Dobry den,
log z RSIT nelze vytvorit, tak posilam log z Hijacku. PC je pomale a pri vypinani velmi dlouho trva nez nabehne tabulka s moznosti vypnout (restartovat, odhlasit). Prosim o radu. Diky
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:56, on 8.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\tiskárna\HP Software Update\HPWuSchd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\MSI\MSI2\BlueSoleil.exe
C:\tiskárna\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\MSI\MSI2\BTNtService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Documents and Settings\kora\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\tiskárna\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Kilerka\ICQ\ICQ6\ICQ.exe -minimize
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1858025970-79857088-3581336864-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1858025970-79857088-3581336864-1007\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\MSI\MSI2\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Kilerka\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Kilerka\ICQ6.5\ICQ.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0007622B-D286-4534-80EA-14782CA6EF5C}: NameServer = 213.195.215.200,81.30.224.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{003EFDD8-7CD0-4203-9971-CB426C826324}: NameServer = 213.195.215.200,81.30.224.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{91CE46DB-6DB5-4E2A-9F31-0952CB2F0F7C}: NameServer = 213.195.215.200,81.30.244.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\MSI\MSI2\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - http://www.uschovna.cz/images/save.gif
--
End of file - 8898 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Log z RSIT nejde vytvorit, PC je pomale
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Log z RSIT nejde vytvorit, PC je pomale
Stáhnete si DDS a uložte ho na plochu.Zavřete všechna spuštěná okna a spusťte program, potvrďte licenční podmínky a postupujte podle pokynů. Začne scanování.Až skončí, tak by měl vytvořit 2 logy proto se vam 2krát otevře notepad. Jeden log bude mít název DDS.txt a druhý attach.txt.Zkopírujte sem pouze tenDDS.txt.V pripade nejasnosti navod zde Stahnete GMER , rozbalte a spustteprobehne sken, po jehoz ukonceni na vas vyskoci vysledky
pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte
pote dle tohoto navodu absolvujte druhy sken a opet obsah logu sem
.Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Log z RSIT nejde vytvorit, PC je pomale
Tak tady to vsechno je:
DDS (Ver_09-07-30.01) - NTFSx86
Run by kora at 10:44:43,76 on ne 09.08.2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
AV: avast! antivirus 4.8.1335 [VPS 090808-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
============== Running Processes ===============
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.seznam.cz
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Magentic] c:\progra~1\magentic\bin\Magentic.exe /c
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
mRun: [WinFastDTV] c:\program files\winfast\wfdtv\DTVSchdl.exe
mRun: [WinFast Schedule] c:\program files\winfast\wfdtv\WFWIZ.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe
mRun: [Ulead Quick-Drop] "c:\program files\ulead systems\ulead dvd moviefactory 4.0 suite\ulead quick-drop 1.0\Quick-Drop.exe" WINDOWCALL
mRun: [USIUDF_Eject_Monitor] c:\program files\common files\ulead systems\dvd\USISrv.exe
mRun: [VGAUtil] c:\program files\gigabyte\vga utility manager\G-VGA.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [HP Software Update] "c:\tiskárna\hp software update\HPWuSchd.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [Mirabilis ICQ] c:\kilerka\icq\icq6\ICQ.exe -minimize
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\blueso~1.lnk - c:\msi\msi2\BlueSoleil.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\hpdigi~1.lnk - c:\tiskárna\digital imaging\bin\hpqtra08.exe
IE: &ICQ Toolbar Search - c:\program files\icqtoolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\kilerka\icq6.5\ICQ.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {0007622B-D286-4534-80EA-14782CA6EF5C} = 213.195.215.200,81.30.224.2
TCP: {003EFDD8-7CD0-4203-9971-CB426C826324} = 213.195.215.200,81.30.224.2
TCP: {91CE46DB-6DB5-4E2A-9F31-0952CB2F0F7C} = 213.195.215.200,81.30.244.2
Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - c:\program files\common files\a&w\MidRadio.ocx
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\kora\dataap~1\mozilla\firefox\profiles\6pc7m01u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.SOAPEncoding.schemaCollection", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2009-07-12 14:28 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-12 14:28 73,728 a------- c:\windows\system32\javacpl.cpl
==================== Find3M ====================
2009-08-09 09:20 5,112 a------- c:\windows\GPCIDrv.sys
2009-08-09 09:19 19,039 a------- c:\windows\system32\drivers\GVTDrv.sys
2009-08-08 18:18 103,736 a------- c:\windows\system32\PnkBstrB.exe
2009-07-07 13:42 262,144 a------- c:\windows\system32\wrap_oal.dll
2009-07-07 13:42 86,016 a------- c:\windows\system32\OpenAL32.dll
2009-07-07 13:24 382,548 a------- c:\windows\system32\perfh005.dat
2009-07-07 13:24 63,148 a------- c:\windows\system32\perfc005.dat
2007-03-21 20:53 7,780 a------- c:\documents and settings\kora\FMCodec.dat
============= FINISH: 10:45:52,17 ===============
prvno log z gmer a cast druheho
GMER 1.0.15.15020 [gmer.exe] - http://www.gmer.net
Rootkit quick scan 2009-08-09 10:47:54
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT sptd.sys ZwEnumerateKey [0xF748ED48]
SSDT sptd.sys ZwEnumerateValueKey [0xF748F0C0]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 871BF0E8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15020 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-09 10:53:28
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF06816B8]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xF0917920]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF0681574]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xF0916F20]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xF0916D90]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xF0917480]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xF0918190]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xF0914320]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF0681A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF068114C]
SSDT sptd.sys ZwEnumerateKey [0xF748ED48]
SSDT sptd.sys ZwEnumerateValueKey [0xF748F0C0]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xF069C9A0]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xF069CB30]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xF0917BF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF068164E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF068108C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF06810F0]
SSDT sptd.sys ZwQueryKey [0xF748F18A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF068176E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF068172E]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xF0917510]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xF0917F00]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF06818AE]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xF0917E50]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
? C:\WINDOWS\System32\Drivers\SPTD2749.SYS Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
PAGENDSM NDIS.sys!NdisMIndicateStatus F72FAA5F 6 Bytes JMP F090BED0 \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F64014D0 16 Bytes [51, 86, D1, 61, CA, F0, 4B, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 12 F64014E2 30 Bytes [40, F6, 6E, 12, BB, 32, 98, ...]
? C:\WINDOWS\System32\Drivers\dtscsi.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[204] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[204] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[204] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[204] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[204] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00130DB0
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00130F54
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00130D24
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00130E3C
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00130FE0
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00130EC8
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\DAEMON Tools\daemon.exe[644] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\DAEMON Tools\daemon.exe[644] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00130DB0
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00130F54
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00130D24
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00130E3C
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00130FE0
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00130EC8
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\RTHDCPL.EXE[668] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\RTHDCPL.EXE[668] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00130DB0
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00130F54
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00130D24
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00130E3C
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00130FE0
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00130EC8
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
