2010\{TISK}\VBRUN300.DLL
c:\ucto2010\{TISK}\WINVERZE.EXE
c:\ucto2010\{UDOC}\CENIK.TXT
c:\ucto2010\{UDOC}\D2008.PDF
c:\ucto2010\{UDOC}\FAKTURA.TXT
c:\ucto2010\{UDOC}\INFO.TXT
c:\ucto2010\{UDOC}\LICENCE.TXT
c:\ucto2010\{UDOC}\OBJ.TXT
c:\ucto2010\{UDOC}\OBJZPR.TXT
c:\ucto2010\{UDOC}\ONAS.TXT
c:\ucto2010\{UDOC}\POUPG.TXT
c:\ucto2010\{UDOC}\PRIRUCKA.TXT
c:\ucto2010\{UDOC}\PRPRDOK.TXT
c:\ucto2010\{UDOC}\R2010.PDF
c:\ucto2010\{UDOC}\U2010.PDF
c:\ucto2010\{UDOC}\ZPROSTRE.TXT
c:\ucto2010\{WWWW}\VERZEWWW.UUU
c:\ucto2010\ÚČTO2010.W9X
c:\ucto2010\B&W.PAL
c:\ucto2010\BLUE.PAL
c:\ucto2010\BROWN.PAL
c:\ucto2010\CAT.BAT
c:\ucto2010\CISABS.UUU
c:\ucto2010\CISDRUH.UUU
c:\ucto2010\CISPOH.UUU
c:\ucto2010\CISSLOUP.000
c:\ucto2010\CONFIG.TXT
c:\ucto2010\DELFILE.EXE
c:\ucto2010\DISKSIZE.EXE
c:\ucto2010\DNY.000
c:\ucto2010\FAND.CFG
c:\ucto2010\FAND.RES
c:\ucto2010\FANDCFG.09
c:\ucto2010\FANDCFG.10
c:\ucto2010\FANDHTML.EXE
c:\ucto2010\FANDINST.EXE
c:\ucto2010\FANDT602.EXE
c:\ucto2010\FILESIZE.EXE
c:\ucto2010\FNDFILES.EXE
c:\ucto2010\GONOSOVA\ADRESY.000
c:\ucto2010\GONOSOVA\ADRESY.T00
c:\ucto2010\GONOSOVA\ADRESY.X00
c:\ucto2010\GONOSOVA\CISABS.004
c:\ucto2010\GONOSOVA\CISDOKL.001
c:\ucto2010\GONOSOVA\CISDRUH.001
c:\ucto2010\GONOSOVA\CISDRUH.X01
c:\ucto2010\GONOSOVA\CISPOH.001
c:\ucto2010\GONOSOVA\CISPOH.X01
c:\ucto2010\GONOSOVA\CISPOZN.000
c:\ucto2010\GONOSOVA\CISPOZN.T00
c:\ucto2010\GONOSOVA\CIST.000
c:\ucto2010\GONOSOVA\CISTXT.006
c:\ucto2010\GONOSOVA\CISVYKON.001
c:\ucto2010\GONOSOVA\CISVYKON.X01
c:\ucto2010\GONOSOVA\DAP16.003
c:\ucto2010\GONOSOVA\DAP16.T03
c:\ucto2010\GONOSOVA\DAP16.X03
c:\ucto2010\GONOSOVA\EDIT.000
c:\ucto2010\GONOSOVA\EDIT.X00
c:\ucto2010\GONOSOVA\EDITPAR.000
c:\ucto2010\GONOSOVA\EDITPAR.X00
c:\ucto2010\GONOSOVA\FINANCE.001
c:\ucto2010\GONOSOVA\FINANCE.T01
c:\ucto2010\GONOSOVA\KATEG.004
c:\ucto2010\GONOSOVA\PAR01A2.001
c:\ucto2010\GONOSOVA\PAR01A4.001
c:\ucto2010\GONOSOVA\PAR03A4.003
c:\ucto2010\GONOSOVA\PARAM2.000
c:\ucto2010\GONOSOVA\PARAM2.T00
c:\ucto2010\GONOSOVA\PARAM4.000
c:\ucto2010\GONOSOVA\PARAM4.T00
c:\ucto2010\GONOSOVA\PARZAS.001
c:\ucto2010\GONOSOVA\PRACSML.004
c:\ucto2010\GONOSOVA\PRACSML.T04
c:\ucto2010\GONOSOVA\TRIDY.004
c:\ucto2010\GONOSOVA\TYPDOKL.001
c:\ucto2010\GONOSOVA\UKOLY.000
c:\ucto2010\GONOSOVA\UKOLY.T00
c:\ucto2010\GONOSOVA\UZAV.001
c:\ucto2010\GONOSOVA\ZAOKFA.006
c:\ucto2010\HEAD602.UUU
c:\ucto2010\HELP.000
c:\ucto2010\HELP.T00
c:\ucto2010\HELP02.000
c:\ucto2010\HELP02.T00
c:\ucto2010\HELP03.000
c:\ucto2010\HELP03.T00
c:\ucto2010\HELP04.000
c:\ucto2010\HELP04.T00
c:\ucto2010\HELP05.000
c:\ucto2010\HELP05.T00
c:\ucto2010\HELP06.000
c:\ucto2010\HELP06.T00
c:\ucto2010\HELP08.000
c:\ucto2010\HELP08.T00
c:\ucto2010\HELP98.000
c:\ucto2010\HELP98.T00
c:\ucto2010\HELP99.000
c:\ucto2010\HELP99.T00
c:\ucto2010\IMPORT.PRO
c:\ucto2010\IMPORT.TRO
c:\ucto2010\INFOHLP.000
c:\ucto2010\INFOHLP.T00
c:\ucto2010\ISSHARE.EXE
c:\ucto2010\KALENDAR.000
c:\ucto2010\KALKDPH.000
c:\ucto2010\KALKPOJP.000
c:\ucto2010\KALKPOJZ.000
c:\ucto2010\KALKPRUM.000
c:\ucto2010\KALKPV08.000
c:\ucto2010\KALKTABD.000
c:\ucto2010\KATEG.UUU
c:\ucto2010\KOCIOLEK\ADRESY.000
c:\ucto2010\KOCIOLEK\ADRESY.T00
c:\ucto2010\KOCIOLEK\ADRESY.X00
c:\ucto2010\KOCIOLEK\CISABS.004
c:\ucto2010\KOCIOLEK\CISDOKL.001
c:\ucto2010\KOCIOLEK\CISDRUH.001
c:\ucto2010\KOCIOLEK\CISDRUH.X01
c:\ucto2010\KOCIOLEK\CISPOH.001
c:\ucto2010\KOCIOLEK\CISPOH.X01
c:\ucto2010\KOCIOLEK\CISPOZN.000
c:\ucto2010\KOCIOLEK\CISPOZN.T00
c:\ucto2010\KOCIOLEK\CIST.000
c:\ucto2010\KOCIOLEK\CISTXT.006
c:\ucto2010\KOCIOLEK\CISVYKON.001
c:\ucto2010\KOCIOLEK\CISVYKON.X01
c:\ucto2010\KOCIOLEK\DAP16.003
c:\ucto2010\KOCIOLEK\DAP16.T03
c:\ucto2010\KOCIOLEK\DAP16.X03
c:\ucto2010\KOCIOLEK\EDITPAR.000
c:\ucto2010\KOCIOLEK\EDITPAR.X00
c:\ucto2010\KOCIOLEK\FINANCE.001
c:\ucto2010\KOCIOLEK\FINANCE.T01
c:\ucto2010\KOCIOLEK\KATEG.004
c:\ucto2010\KOCIOLEK\PAR01A2.001
c:\ucto2010\KOCIOLEK\PAR01A4.001
c:\ucto2010\KOCIOLEK\PAR03A4.003
c:\ucto2010\KOCIOLEK\PARAM2.000
c:\ucto2010\KOCIOLEK\PARAM2.T00
c:\ucto2010\KOCIOLEK\PARAM4.000
c:\ucto2010\KOCIOLEK\PARAM4.T00
c:\ucto2010\KOCIOLEK\PARZAS.001
c:\ucto2010\KOCIOLEK\PRACSML.004
c:\ucto2010\KOCIOLEK\PRACSML.T04
c:\ucto2010\KOCIOLEK\TRIDY.004
c:\ucto2010\KOCIOLEK\TYPDOKL.001
c:\ucto2010\KOCIOLEK\UKOLY.000
c:\ucto2010\KOCIOLEK\UKOLY.T00
c:\ucto2010\KOCIOLEK\UZAV.001
c:\ucto2010\KOCIOLEK\ZAOKFA.006
c:\ucto2010\LASTAKT.TXT
c:\ucto2010\LCD1.PAL
c:\ucto2010\LCD2.PAL
c:\ucto2010\MAKEDIR.BAT
c:\ucto2010\MF5460-1.UUU
c:\ucto2010\MODUL01.PRO
c:\ucto2010\MODUL01.TRO
c:\ucto2010\MODUL02.PRO
c:\ucto2010\MODUL02.TRO
c:\ucto2010\MODUL03.PRO
c:\ucto2010\MODUL03.TRO
c:\ucto2010\MODUL04.PRO
c:\ucto2010\MODUL04.TRO
c:\ucto2010\MODUL05.PRO
c:\ucto2010\MODUL05.TRO
c:\ucto2010\MODUL06.PRO
c:\ucto2010\MODUL06.TRO
c:\ucto2010\MODUL07.PRO
c:\ucto2010\MODUL07.TRO
c:\ucto2010\MODUL08.PRO
c:\ucto2010\MODUL08.TRO
c:\ucto2010\MODUL09.PRO
c:\ucto2010\MODUL09.TRO
c:\ucto2010\MODUL97.PRO
c:\ucto2010\MODUL97.TRO
c:\ucto2010\MODUL98.PRO
c:\ucto2010\MODUL98.TRO
c:\ucto2010\MODUL99.PRO
c:\ucto2010\MODUL99.TRO
c:\ucto2010\MZDYPU.000
c:\ucto2010\NUMKB.EXE
c:\ucto2010\NUMKB3.EXE
c:\ucto2010\OPRAVY.UUU
c:\ucto2010\PGM.CAT
c:\ucto2010\PGM.RDB
c:\ucto2010\PGM.TTT
c:\ucto2010\PRINTER.TXT
c:\ucto2010\RADKY.TXT
c:\ucto2010\RENFILES.BAT
c:\ucto2010\RO.EXE
c:\ucto2010\SEARCHX.EXE
c:\ucto2010\SEST01.PRO
c:\ucto2010\SEST01.TRO
c:\ucto2010\SEST02.PRO
c:\ucto2010\SEST02.TRO
c:\ucto2010\SEST03.PRO
c:\ucto2010\SEST03.TRO
c:\ucto2010\SEST04.PRO
c:\ucto2010\SEST04.TRO
c:\ucto2010\SEST05.PRO
c:\ucto2010\SEST05.TRO
c:\ucto2010\SEST06.PRO
c:\ucto2010\SEST06.TRO
c:\ucto2010\SEST07.PRO
c:\ucto2010\SEST07.TRO
c:\ucto2010\SEST08.PRO
c:\ucto2010\SEST08.TRO
c:\ucto2010\SEST09.PRO
c:\ucto2010\SEST09.TRO
c:\ucto2010\SESTAVY.CAT
c:\ucto2010\SESTAVY.RDB
c:\ucto2010\SESTAVY.TTT
c:\ucto2010\SETDATE.EXE
c:\ucto2010\SETFILES.EXE
c:\ucto2010\SEZNTISK.000
c:\ucto2010\SEZNTISK.T00
c:\ucto2010\SLOVY.000
c:\ucto2010\SPEC01.PRO
c:\ucto2010\SPEC01.TRO
c:\ucto2010\SPEC02.PRO
c:\ucto2010\SPEC02.TRO
c:\ucto2010\SPEC03.PRO
c:\ucto2010\SPEC03.TRO
c:\ucto2010\SPEC04.PRO
c:\ucto2010\SPEC04.TRO
c:\ucto2010\SPEC05.PRO
c:\ucto2010\SPEC05.TRO
c:\ucto2010\SPEC06.PRO
c:\ucto2010\SPEC06.TRO
c:\ucto2010\SPEC07.PRO
c:\ucto2010\SPEC07.TRO
c:\ucto2010\SUBDIR.EXE
c:\ucto2010\SUDLICH.EXE
c:\ucto2010\SUHAJ\ADRESY.000
c:\ucto2010\SUHAJ\ADRESY.T00
c:\ucto2010\SUHAJ\ADRESY.X00
c:\ucto2010\SUHAJ\CISABS.004
c:\ucto2010\SUHAJ\CISDOKL.001
c:\ucto2010\SUHAJ\CISDRUH.001
c:\ucto2010\SUHAJ\CISDRUH.X01
c:\ucto2010\SUHAJ\CISPOH.001
c:\ucto2010\SUHAJ\CISPOH.X01
c:\ucto2010\SUHAJ\CISPOZN.000
c:\ucto2010\SUHAJ\CISPOZN.T00
c:\ucto2010\SUHAJ\CIST.000
c:\ucto2010\SUHAJ\CISTXT.006
c:\ucto2010\SUHAJ\CISVYKON.001
c:\ucto2010\SUHAJ\CISVYKON.X01
c:\ucto2010\SUHAJ\DAP16.003
c:\ucto2010\SUHAJ\DAP16.T03
c:\ucto2010\SUHAJ\DAP16.X03
c:\ucto2010\SUHAJ\EDIT.000
c:\ucto2010\SUHAJ\EDIT.X00
c:\ucto2010\SUHAJ\EDITPAR.000
c:\ucto2010\SUHAJ\EDITPAR.X00
c:\ucto2010\SUHAJ\FINANCE.001
c:\ucto2010\SUHAJ\FINANCE.T01
c:\ucto2010\SUHAJ\KATEG.004
c:\ucto2010\SUHAJ\OSSZ09.003
c:\ucto2010\SUHAJ\PAR01A2.001
c:\ucto2010\SUHAJ\PAR01A4.001
c:\ucto2010\SUHAJ\PAR03A4.003
c:\ucto2010\SUHAJ\PARAM2.000
c:\ucto2010\SUHAJ\PARAM2.T00
c:\ucto2010\SUHAJ\PARAM4.000
c:\ucto2010\SUHAJ\PARAM4.T00
c:\ucto2010\SUHAJ\PARZAS.001
c:\ucto2010\SUHAJ\PRACSML.004
c:\ucto2010\SUHAJ\PRACSML.T04
c:\ucto2010\SUHAJ\TRIDY.004
c:\ucto2010\SUHAJ\TYPDOKL.001
c:\ucto2010\SUHAJ\UKOLY.000
c:\ucto2010\SUHAJ\UKOLY.T00
c:\ucto2010\SUHAJ\UZAV.001
c:\ucto2010\SUHAJ\VZP09.003
c:\ucto2010\SUHAJ\ZAOKFA.006
c:\ucto2010\TIPY.000
c:\ucto2010\TIPY.T00
c:\ucto2010\TIPY.X00
c:\ucto2010\TTT.CAT
c:\ucto2010\TTT.RDB
c:\ucto2010\TTT.TTT
c:\ucto2010\TTTNEW.UUU
c:\ucto2010\TXTNARTF.EXE
c:\ucto2010\U.BAT
c:\ucto2010\UCTO.000
c:\ucto2010\UCTO.PAL
c:\ucto2010\UCTO2010.CAT
c:\ucto2010\UCTO2010.ICO
c:\ucto2010\UCTO2010.RDB
c:\ucto2010\UCTO2010.TTT
c:\ucto2010\UCTOINFO.PRO
c:\ucto2010\UCTOINFO.TRO
c:\ucto2010\UCTOL.000
c:\ucto2010\UCTOTXT.UUU
c:\ucto2010\UFAND.EXE
c:\ucto2010\UFAND.OVR
c:\ucto2010\UFANDHLP.000
c:\ucto2010\UFANDHLP.T00
c:\ucto2010\UK.BAT
c:\ucto2010\UPG.PRO
c:\ucto2010\UPG.TRO