DDS (Ver_09-07-30.01) - NTFSx86
Run by kora at 10:44:43,76 on ne 09.08.2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
AV: avast! antivirus 4.8.1335 [VPS 090808-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
============== Running Processes ===============
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.seznam.cz
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Magentic] c:\progra~1\magentic\bin\Magentic.exe /c
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
mRun: [WinFastDTV] c:\program files\winfast\wfdtv\DTVSchdl.exe
mRun: [WinFast Schedule] c:\program files\winfast\wfdtv\WFWIZ.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe
mRun: [Ulead Quick-Drop] "c:\program files\ulead systems\ulead dvd moviefactory 4.0 suite\ulead quick-drop 1.0\Quick-Drop.exe" WINDOWCALL
mRun: [USIUDF_Eject_Monitor] c:\program files\common files\ulead systems\dvd\USISrv.exe
mRun: [VGAUtil] c:\program files\gigabyte\vga utility manager\G-VGA.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [HP Software Update] "c:\tiskárna\hp software update\HPWuSchd.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [Mirabilis ICQ] c:\kilerka\icq\icq6\ICQ.exe -minimize
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\blueso~1.lnk - c:\msi\msi2\BlueSoleil.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\hpdigi~1.lnk - c:\tiskárna\digital imaging\bin\hpqtra08.exe
IE: &ICQ Toolbar Search - c:\program files\icqtoolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\kilerka\icq6.5\ICQ.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {0007622B-D286-4534-80EA-14782CA6EF5C} = 213.195.215.200,81.30.224.2
TCP: {003EFDD8-7CD0-4203-9971-CB426C826324} = 213.195.215.200,81.30.224.2
TCP: {91CE46DB-6DB5-4E2A-9F31-0952CB2F0F7C} = 213.195.215.200,81.30.244.2
Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - c:\program files\common files\a&w\MidRadio.ocx
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\kora\dataap~1\mozilla\firefox\profiles\6pc7m01u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.SOAPEncoding.schemaCollection", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2009-07-12 14:28 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-12 14:28 73,728 a------- c:\windows\system32\javacpl.cpl
==================== Find3M ====================
2009-08-09 09:20 5,112 a------- c:\windows\GPCIDrv.sys
2009-08-09 09:19 19,039 a------- c:\windows\system32\drivers\GVTDrv.sys
2009-08-08 18:18 103,736 a------- c:\windows\system32\PnkBstrB.exe
2009-07-07 13:42 262,144 a------- c:\windows\system32\wrap_oal.dll
2009-07-07 13:42 86,016 a------- c:\windows\system32\OpenAL32.dll
2009-07-07 13:24 382,548 a------- c:\windows\system32\perfh005.dat
2009-07-07 13:24 63,148 a------- c:\windows\system32\perfc005.dat
2007-03-21 20:53 7,780 a------- c:\documents and settings\kora\FMCodec.dat
============= FINISH: 10:45:52,17 ===============
prvno log z gmer a cast druheho
GMER 1.0.15.15020 [gmer.exe] - http://www.gmer.net
Rootkit quick scan 2009-08-09 10:47:54
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT sptd.sys ZwEnumerateKey [0xF748ED48]
SSDT sptd.sys ZwEnumerateValueKey [0xF748F0C0]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 871BF0E8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15020 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-09 10:53:28
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF06816B8]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xF0917920]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF0681574]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xF0916F20]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xF0916D90]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xF0917480]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xF0918190]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xF0914320]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF0681A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF068114C]
SSDT sptd.sys ZwEnumerateKey [0xF748ED48]
SSDT sptd.sys ZwEnumerateValueKey [0xF748F0C0]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xF069C9A0]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xF069CB30]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xF0917BF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF068164E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF068108C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF06810F0]
SSDT sptd.sys ZwQueryKey [0xF748F18A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF068176E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF068172E]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xF0917510]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xF0917F00]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF06818AE]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xF0917E50]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
? C:\WINDOWS\System32\Drivers\SPTD2749.SYS Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
PAGENDSM NDIS.sys!NdisMIndicateStatus F72FAA5F 6 Bytes JMP F090BED0 \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F64014D0 16 Bytes [51, 86, D1, 61, CA, F0, 4B, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 12 F64014E2 30 Bytes [40, F6, 6E, 12, BB, 32, 98, ...]
? C:\WINDOWS\System32\Drivers\dtscsi.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[204] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[204] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[204] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[204] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[204] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[356] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[408] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[432] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe[600] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00130DB0
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00130F54
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00130D24
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00130E3C
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00130FE0
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00130EC8
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[604] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[612] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\tiskárna\HP Software Update\HPWuSchd.exe[624] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\DAEMON Tools\daemon.exe[644] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\DAEMON Tools\daemon.exe[644] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\DAEMON Tools\daemon.exe[644] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00130DB0
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00130F54
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00130D24
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00130E3C
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00130FE0
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[652] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00130EC8
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\RTHDCPL.EXE[668] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\RTHDCPL.EXE[668] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\RTHDCPL.EXE[668] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\RUNDLL32.EXE[684] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00130DB0
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00130F54
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00130D24
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00130E3C
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00130FE0
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00130EC8
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jusched.exe[692] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
Re: Log z RSIT nejde vytvorit, PC je pomale
dasli cast druheho logu
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\QuickTime\QTTask.exe[700] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\QuickTime\QTTask.exe[700] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[708] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[708] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00130DB0
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00130F54
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00130D24
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00130E3C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00130FE0
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00130EC8
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\MSI\MSI2\BlueSoleil.exe[796] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\MSI\MSI2\BlueSoleil.exe[796] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\MSI\MSI2\BlueSoleil.exe[796] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\MSI\MSI2\BlueSoleil.exe[796] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\MSI\MSI2\BlueSoleil.exe[796] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\MSI\MSI2\BlueSoleil.exe[796] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00130DB0
.text C:\MSI\MSI2\BlueSoleil.exe[796] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00130F54
.text C:\MSI\MSI2\BlueSoleil.exe[796] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00130D24
.text C:\MSI\MSI2\BlueSoleil.exe[796] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00130E3C
.text C:\MSI\MSI2\BlueSoleil.exe[796] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00130FE0