c:\ucto2010\UPG01.PRO
c:\ucto2010\UPG01.TRO
c:\ucto2010\UPG02.PRO
c:\ucto2010\UPG02.TRO
c:\ucto2010\UPG03.PRO
c:\ucto2010\UPG03.TRO
c:\ucto2010\UPG04.PRO
c:\ucto2010\UPG04.TRO
c:\ucto2010\UPG05.PRO
c:\ucto2010\UPG05.TRO
c:\ucto2010\UPG06.PRO
c:\ucto2010\UPG06.TRO
c:\ucto2010\UPG07.PRO
c:\ucto2010\UPG07.TRO
c:\ucto2010\UPG08.PRO
c:\ucto2010\UPG08.TRO
c:\ucto2010\UPG09.PRO
c:\ucto2010\UPG09.TRO
c:\ucto2010\UPG97.PRO
c:\ucto2010\UPG97.TRO
c:\ucto2010\UPG99.PRO
c:\ucto2010\UPG99.TRO
c:\ucto2010\UPGPAR.000
c:\ucto2010\VEDLCIN.UUU
c:\ucto2010\VERZE.UUU
c:\ucto2010\VYBERTXT.EXE
c:\ucto2010\VZORTISK.000
c:\ucto2010\ZASTUPCE.CAT
c:\ucto2010\ZASTUPCE.INI
c:\ucto2010\ZASTUPCE.RDB
c:\ucto2010\ZASTUPCE.TTT
c:\ucto2010\ZETROZET.PAL
c:\ucto2010\ZZZ.BAT
c:\windows\system\DOTMTR_0.FON
c:\windows\system\MPALTINO.FON
c:\windows\system32\3693720789.dat
c:\windows\system32\drivers\7bf0d42f.sys
c:\windows\system32\drivers\be3a3504.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_7bf0d42f
-------\Service_be3a3504
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-24 do 2010-05-24 )))))))))))))))))))))))))))))))
.
2010-05-15 18:02 . 2010-05-15 18:02 114688 ----a-w- c:\windows\system32\nms32.dll
2010-05-15 18:02 . 2010-05-15 18:02 180224 ----a-w- c:\windows\system32\imon.dll
2010-05-15 18:02 . 2010-05-15 18:02 298576 ----a-w- c:\windows\system32\drivers\amon.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 09:36 . 2009-08-11 06:41 -------- d-----w- c:\program files\trend micro
2010-05-22 12:10 . 2006-07-26 12:54 -------- d-----w- c:\program files\ESET
2010-04-03 07:02 . 2002-09-23 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2010-04-03 07:02 . 2002-09-23 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2010-03-15 20:10 . 2009-04-02 19:24 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-06 17:44 . 2010-03-06 17:44 8158488 ----a-w- C:\Firefox Setup 3.6.exe
2010-03-02 16:55 . 2010-03-02 16:55 5327 -c--a-w- c:\windows\unins000.dat
2010-03-02 16:55 . 2010-03-02 16:55 1188443 ----a-w- c:\windows\unins000.exe
2006-12-13 03:12 . 2009-01-27 07:52 66648 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-12-13 03:12 . 2009-01-27 07:52 54352 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-13 03:12 . 2009-01-27 07:52 34928 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-12-13 03:12 . 2009-01-27 07:52 46696 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-12-13 03:12 . 2009-01-27 07:52 172120 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-01-23 18:32 . 2008-10-19 16:53 88 --sh--r- c:\windows\system32\7631F4AED4.sys
2009-01-23 18:32 . 2008-10-19 16:47 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-30 1945600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-06-28 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824]
"EasyTuneV"="c:\program files\Gigabyte\ET5\GUI.exe" [2004-06-14 200704]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-15 524632]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-26 167936]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-05-15 778240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-6-29 32768]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2.4.2009 21:10 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.6.2007 12:25 682232]
R1 neofltr_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\drivers\NEOFLTR_650_14951.SYS [3.2.2010 14:48 85288]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [15.8.2009 20:34 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [22.7.2003 9:44 18848]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [15.11.2007 22:30 34064]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [15.8.2009 20:34 65576]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 21:06 1029456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Obsah adresáře 'Naplánované úlohy'
2010-05-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:10]
2009-08-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-23 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.seznam.cz/
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: imon.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\Jirkaj\Data aplikací\Mozilla\Firefox\Profiles\xdqk23y1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-24 14:55
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867BD1E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7640fc3
\Driver\ACPI -> ACPI.sys @ 0xf73b3cb8
\Driver\atapi -> 0x867511e8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf723aba0
PacketIndicateHandler -> NDIS.sys @ 0xf7247b21
SendHandler -> NDIS.sys @ 0xf722587b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1300)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(2312)
c:\windows\system32\msi.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Celkový čas: 2010-05-24 15:01:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-24 13:01
Před spuštěním: 901 816 320
Po spuštění: 918 261 760
- - End Of File - - FE62FBF0EBA9CFCA84F24DE95C89AE2C
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: PC jede pomalu a internet se moc seka + backdoor vir
heh
ze slozky C:\Quoobox si presunte zpatky na puvodni misto slozku c:\ucto2010, doslo pravdepodobne k chybne operaci a chybnemu vymazu
stahnete GMER , rozbalte a spustte
probehne sken, po jehoz ukonceni na vas bafnou vysledky
pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte
pote dle tohoto navodu absolvujte druhy sken a opet obsah logu sem
ze slozky C:\Quoobox si presunte zpatky na puvodni misto slozku c:\ucto2010, doslo pravdepodobne k chybne operaci a chybnemu vymazu stahnete GMER , rozbalte a spustteprobehne sken, po jehoz ukonceni na vas bafnou vysledky
pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte
pote dle tohoto navodu absolvujte druhy sken a opet obsah logu sem
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Re: PC jede pomalu a internet se moc seka + backdoor vir
Tady je první log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-25 11:15:54
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Jirkaj\LOCALS~1\Temp\ugtdypow.sys
---- System - GMER 1.0.15 ----
SSDT sptd.sys ZwEnumerateKey [0xF73F9E2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF73FA1BA]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 867BC1E8
AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset)
Device \FileSystem\Fastfat \Fat 865257A0
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-25 11:15:54
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Jirkaj\LOCALS~1\Temp\ugtdypow.sys
---- System - GMER 1.0.15 ----
SSDT sptd.sys ZwEnumerateKey [0xF73F9E2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF73FA1BA]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 867BC1E8
AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset)
Device \FileSystem\Fastfat \Fat 865257A0
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
---- EOF - GMER 1.0.15 ----
Re: PC jede pomalu a internet se moc seka + backdoor vir
A tady druhý log (první část):
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-25 12:53:48
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Jirkaj\LOCALS~1\Temp\ugtdypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwClose [0xAAEF9160]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xAAEF8868]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateKey [0xAAEF5320]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xAAEF7E90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xAAEF7D9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xAAEF83FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xAAEF9210]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0xAAEF5786]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteValueKey [0xAAEF5846]
SSDT sptd.sys ZwEnumerateKey [0xF73F9E2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF73FA1BA]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xF52CC01C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xF52CC168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xAAEF8B54]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenKey [0xAAEF55CA]
SSDT sptd.sys ZwQueryKey [0xF73FA292]
SSDT sptd.sys ZwQueryValueKey [0xF73FA112]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xAAEF84EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xAAEF8E8C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetValueKey [0xAAEF59BC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xAAEF8DE0]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.text USBPORT.SYS!DllUnload F63D162C 5 Bytes JMP 86593780
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608
.text C:\WINDOWS\SOUNDMAN.EXE[208] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001407AC
.text C:\WINDOWS\SOUNDMAN.EXE[208] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00140720
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001407AC
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00140720
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[356] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[356] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetConnectA 40C14992 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetConnectW 40C15B8E 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetOpenA 40C1C879 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetOpenW 40C1CEA9 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetOpenUrlA 40C20BD2 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetOpenUrlW 40C6B081 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[356] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[356] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[356] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608
.text C:\Program Files\Eset\nod32kui.exe[364] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001407AC
.text C:\Program Files\Eset\nod32kui.exe[364] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00140720
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[460] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[460] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[460] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[460] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[460] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[528] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[528] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[528] WININET.dll!InternetConnectA 40C14992 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[528] WININET.dll!InternetConnectW 40C15B8E 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[528] WININET.dll!InternetOpenA 40C1C879 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[528] WININET.dll!InternetOpenW 40C1CEA9 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[528] WININET.dll!InternetOpenUrlA 40C20BD2 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[528] WININET.dll!InternetOpenUrlW 40C6B081 5 Bytes JMP 00080EC8
.text C:\WINDOWS\System32\svchost.exe[528] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[528] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[528] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Eset\nod32krn.exe[712] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Eset\nod32krn.exe[712] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Eset\nod32krn.exe[712] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Eset\nod32krn.exe[712] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Eset\nod32krn.exe[712] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\HPZipm12.exe[812] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\HPZipm12.exe[812] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\HPZipm12.exe[812] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\HPZipm12.exe[812] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\HPZipm12.exe[812] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PSIService.exe[844] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PSIService.exe[844] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PSIService.exe[844] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PSIService.exe[844] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PSIService.exe[844] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!WinExec 7C86158D 5 Bytes JMP 00140464
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001407AC
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00140720
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] ws2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] ws2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] ws2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\tcpsvcs.exe[944] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\tcpsvcs.exe[944] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\tcpsvcs.exe[944] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\tcpsvcs.exe[944] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\tcpsvcs.exe[944] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] WININET.dll!InternetConnectA 40C14992 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] WININET.dll!InternetConnectW 40C15B8E 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] WININET.dll!InternetOpenA 40C1C879 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] WININET.dll!InternetOpenW 40C1CEA9 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] WININET.dll!InternetOpenUrlA 40C20BD2 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] WININET.dll!InternetOpenUrlW 40C6B081 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!CreateThread 7C810647 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!WinExec 7C86158D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[1220] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[1220] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1244] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[1244] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[1244] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[1244] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[1244] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1288] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[1288] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1300] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[1300] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1300] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1300] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1300] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-25 12:53:48
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Jirkaj\LOCALS~1\Temp\ugtdypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwClose [0xAAEF9160]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xAAEF8868]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateKey [0xAAEF5320]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xAAEF7E90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xAAEF7D9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xAAEF83FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xAAEF9210]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0xAAEF5786]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteValueKey [0xAAEF5846]
SSDT sptd.sys ZwEnumerateKey [0xF73F9E2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF73FA1BA]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xF52CC01C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xF52CC168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xAAEF8B54]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenKey [0xAAEF55CA]
SSDT sptd.sys ZwQueryKey [0xF73FA292]
SSDT sptd.sys ZwQueryValueKey [0xF73FA112]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xAAEF84EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xAAEF8E8C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetValueKey [0xAAEF59BC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xAAEF8DE0]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.text USBPORT.SYS!DllUnload F63D162C 5 Bytes JMP 86593780
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464
.text C:\WINDOWS\SOUNDMAN.EXE[208] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608