.text C:\MSI\MSI2\BlueSoleil.exe[796] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00130EC8
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[1040] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[1040] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1064] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[1064] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[1064] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[1064] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[1064] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1112] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[1112] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[1112] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[1112] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[1112] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1124] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[1124] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1124] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1124] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1124] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\QuickTime\QTTask.exe[700] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\QuickTime\QTTask.exe[700] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\QuickTime\QTTask.exe[700] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[708] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[708] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[708] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00130DB0
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00130F54
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00130D24
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00130E3C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00130FE0
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[736] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00130EC8
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\MSI\MSI2\BlueSoleil.exe[796] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\MSI\MSI2\BlueSoleil.exe[796] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\MSI\MSI2\BlueSoleil.exe[796] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\MSI\MSI2\BlueSoleil.exe[796] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\MSI\MSI2\BlueSoleil.exe[796] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\MSI\MSI2\BlueSoleil.exe[796] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\MSI\MSI2\BlueSoleil.exe[796] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00130DB0
.text C:\MSI\MSI2\BlueSoleil.exe[796] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00130F54
.text C:\MSI\MSI2\BlueSoleil.exe[796] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00130D24
.text C:\MSI\MSI2\BlueSoleil.exe[796] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00130E3C
.text C:\MSI\MSI2\BlueSoleil.exe[796] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00130FE0
.text C:\MSI\MSI2\BlueSoleil.exe[796] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00130EC8
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\tiskárna\Digital Imaging\bin\hpqtra08.exe[900] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[988] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[1040] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[1040] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1064] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[1064] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[1064] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[1064] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[1064] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1112] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1112] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[1112] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[1112] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[1112] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[1112] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1124] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1124] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[1124] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1124] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1124] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1124] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1248] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
Re: Log z RSIT nejde vytvorit, PC je pomale
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1288] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1288] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1288] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00130DB0
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00130F54
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00130D24
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00130E3C
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00130FE0
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00130EC8
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1456] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1456] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1456] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1456] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1456] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1456] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1456] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1456] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1456] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[1512] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[1512] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[1512] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[1512] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[1512] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1592] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1592] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\HPZipm12.exe[1612] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\HPZipm12.exe[1612] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\HPZipm12.exe[1612] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\HPZipm12.exe[1612] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\HPZipm12.exe[1612] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1676] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1676] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1676] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1676] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1676] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1676] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1676] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1676] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1676] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00080EC8
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00130DB0
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00130F54
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00130D24
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00130E3C
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00130FE0
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00130EC8
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[2296] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[2296] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[2296] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[2296] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[2296] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00130DB0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00130F54
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00130D24
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00130E3C
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1288] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1288] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1288] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00130DB0
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00130F54
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00130D24
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00130E3C
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00130FE0
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1408] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00130EC8
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1456] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1456] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1456] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1456] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1456] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1456] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1456] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1456] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1456] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[1512] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[1512] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[1512] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[1512] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[1512] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[1512] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1592] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1592] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\HPZipm12.exe[1612] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\HPZipm12.exe[1612] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\HPZipm12.exe[1612] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\HPZipm12.exe[1612] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\HPZipm12.exe[1612] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\HPZipm12.exe[1612] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1676] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1676] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1676] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1676] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1676] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1676] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1676] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1676] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1676] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00080EC8