.text C:\WINDOWS\SOUNDMAN.EXE[208] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001407AC
.text C:\WINDOWS\SOUNDMAN.EXE[208] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00140720
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001407AC
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00140720
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\WINDOWS\system32\MSTMON_Q.EXE[324] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[356] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[356] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetConnectA 40C14992 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetConnectW 40C15B8E 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetOpenA 40C1C879 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetOpenW 40C1CEA9 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetOpenUrlA 40C20BD2 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetOpenUrlW 40C6B081 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[356] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[356] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[356] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464
.text C:\Program Files\Eset\nod32kui.exe[364] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608
.text C:\Program Files\Eset\nod32kui.exe[364] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001407AC
.text C:\Program Files\Eset\nod32kui.exe[364] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00140720
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[460] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[460] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[460] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[460] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[460] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[528] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[528] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[528] WININET.dll!InternetConnectA 40C14992 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[528] WININET.dll!InternetConnectW 40C15B8E 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[528] WININET.dll!InternetOpenA 40C1C879 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[528] WININET.dll!InternetOpenW 40C1CEA9 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[528] WININET.dll!InternetOpenUrlA 40C20BD2 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[528] WININET.dll!InternetOpenUrlW 40C6B081 5 Bytes JMP 00080EC8
.text C:\WINDOWS\System32\svchost.exe[528] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[528] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[528] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Eset\nod32krn.exe[712] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Eset\nod32krn.exe[712] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Eset\nod32krn.exe[712] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Eset\nod32krn.exe[712] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Eset\nod32krn.exe[712] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Eset\nod32krn.exe[712] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\HPZipm12.exe[812] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\HPZipm12.exe[812] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\HPZipm12.exe[812] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\HPZipm12.exe[812] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\HPZipm12.exe[812] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\HPZipm12.exe[812] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PSIService.exe[844] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PSIService.exe[844] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PSIService.exe[844] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PSIService.exe[844] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PSIService.exe[844] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PSIService.exe[844] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!WinExec 7C86158D 5 Bytes JMP 00140464
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] KERNEL32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001407AC
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00140720
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] ws2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] ws2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[888] ws2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[896] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\tcpsvcs.exe[944] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\tcpsvcs.exe[944] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\tcpsvcs.exe[944] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\tcpsvcs.exe[944] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\tcpsvcs.exe[944] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\tcpsvcs.exe[944] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] WININET.dll!InternetConnectA 40C14992 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] WININET.dll!InternetConnectW 40C15B8E 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] WININET.dll!InternetOpenA 40C1C879 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] WININET.dll!InternetOpenW 40C1CEA9 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] WININET.dll!InternetOpenUrlA 40C20BD2 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[988] WININET.dll!InternetOpenUrlW 40C6B081 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!CreateThread 7C810647 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!WinExec 7C86158D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[1220] KERNEL32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[1220] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[1220] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1244] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1244] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[1244] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[1244] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[1244] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[1244] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1288] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1288] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[1288] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1300] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1300] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[1300] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1300] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1300] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1300] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
Re: PC jede pomalu a internet se moc seka + backdoor vir
a druhá část druhého logu:
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001407AC
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00140720
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1468] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1468] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1468] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1564] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1564] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1564] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1564] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1564] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1696] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1696] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1696] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1696] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1696] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1696] WININET.dll!InternetConnectA 40C14992 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1696] WININET.dll!InternetConnectW 40C15B8E 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1696] WININET.dll!InternetOpenA 40C1C879 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1696] WININET.dll!InternetOpenW 40C1CEA9 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1696] WININET.dll!InternetOpenUrlA 40C20BD2 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1696] WININET.dll!InternetOpenUrlW 40C6B081 5 Bytes JMP 00080EC8
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1756] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1756] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1756] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1756] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1756] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1824] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1824] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1824] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1824] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1824] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[1900] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[1900] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!WinExec 7C86158D 5 Bytes JMP 00140464
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001407AC
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00140720
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] ws2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] ws2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] ws2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001407AC
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00140720
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!WinExec 7C86158D 5 Bytes JMP 00140464
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001407AC
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00140720
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] ws2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] ws2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] ws2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[3096] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[3096] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[3096] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[3096] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[3096] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73F4AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73F4C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73F4B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73F5748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73F561E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7409ACA] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 867BC1E8
AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset)
Device \FileSystem\Fastfat \FatCdrom 865257A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{224C4FE5-B833-4515-9116-14A198DAD251} 8579D1E8
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
Device \Driver\usbohci \Device\USBPDO-0 865CC1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 867BE1E8
Device \Driver\dmio \Device\DmControl\DmConfig 867BE1E8
Device \Driver\dmio \Device\DmControl\DmPnP 867BE1E8
Device \Driver\dmio \Device\DmControl\DmInfo 867BE1E8
Device \Driver\usbehci \Device\USBPDO-1 865CB1E8
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)
Device \Driver\Ftdisk \Device\HarddiskVolume1 867521E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 867521E8
Device \Driver\Cdrom \Device\CdRom0 8654D1E8
Device \Driver\nvatabus \Device\00000074 867BD1E8
Device \Driver\nvatabus \Device\00000076 867BD1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8579D1E8
Device \Driver\NetBT \Device\NetbiosSmb 8579D1E8
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
Device \Driver\usbohci \Device\USBFDO-0 865CC1E8
Device \Driver\nvatabus \Device\NvAta0 867BD1E8
Device \Driver\usbehci \Device\USBFDO-1 865CB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 855217A0
Device \Driver\nvatabus \Device\NvAta1 867BD1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 855217A0
Device \Driver\nvatabus \Device\NvAta2 867BD1E8
Device \Driver\Ftdisk \Device\FtControl 867521E8
Device \FileSystem\Fastfat \Fat 865257A0
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset)
Device \FileSystem\Cdfs \Cdfs 864487A0
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0xAE 0xA8 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x96 0xBE 0x32 0x2B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0C 0x5C 0x6E 0x43 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0xAE 0xA8 0x1C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x96 0xBE 0x32 0x2B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0C 0x5C 0x6E 0x43 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\KONICA MINOLTA PagePro 1350W@ChangeID 1038375
---- EOF - GMER 1.0.15
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001407AC
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00140720
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\Gigabyte\ET5\GUI.exe[1332] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\System32\Ati2evxx.exe[1456] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1468] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1468] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1468] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1564] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1564] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1564] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1564] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1564] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1696] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1696] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1696] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1696] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1696] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1696] WININET.dll!InternetConnectA 40C14992 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1696] WININET.dll!InternetConnectW 40C15B8E 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1696] WININET.dll!InternetOpenA 40C1C879 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1696] WININET.dll!InternetOpenW 40C1CEA9 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1696] WININET.dll!InternetOpenUrlA 40C20BD2 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1696] WININET.dll!InternetOpenUrlW 40C6B081 5 Bytes JMP 00080EC8
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1756] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1756] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1756] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1756] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1756] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1824] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1824] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1824] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1824] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1824] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[1900] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[1900] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[1900] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!WinExec 7C86158D 5 Bytes JMP 00140464
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] KERNEL32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001407AC
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00140720
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] ws2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] ws2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2016] ws2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001407AC
.text C:\Documents and Settings\Jirkaj\Plocha\programy na viry\gmer.exe[2064] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00140720
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2328] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2476] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!WinExec 7C86158D 5 Bytes JMP 00140464
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] KERNEL32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001407AC
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00140720