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00130DB0
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00130F54
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00130D24
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00130E3C
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00130FE0
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00130EC8
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1744] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1876] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1968] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Documents and Settings\kora\Plocha\gmer.exe[2276] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[2296] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[2296] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[2296] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[2296] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[2296] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[2296] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00130DB0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00130F54
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00130D24
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00130E3C
Re: Log z RSIT nejde vytvorit, PC je pomale
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00130FE0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00130EC8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\MSI\MSI2\BTNtService.exe[3144] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\MSI\MSI2\BTNtService.exe[3144] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00030838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00030950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00030EC8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\nvsvc32.exe[3320] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\nvsvc32.exe[3320] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\nvsvc32.exe[3320] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\nvsvc32.exe[3320] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\nvsvc32.exe[3320] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[3564] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[3564] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[3564] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[3564] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[3564] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\notepad.exe[4068] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\notepad.exe[4068] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F748AA32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F748AB6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F748AAF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F748B6CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F748B5A2] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74ADBBC] sptd.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F090BCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F090BD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F090BD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F090BDC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F090BD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F090BD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F090BCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F090BD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F090BDC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F090BCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F090BD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1112] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[1112] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 871BF0E8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Udfs \UdfsCdRom 86D0BCA0
Device \FileSystem\Udfs \UdfsDisk 86D0BCA0
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 1292121762
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1278226510
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1867801359
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xAF 0xCF 0x1F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0xF7 0xB6 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6A 0xE5 0xF8 0xAC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xAF 0xCF 0x1F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0xF7 0xB6 0x5C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6A 0xE5 0xF8 0xAC ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
---- EOF - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00130EC8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2396] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\MSI\MSI2\BTNtService.exe[3144] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\MSI\MSI2\BTNtService.exe[3144] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\MSI\MSI2\BTNtService.exe[3144] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre6\bin\jqs.exe[3228] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00030838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00030950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] WININET.dll!InternetConnectA 771B30A3 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] WININET.dll!InternetConnectW 771BEDD8 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[3244] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00030EC8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3288] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\nvsvc32.exe[3320] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\nvsvc32.exe[3320] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\nvsvc32.exe[3320] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\nvsvc32.exe[3320] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\nvsvc32.exe[3320] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\nvsvc32.exe[3320] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PnkBstrA.exe[3344] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3424] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[3564] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[3564] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[3564] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[3564] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[3564] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[3564] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3620] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3916] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\notepad.exe[4068] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\notepad.exe[4068] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\notepad.exe[4068] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F748AA32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F748AB6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F748AAF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F748B6CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F748B5A2] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74ADBBC] sptd.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F090BCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F090BD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F090BD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F090BDC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F090BD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F090BD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F090BCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F090BD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F090BDC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F090BCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F090BD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1112] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[1112] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 871BF0E8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Udfs \UdfsCdRom 86D0BCA0
Device \FileSystem\Udfs \UdfsDisk 86D0BCA0
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 1292121762
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1278226510
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1867801359
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xAF 0xCF 0x1F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0xF7 0xB6 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6A 0xE5 0xF8 0xAC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xAF 0xCF 0x1F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0xF7 0xB6 0x5C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6A 0xE5 0xF8 0xAC ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
---- EOF - GMER 1.0.15 ----
Re: Log z RSIT nejde vytvorit, PC je pomale
V pc je mbr rootkit.