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] ws2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] ws2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2552] ws2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[3096] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[3096] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[3096] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[3096] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[3096] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73F4AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73F4C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73F4B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73F5748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73F561E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7409ACA] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 867BC1E8
AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset)
Device \FileSystem\Fastfat \FatCdrom 865257A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{224C4FE5-B833-4515-9116-14A198DAD251} 8579D1E8
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
Device \Driver\usbohci \Device\USBPDO-0 865CC1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 867BE1E8
Device \Driver\dmio \Device\DmControl\DmConfig 867BE1E8
Device \Driver\dmio \Device\DmControl\DmPnP 867BE1E8
Device \Driver\dmio \Device\DmControl\DmInfo 867BE1E8
Device \Driver\usbehci \Device\USBPDO-1 865CB1E8
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)
Device \Driver\Ftdisk \Device\HarddiskVolume1 867521E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 867521E8
Device \Driver\Cdrom \Device\CdRom0 8654D1E8
Device \Driver\nvatabus \Device\00000074 867BD1E8
Device \Driver\nvatabus \Device\00000076 867BD1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8579D1E8
Device \Driver\NetBT \Device\NetbiosSmb 8579D1E8
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
Device \Driver\usbohci \Device\USBFDO-0 865CC1E8
Device \Driver\nvatabus \Device\NvAta0 867BD1E8
Device \Driver\usbehci \Device\USBFDO-1 865CB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 855217A0
Device \Driver\nvatabus \Device\NvAta1 867BD1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 855217A0
Device \Driver\nvatabus \Device\NvAta2 867BD1E8
Device \Driver\Ftdisk \Device\FtControl 867521E8
Device \FileSystem\Fastfat \Fat 865257A0
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset)
Device \FileSystem\Cdfs \Cdfs 864487A0
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0xAE 0xA8 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x96 0xBE 0x32 0x2B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0C 0x5C 0x6E 0x43 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0xAE 0xA8 0x1C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x96 0xBE 0x32 0x2B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0C 0x5C 0x6E 0x43 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\KONICA MINOLTA PagePro 1350W@ChangeID 1038375
---- EOF - GMER 1.0.15
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: PC jede pomalu a internet se moc seka + backdoor vir
stahnete TDSSKiller , rozbalte do slozky C:\WINDOWS\system32\drivers a spustte
zobrazi se nasledujici okno:
probehne sken, na jehoz konci se v pripade infekce zobrazi nasledujici okno:
Pokud uvidite na poslednim radku hlasku "Close all programs and choose Y to restart or N to continue", zmacknete klavesu Y a vas stroj bude restartovan
po restartu znovu aplikujte Combofix a vlozte sem log po aplikaci
zobrazi se nasledujici okno:
probehne sken, na jehoz konci se v pripade infekce zobrazi nasledujici okno:
Pokud uvidite na poslednim radku hlasku "Close all programs and choose Y to restart or N to continue", zmacknete klavesu Y a vas stroj bude restartovan
po restartu znovu aplikujte Combofix a vlozte sem log po aplikaci
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Re: PC jede pomalu a internet se moc seka + backdoor vir
Nic to nenaslo, tady je pak log z Combofixu:
ComboFix 10-05-23.07 - Jirkaj 25.05.2010 13:35:54.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.685 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jirkaj\Plocha\programy na viry\ComboFix.exe
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-25 do 2010-05-25 )))))))))))))))))))))))))))))))
.
2010-05-15 18:02 . 2010-05-15 18:02 114688 ----a-w- c:\windows\system32\nms32.dll
2010-05-15 18:02 . 2010-05-15 18:02 180224 ----a-w- c:\windows\system32\imon.dll
2010-05-15 18:02 . 2010-05-15 18:02 298576 ----a-w- c:\windows\system32\drivers\amon.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 09:36 . 2009-08-11 06:41 -------- d-----w- c:\program files\trend micro
2010-05-22 12:10 . 2006-07-26 12:54 -------- d-----w- c:\program files\ESET
2010-04-03 07:02 . 2002-09-23 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2010-04-03 07:02 . 2002-09-23 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2010-03-15 20:10 . 2009-04-02 19:24 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-06 17:44 . 2010-03-06 17:44 8158488 ----a-w- C:\Firefox Setup 3.6.exe
2010-03-02 16:55 . 2010-03-02 16:55 5327 -c--a-w- c:\windows\unins000.dat
2010-03-02 16:55 . 2010-03-02 16:55 1188443 ----a-w- c:\windows\unins000.exe
2006-12-13 03:12 . 2009-01-27 07:52 66648 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-12-13 03:12 . 2009-01-27 07:52 54352 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-13 03:12 . 2009-01-27 07:52 34928 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-12-13 03:12 . 2009-01-27 07:52 46696 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-12-13 03:12 . 2009-01-27 07:52 172120 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-01-23 18:32 . 2008-10-19 16:53 88 --sh--r- c:\windows\system32\7631F4AED4.sys
2009-01-23 18:32 . 2008-10-19 16:47 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-30 1945600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-06-28 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824]
"EasyTuneV"="c:\program files\Gigabyte\ET5\GUI.exe" [2004-06-14 200704]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-15 524632]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-26 167936]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-05-15 778240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-6-29 32768]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2.4.2009 21:10 64160]
R1 neofltr_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\drivers\NEOFLTR_650_14951.SYS [3.2.2010 14:48 85288]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [15.8.2009 20:34 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [22.7.2003 9:44 18848]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [15.11.2007 22:30 34064]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [15.8.2009 20:34 65576]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.6.2007 12:25 682232]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 21:06 1029456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Obsah adresáře 'Naplánované úlohy'
2010-05-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:10]
2009-08-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-23 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.seznam.cz/
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: imon.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\Jirkaj\Data aplikací\Mozilla\Firefox\Profiles\xdqk23y1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 13:50
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1244)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-05-25 13:55:35
ComboFix-quarantined-files.txt 2010-05-25 11:55
ComboFix2.txt 2010-05-24 13:02
Před spuštěním: 930 312 192
Po spuštění: 911 360 000
- - End Of File - - 2638B8007F50B54685A8CCB55D558738
ComboFix 10-05-23.07 - Jirkaj 25.05.2010 13:35:54.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.685 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jirkaj\Plocha\programy na viry\ComboFix.exe
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-25 do 2010-05-25 )))))))))))))))))))))))))))))))
.
2010-05-15 18:02 . 2010-05-15 18:02 114688 ----a-w- c:\windows\system32\nms32.dll
2010-05-15 18:02 . 2010-05-15 18:02 180224 ----a-w- c:\windows\system32\imon.dll
2010-05-15 18:02 . 2010-05-15 18:02 298576 ----a-w- c:\windows\system32\drivers\amon.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 09:36 . 2009-08-11 06:41 -------- d-----w- c:\program files\trend micro
2010-05-22 12:10 . 2006-07-26 12:54 -------- d-----w- c:\program files\ESET
2010-04-03 07:02 . 2002-09-23 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2010-04-03 07:02 . 2002-09-23 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2010-03-15 20:10 . 2009-04-02 19:24 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-06 17:44 . 2010-03-06 17:44 8158488 ----a-w- C:\Firefox Setup 3.6.exe
2010-03-02 16:55 . 2010-03-02 16:55 5327 -c--a-w- c:\windows\unins000.dat
2010-03-02 16:55 . 2010-03-02 16:55 1188443 ----a-w- c:\windows\unins000.exe
2006-12-13 03:12 . 2009-01-27 07:52 66648 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-12-13 03:12 . 2009-01-27 07:52 54352 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-13 03:12 . 2009-01-27 07:52 34928 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-12-13 03:12 . 2009-01-27 07:52 46696 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-12-13 03:12 . 2009-01-27 07:52 172120 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-01-23 18:32 . 2008-10-19 16:53 88 --sh--r- c:\windows\system32\7631F4AED4.sys
2009-01-23 18:32 . 2008-10-19 16:47 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-30 1945600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-06-28 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824]
"EasyTuneV"="c:\program files\Gigabyte\ET5\GUI.exe" [2004-06-14 200704]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-15 524632]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-26 167936]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-05-15 778240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-6-29 32768]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2.4.2009 21:10 64160]
R1 neofltr_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\drivers\NEOFLTR_650_14951.SYS [3.2.2010 14:48 85288]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [15.8.2009 20:34 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [22.7.2003 9:44 18848]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [15.11.2007 22:30 34064]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [15.8.2009 20:34 65576]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.6.2007 12:25 682232]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 21:06 1029456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Obsah adresáře 'Naplánované úlohy'
2010-05-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:10]
2009-08-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-23 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.seznam.cz/
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: imon.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\Jirkaj\Data aplikací\Mozilla\Firefox\Profiles\xdqk23y1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 13:50
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1244)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-05-25 13:55:35
ComboFix-quarantined-files.txt 2010-05-25 11:55
ComboFix2.txt 2010-05-24 13:02
Před spuštěním: 930 312 192
Po spuštění: 911 360 000
- - End Of File - - 2638B8007F50B54685A8CCB55D558738
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: PC jede pomalu a internet se moc seka + backdoor vir
naslo, bordel je pryc, log je OK
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Re: PC jede pomalu a internet se moc seka + backdoor vir
Je fakt, že teď běží internet i PC jako hodinky Děkuji moc za pomoc...až se mi to zase zanese do mnou netolerantní míry, ozvu se Jinak ještě taková drobnost. Je dobrý AdAware nebo bych měl používat něco lepšího? V kombinaci s Nodem...
Pěkný večer...
Děkuji moc za pomoc...až se mi to zase zanese do mnou netolerantní míry, ozvu se Jinak ještě taková drobnost. Je dobrý AdAware nebo bych měl používat něco lepšího? V kombinaci s Nodem...Pěkný večer...
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: PC jede pomalu a internet se moc seka + backdoor vir
AdAware...ja bych se spis orientoval nekam smerem k SuperAntispyware
a nemate zac
a nemate zac
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Re: PC jede pomalu a internet se moc seka + backdoor vir
Zase mi vyskakuje okno Amonu, ze mam v PC nejakeho kone...konkretne Rustock.NIH trojsky kun. Prosim, mohli byste mi opet pomoci? Zasilam dalsi log...
Logfile of random's system information tool 1.07 (written by random/random)
Run by Jirkaj at 2010-06-03 15:09:38
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 374 MB (2%) free of 15 GB
Total RAM: 1023 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:09:46, on 3.6.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\WINDOWS\system32\MSTMON_Q.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Jirkaj\Plocha\programy na viry\RSIT.exe
C:\Program Files\trend micro\Jirkaj.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.seznam.cz/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] C:\WINDOWS\system32\MSTMON_Q.EXE
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://neo.csa.cz/dana-cached/setup/Ju ... tupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NOD32 Kernel Service (nod32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
--
End of file - 6134 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-06-28 344064]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-06-29 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-05-17 77824]
"EasyTuneV"=C:\Program Files\Gigabyte\ET5\GUI.exe [2004-06-14 200704]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-03-15 524632]
"KONICA MINOLTA PagePro 1350WStatusDisplay"=C:\WINDOWS\system32\MSTMON_Q.EXE [2004-11-26 167936]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2010-05-15 778240]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-11-30 1945600]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Hlavní panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe"="C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-05-26 15:31:39 ----SHD---- C:\RECYCLER
2010-05-25 13:55:47 ----D---- C:\WINDOWS\temp
2010-05-25 13:55:40 ----A---- C:\ComboFix.txt
2010-05-25 13:27:24 ----A---- C:\TDSSKiller.2.3.0.0_25.05.2010_13.27.24_log.txt
2010-05-24 14:11:51 ----A---- C:\WINDOWS\zip.exe
2010-05-24 14:11:51 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-24 14:11:51 ----A---- C:\WINDOWS\SWSC.exe
2010-05-24 14:11:51 ----A---- C:\WINDOWS\SWREG.exe
2010-05-24 14:11:51 ----A---- C:\WINDOWS\sed.exe
2010-05-24 14:11:51 ----A---- C:\WINDOWS\PEV.exe
2010-05-24 14:11:51 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-24 14:11:51 ----A---- C:\WINDOWS\MBR.exe
2010-05-24 14:11:51 ----A---- C:\WINDOWS\grep.exe
2010-05-24 14:10:55 ----D---- C:\WINDOWS\ERDNT
2010-05-24 14:00:04 ----D---- C:\Qoobox
2010-05-15 20:02:23 ----A---- C:\WINDOWS\system32\nms32.dll
2010-05-15 20:02:23 ----A---- C:\WINDOWS\system32\imon.dll
======List of files/folders modified in the last 1 months======
2010-06-03 15:09:42 ----D---- C:\Program Files\trend micro
2010-06-03 15:09:35 ----D---- C:\WINDOWS\Prefetch
2010-06-03 14:41:50 ----D---- C:\Program Files\Mozilla Firefox
2010-06-03 14:16:51 ----D---- C:\WINDOWS
2010-06-03 10:31:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-31 20:27:21 ----D---- C:\Documents and Settings\Jirkaj\Data aplikací\Skype
2010-05-30 03:05:17 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-25 15:14:49 ----AC---- C:\WINDOWS\winamp.ini
2010-05-25 13:51:10 ----A---- C:\WINDOWS\system.ini
2010-05-25 13:43:25 ----D---- C:\WINDOWS\system32\drivers
2010-05-25 13:43:25 ----D---- C:\WINDOWS\AppPatch
2010-05-25 13:43:25 ----AD---- C:\WINDOWS\system32
2010-05-25 13:43:24 ----D---- C:\Program Files\Common Files
2010-05-24 14:58:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-24 14:53:00 ----D---- C:\WINDOWS\system32\config
2010-05-24 14:51:00 ----D---- C:\WINDOWS\system
2010-05-22 14:10:12 ----D---- C:\Program Files\ESET
2010-05-07 00:54:42 ----SHD---- C:\WINDOWS\Installer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877]
R1 neofltr_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951); \??\C:\WINDOWS\system32\Drivers\NEOFLTR_650_14951.SYS []
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]