stahnete MBR
presunte mbr.exe do adresare C:\Windows
dalsi postup jest nasledujici:
Start/Spustit a do chlivecku napiste cmd a stisk Enter.
vybafne na vas okenko prikazoveho radku; vy nadatlujte rucne prikaz:
mbr.exe -f
a stisknete Enter
Po provedeni operace restartujte a spustte mbr jeste jednou, jiz normalne a vlozte sem log
stahnete MBRpresunte mbr.exe do adresare C:\Windows
dalsi postup jest nasledujici:
Start/Spustit a do chlivecku napiste cmd a stisk Enter.
vybafne na vas okenko prikazoveho radku; vy nadatlujte rucne prikaz:
mbr.exe -f
a stisknete Enter
Po provedeni operace restartujte a spustte mbr jeste jednou, jiz normalne a vlozte sem log
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Log z RSIT nejde vytvorit, PC je pomale
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Re: Log z RSIT nejde vytvorit, PC je pomale
Staci tento log?Jiny mi to nevygeneruje....
Re: Log z RSIT nejde vytvorit, PC je pomale
Dobrý večer
Log už je ok, jak to vypadá s pc?
Log už je ok, jak to vypadá s pc?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Log z RSIT nejde vytvorit, PC je pomale
PC je o neco rychlejsi,ale stale se velmi pomalu vypina a nabiha. Bezi strasna spousta procesu, i kdyz nic neni zapnute(zadny program, net).
Re: Log z RSIT nejde vytvorit, PC je pomale
Jde Vám už spustit Rsit? Pokud ano, vložte log
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Log z RSIT nejde vytvorit, PC je pomale
RSIT stale nejde, porad to haze tohle:variable used without being declared.
Re: Log z RSIT nejde vytvorit, PC je pomale
Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe- spustte, klikněte na Run Scan
- po skončení skenu sem vložte obsah logů z OTL.Txt a Extras.txt
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Log z RSIT nejde vytvorit, PC je pomale
OTL Extras logfile created on: 18.8.2009 11:49:37 - Run 1ഀ
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\kora\Plochaഀ
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationഀ
Internet Explorer (Version = 6.0.2900.2180)ഀ
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyyഀ
ഀ
1023,48 Mb Total Physical Memory | 364,16 Mb Available Physical Memory | 35,58% Memory freeഀ
2,40 Gb Paging File | 1,75 Gb Available in Paging File | 73,00% Paging File freeഀ
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]ഀ
ഀ
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Filesഀ
Drive C: | 149,05 Gb Total Space | 57,22 Gb Free Space | 38,39% Space Free | Partition Type: NTFSഀ
Drive D: | 647,83 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFSഀ
E: Drive not present or media not loadedഀ
F: Drive not present or media not loadedഀ
G: Drive not present or media not loadedഀ
H: Drive not present or media not loadedഀ
I: Drive not present or media not loadedഀ
Drive K: | 3,72 Gb Total Space | 1,45 Gb Free Space | 38,87% Space Free | Partition Type: FAT32ഀ
ഀ
Computer Name: KORAABONAഀ
Current User Name: koraഀ
Logged in as Administrator.ഀ
ഀ
Current Boot Mode: Normalഀ
Scan Mode: Current userഀ
Company Name Whitelist: Offഀ
Skip Microsoft Files: Offഀ
File Age = 30 Daysഀ
Output = Standardഀ
ഀ
========== Extra Registry (SafeList) ==========ഀ
ഀ
ഀ
========== File Associations ==========ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]ഀ
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)ഀ
ഀ
========== Security Center Settings ==========ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]ഀ
"FirstRunDisabled" = 1ഀ
"AntiVirusDisableNotify" = 0ഀ
"FirewallDisableNotify" = 0ഀ
"UpdatesDisableNotify" = 0ഀ
"AntiVirusOverride" = 0ഀ
"FirewallOverride" = 0ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]ഀ
"EnableFirewall" = 0ഀ
"DoNotAllowExceptions" = 0ഀ
"DisableNotifications" = 0ഀ
ഀ
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]ഀ
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007ഀ
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008ഀ
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004ഀ
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005ഀ
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001ഀ
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002ഀ
ഀ
========== Authorized Applications List ==========ഀ
ഀ
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]ഀ
"C:\Program Files\Gigabyte\VGA Utility Manager\G-VGA.exe" = C:\Program Files\Gigabyte\VGA Utility Manager\G-VGA.exe:*:Enabled:Menu -- ()ഀ
"C:\MSI\MSI2\BlueSoleil.exe" = C:\MSI\MSI2\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)ഀ
"C:\Program Files\ICQLite\ICQLite.exe" = C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not foundഀ
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe" = C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI -- (Sunbelt Software)ഀ
"C:\Program Files\Magentic\bin\MgImp.exe" = C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic -- (IncrediMail, Ltd.)ഀ
"C:\Program Files\Magentic\bin\Magentic.exe" = C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic -- ()ഀ
"C:\Program Files\Magentic\bin\MgApp.exe" = C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic -- ()ഀ
"C:\Magentic\magentic_install.exe" = C:\Magentic\magentic_install.exe:*:Enabled:IncrediMail Installer -- File not foundഀ
"C:\Kilerka\ICQ\ICQ.exe" = C:\Kilerka\ICQ\ICQ.exe:*:Enabled:ICQ6 -- File not foundഀ
"C:\Kilerka\ICQ6\ICQ.exe" = C:\Kilerka\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not foundഀ
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)ഀ
"C:\Kilerka\ICQ6.5\ICQ.exe" = C:\Kilerka\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)ഀ
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)ഀ
"C:\WINDOWS\adobeupdz.exe" = C:\WINDOWS\adobeupdz.exe:*:Enabled:adobeupdz -- File not foundഀ
ഀ
ഀ
========== HKEY_LOCAL_MACHINE Uninstall List ==========ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]ഀ
"{08FC8F60-D010-11D3-B606-00A0C9B635C8}" = Eurofighter Typhoonഀ
"{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driverഀ
"{18E0918E-1060-48f3-925C-56C82E88551B}" = HP PSC & OfficeJet 3.5ഀ
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProcഀ
"{21BBAD12-C75F-4F06-A9B0-6F8BEEAF3846}" = Moorhuhn X - XSഀ
"{22988B2A-374A-4A7B-B795-A1AFF2046BE9}" = PhotoGalleryഀ
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorerഀ
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scanഀ
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14ഀ
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1ഀ
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1ഀ
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1ഀ
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Updateഀ
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XPഀ
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnosticsഀ
"{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}" = Ulead DVD MovieFactory 4.0 Suiteഀ
"{47C25360-AEBC-4B21-B233-87CE653B3369}" = AIOMinimalഀ
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copyഀ
"{4908C75E-E5E2-43F7-B1DF-023CBA831029}" = Nero 7 Ultra Editionഀ
"{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}" = Opera 9.27ഀ
"{55DCBED7-5710-4939-A928-4CBD9AB09EBB}" = 1310_Helpഀ
"{5786D2C8-A4C4-4DDB-B671-8ED2A53310EC}" = 1310Tourഀ
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreenഀ
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5ഀ
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Packഀ
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5ഀ
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decadeഀ
"{6864A62D-3EF3-415F-9922-240EED34B4C0}" = Faxഀ
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Updateഀ
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Directorഀ
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShareഀ
"{7B03A08B-AFAF-45CE-B2F1-787AD6CF45F6}" = OpenOffice.org 2.0ഀ
"{7CFFE053-748A-44DC-A248-06EA38E4BC03}" = School Tycoonഀ
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Themeഀ
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayAppഀ
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11144067}" = Bricks of Egypt 2ഀ
"{843B6370-4102-4FE9-9519-C0206A0A27DF}" = BlueSoleilഀ
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolderഀ
"{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}" = Ulead VideoStudio 9.0 SE DVDഀ
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003ഀ
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2ഀ
"{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SEഀ
"{99D48FBB-2DEF-49A9-BCC9-C5AF63DD2643}" = AiOSoftwareഀ
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjectsഀ
"{A047546B-1FC0-42AB-972E-EC689D9CF08D}" = CAMagic Mobile for Bluetoothഀ
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributableഀ
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0ഀ
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driverഀ
"{AD8E6D29-95EC-494E-8AF5-566E784819A6}" = Ulead Data-Add 2.0ഀ
"{AEC20FEC-47D8-4DEA-85D7-0B7E5D905D11}" = AiO_Scanഀ
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Driversഀ
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2ഀ
"{BE4AA694-815A-4045-BD49-C94F2BED7458}" = WinFast Entertainment Centerഀ