R2 amon;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R2 MLPTDR_Q;MLPTDR_Q; \??\C:\WINDOWS\system32\MLPTDR_Q.SYS []
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-15 34064]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-05-18 2319680]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-06-29 1241088]
R3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 MarkFun_NT;MarkFun_NT; \??\C:\Program Files\Gigabyte\ET5\markfun.w32 []
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\Jirkaj\LOCALS~1\Temp\catchme.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys []
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys []
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys []
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys []
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys []
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys []
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys []
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys []
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2005-06-29 376832]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 nod32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2010-05-15 331776]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\System32\tcpsvcs.exe [2002-09-23 19456]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-06-28 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-15 1029456]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 p2psvc;Síť rovnocenných počítačů; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 PNRPSvc;Protokol PNRP; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-15 92792]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Logfile of random's system information tool 1.07 (written by random/random)
Run by Jirkaj at 2010-06-03 15:09:38
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 374 MB (2%) free of 15 GB
Total RAM: 1023 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:09:46, on 3.6.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\WINDOWS\system32\MSTMON_Q.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Jirkaj\Plocha\programy na viry\RSIT.exe
C:\Program Files\trend micro\Jirkaj.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.seznam.cz/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] C:\WINDOWS\system32\MSTMON_Q.EXE
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://neo.csa.cz/dana-cached/setup/Ju ... tupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NOD32 Kernel Service (nod32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
--
End of file - 6134 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-06-28 344064]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-06-29 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-05-17 77824]
"EasyTuneV"=C:\Program Files\Gigabyte\ET5\GUI.exe [2004-06-14 200704]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-03-15 524632]
"KONICA MINOLTA PagePro 1350WStatusDisplay"=C:\WINDOWS\system32\MSTMON_Q.EXE [2004-11-26 167936]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2010-05-15 778240]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-11-30 1945600]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Hlavní panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe"="C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-05-26 15:31:39 ----SHD---- C:\RECYCLER
2010-05-25 13:55:47 ----D---- C:\WINDOWS\temp
2010-05-25 13:55:40 ----A---- C:\ComboFix.txt
2010-05-25 13:27:24 ----A---- C:\TDSSKiller.2.3.0.0_25.05.2010_13.27.24_log.txt
2010-05-24 14:11:51 ----A---- C:\WINDOWS\zip.exe
2010-05-24 14:11:51 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-24 14:11:51 ----A---- C:\WINDOWS\SWSC.exe
2010-05-24 14:11:51 ----A---- C:\WINDOWS\SWREG.exe
2010-05-24 14:11:51 ----A---- C:\WINDOWS\sed.exe
2010-05-24 14:11:51 ----A---- C:\WINDOWS\PEV.exe
2010-05-24 14:11:51 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-24 14:11:51 ----A---- C:\WINDOWS\MBR.exe
2010-05-24 14:11:51 ----A---- C:\WINDOWS\grep.exe
2010-05-24 14:10:55 ----D---- C:\WINDOWS\ERDNT
2010-05-24 14:00:04 ----D---- C:\Qoobox
2010-05-15 20:02:23 ----A---- C:\WINDOWS\system32\nms32.dll
2010-05-15 20:02:23 ----A---- C:\WINDOWS\system32\imon.dll
======List of files/folders modified in the last 1 months======
2010-06-03 15:09:42 ----D---- C:\Program Files\trend micro
2010-06-03 15:09:35 ----D---- C:\WINDOWS\Prefetch
2010-06-03 14:41:50 ----D---- C:\Program Files\Mozilla Firefox
2010-06-03 14:16:51 ----D---- C:\WINDOWS
2010-06-03 10:31:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-31 20:27:21 ----D---- C:\Documents and Settings\Jirkaj\Data aplikací\Skype
2010-05-30 03:05:17 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-25 15:14:49 ----AC---- C:\WINDOWS\winamp.ini
2010-05-25 13:51:10 ----A---- C:\WINDOWS\system.ini
2010-05-25 13:43:25 ----D---- C:\WINDOWS\system32\drivers
2010-05-25 13:43:25 ----D---- C:\WINDOWS\AppPatch
2010-05-25 13:43:25 ----AD---- C:\WINDOWS\system32
2010-05-25 13:43:24 ----D---- C:\Program Files\Common Files
2010-05-24 14:58:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-24 14:53:00 ----D---- C:\WINDOWS\system32\config
2010-05-24 14:51:00 ----D---- C:\WINDOWS\system
2010-05-22 14:10:12 ----D---- C:\Program Files\ESET
2010-05-07 00:54:42 ----SHD---- C:\WINDOWS\Installer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877]
R1 neofltr_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951); \??\C:\WINDOWS\system32\Drivers\NEOFLTR_650_14951.SYS []
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]
R2 amon;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R2 MLPTDR_Q;MLPTDR_Q; \??\C:\WINDOWS\system32\MLPTDR_Q.SYS []
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-15 34064]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-05-18 2319680]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-06-29 1241088]
R3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 MarkFun_NT;MarkFun_NT; \??\C:\Program Files\Gigabyte\ET5\markfun.w32 []
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\Jirkaj\LOCALS~1\Temp\catchme.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys []
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys []
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys []
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys []
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys []
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys []
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys []
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys []
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2005-06-29 376832]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 nod32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2010-05-15 331776]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\System32\tcpsvcs.exe [2002-09-23 19456]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-06-28 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-15 1029456]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 p2psvc;Síť rovnocenných počítačů; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 PNRPSvc;Protokol PNRP; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-15 92792]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: PC jede pomalu a internet se moc seka + backdoor vir
fajn
kde NOD Rustocka hlasi?
zazalohujte si nekam c:\ucto2010, aby nedoslo k vymazu a opetovne aplikujte Combofix; tady Rustock nikde nevidim
kde NOD Rustocka hlasi?
zazalohujte si nekam c:\ucto2010, aby nedoslo k vymazu a opetovne aplikujte Combofix; tady Rustock nikde nevidim
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Re: PC jede pomalu a internet se moc seka + backdoor vir
Díky, Combofix zapnu zítra, teď už na pc nebudu, ale aspoň napíšu, kde to AMON našel....vždy to dám do karantény nebo smažu, ale objeví se tam pořád....ještě tuším, že cca před půlrokem jsem měl problém s virem na operační paměti, ale nevím, ja kto dopadlo v rámci všech těch skenů..
Čas Modul Objekt Jméno Virus Akce Uživatel Info
3.6.2010 23:11:20 AMON soubor C:\System Volume Information\_restore{E107A225-D375-4FE3-8FF7-4A723C7DF6B1}\RP130\A0028459.sys Win32/Rustock.NIH trojský kůň uložen do karantény - smazán NT AUTHORITY\SYSTEM
Čas Modul Objekt Jméno Virus Akce Uživatel Info
3.6.2010 23:11:20 AMON soubor C:\System Volume Information\_restore{E107A225-D375-4FE3-8FF7-4A723C7DF6B1}\RP130\A0028459.sys Win32/Rustock.NIH trojský kůň uložen do karantény - smazán NT AUTHORITY\SYSTEM
Přispějete na provoz fóra?