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTimeഀ
"{C92C584E-C781-475E-A8E2-C67D993A6B95}" = WinFast DTVഀ
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driverഀ
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1ഀ
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjectsഀ
"{CC419DDC-E0F0-4013-B25A-6FA036516F0D}" = Need for Speed™ ProStreetഀ
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overlandഀ
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007ഀ
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Seriesഀ
"{E443F067-3345-482C-BD7A-12675A53D292}" = Readmeഀ
"{E5C13A44-7C32-4CBB-B318-518B54F834C5}" = Ulead DVD Player 2.0ഀ
"{E659E0EE-10E6-49B7-8696-60F38D0EB174}" = Sunbelt Kerio Personal Firewallഀ
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driverഀ
"{F730A60D-F6DA-4653-9C6E-548F7A3A5EE0}" = 1310Trbഀ
"{F9B0968A-810E-484C-B81D-7F19DC2CBBF5}" = 1310ഀ
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebRegഀ
"{FF895069-BD9A-11D5-986D-00500443CF9F}" = Moorhuhn 3 DLഀ
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveXഀ
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Pluginഀ
"Adobe Shockwave Player" = Adobe Shockwave Player 11ഀ
"Atf" = All Ten Fingersഀ
"avast!" = avast! Antivirusഀ
"Beach Party Craze 1.00 Saralawler" = Beach Party Craze 1.00 Saralawlerഀ
"Beauty Pilot_is1" = Beauty Pilot 1.10 Trialഀ
"BFGC" = Big Fish Games Clientഀ
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0ഀ
"DVD Shrink_is1" = DVD Shrink 3.2ഀ
"Farm Mania_is1" = Farm Maniaഀ
"Farm Mania1.0" = Farm Maniaഀ
"FastStone Image Viewer" = FastStone Image Viewer 2.6ഀ
"GamesBar" = GamesBar 1.1.0.5ഀ
"GIGABYTE VGA Utility Manager" = GIGABYTE VGA Utility Managerഀ
"HijackThis" = HijackThis 2.0.2ഀ
"HP Photo & Imaging" = HP Image Zone 3.5ഀ
"InterActual Player" = InterActual Playerഀ
"IZArc 3.5 beta 3_is1" = IZArc 3.5 beta 3ഀ
"Magentic" = Magenticഀ
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malwareഀ
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1ഀ
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)ഀ
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XPഀ
"NVIDIA Drivers" = NVIDIA Driversഀ
"QIP2005" = QIP 2005 Uninstallഀ
"Return to Castle Wolfenstein" = Return to Castle Wolfensteinഀ
"S3 Gold" = The Settlers III Gold Editionഀ
"ToolbarICQToolbar.ICQToolbarObjectIEToolbar" = ICQ Toolbarഀ
"Windows Media Encoder 9" = Windows Media Encoder 9 Seriesഀ
"Windows Media Format Runtime" = Windows Media Format 11 runtimeഀ
"Windows Media Player" = Windows Media Player 11ഀ
"WinRAR archiver" = WinRARഀ
"WMFDist11" = Windows Media Format 11 runtimeഀ
"wmp11" = Windows Media Player 11ഀ
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0ഀ
"ZonerPhotoStudio10_CZ_is1" = Zoner Photo Studio 10ഀ
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoonഀ
ഀ
========== HKEY_CURRENT_USER Uninstall List ==========ഀ
ഀ
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]ഀ
"uTorrent" = µTorrentഀ
ഀ
========== Last 10 Event Log Errors ==========ഀ
ഀ
[ Antivirus Events ]ഀ
Error - 23.1.2009 6:17:13 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
Error - 24.1.2009 18:13:44 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
Error - 28.1.2009 4:28:06 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
Error - 1.2.2009 4:30:50 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
Error - 8.2.2009 7:29:55 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
Error - 9.2.2009 9:20:32 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
Error - 10.2.2009 8:16:54 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
Error - 11.2.2009 11:13:03 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
Error - 12.2.2009 4:41:59 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
Error - 18.2.2009 9:25:35 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
[ Application Events ]ഀ
Error - 19.12.2008 5:40:52 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace icq.exe, verze 6.0.0.7015, chybující modul unknown,ഀ
verze 0.0.0.0, adresa chyby 0x003e01c0. ഀ
ഀ
Error - 25.12.2008 7:26:27 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace bluesoleil.exe, verze 1.6.2.0, chybující modul ഀ
mfc42.dll, verze 6.2.4131.0, adresa chyby 0x000011c7. ഀ
ഀ
Error - 31.12.2008 5:28:31 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace hpqkygrp.exe, verze 3.5.0.556, chybující modul ഀ
mfc42.dll, verze 6.2.4131.0, adresa chyby 0x000076f2. ഀ
ഀ
Error - 12.2.2009 5:04:46 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace firefox.exe, verze 1.9.0.3306, chybující modul ഀ
mozcrt19.dll, verze 8.0.0.0, adresa chyby 0x00006ad3. ഀ
ഀ
Error - 13.2.2009 7:33:39 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace icq.exe, verze 6.0.0.7015, chybující modul unknown,ഀ
verze 0.0.0.0, adresa chyby 0x003e01c0. ഀ
ഀ
Error - 15.2.2009 5:16:57 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace icq.exe, verze 6.0.0.7015, chybující modul unknown,ഀ
verze 0.0.0.0, adresa chyby 0x00000000. ഀ
ഀ
Error - 23.3.2009 5:41:38 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace adobeupdz.exe, verze 0.0.0.0, chybující modul unknown,ഀ
verze 0.0.0.0, adresa chyby 0x00000000. ഀ
ഀ
Error - 6.4.2009 14:07:50 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace hpqkygrp.exe, verze 3.5.0.556, chybující modul ഀ
mfc42.dll, verze 6.2.4131.0, adresa chyby 0x000076f2. ഀ
ഀ
Error - 11.4.2009 16:29:56 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace adobeupdz.exe, verze 0.0.0.0, chybující modul unknown,ഀ
verze 0.0.0.0, adresa chyby 0x00000000. ഀ
ഀ
Error - 13.4.2009 2:02:04 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace adobeupdz.exe, verze 0.0.0.0, chybující modul unknown,ഀ
verze 0.0.0.0, adresa chyby 0x00000000. ഀ
ഀ
[ System Events ]ഀ
Error - 18.8.2009 2:20:21 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
Error - 18.8.2009 4:06:12 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
Error - 18.8.2009 4:06:12 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
Error - 18.8.2009 4:06:12 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
Error - 18.8.2009 4:38:36 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
Error - 18.8.2009 4:38:36 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
Error - 18.8.2009 4:39:14 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
Error - 18.8.2009 4:39:14 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
Error - 18.8.2009 4:40:29 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
Error - 18.8.2009 4:40:29 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
ഀ
< End of report >ഀ
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\kora\Plochaഀ
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationഀ
Internet Explorer (Version = 6.0.2900.2180)ഀ
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyyഀ
ഀ
1023,48 Mb Total Physical Memory | 364,16 Mb Available Physical Memory | 35,58% Memory freeഀ
2,40 Gb Paging File | 1,75 Gb Available in Paging File | 73,00% Paging File freeഀ
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]ഀ
ഀ
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Filesഀ
Drive C: | 149,05 Gb Total Space | 57,22 Gb Free Space | 38,39% Space Free | Partition Type: NTFSഀ
Drive D: | 647,83 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFSഀ
E: Drive not present or media not loadedഀ
F: Drive not present or media not loadedഀ
G: Drive not present or media not loadedഀ
H: Drive not present or media not loadedഀ
I: Drive not present or media not loadedഀ
Drive K: | 3,72 Gb Total Space | 1,45 Gb Free Space | 38,87% Space Free | Partition Type: FAT32ഀ
ഀ
Computer Name: KORAABONAഀ
Current User Name: koraഀ
Logged in as Administrator.ഀ
ഀ
Current Boot Mode: Normalഀ
Scan Mode: Current userഀ
Company Name Whitelist: Offഀ
Skip Microsoft Files: Offഀ
File Age = 30 Daysഀ
Output = Standardഀ
ഀ
========== Extra Registry (SafeList) ==========ഀ
ഀ
ഀ
========== File Associations ==========ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]ഀ
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)ഀ
ഀ
========== Security Center Settings ==========ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]ഀ
"FirstRunDisabled" = 1ഀ
"AntiVirusDisableNotify" = 0ഀ
"FirewallDisableNotify" = 0ഀ
"UpdatesDisableNotify" = 0ഀ
"AntiVirusOverride" = 0ഀ
"FirewallOverride" = 0ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]ഀ
"EnableFirewall" = 0ഀ
"DoNotAllowExceptions" = 0ഀ
"DisableNotifications" = 0ഀ
ഀ
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]ഀ
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007ഀ
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008ഀ
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004ഀ
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005ഀ
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001ഀ
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002ഀ
ഀ
========== Authorized Applications List ==========ഀ
ഀ
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]ഀ
ഀ
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]ഀ
"C:\Program Files\Gigabyte\VGA Utility Manager\G-VGA.exe" = C:\Program Files\Gigabyte\VGA Utility Manager\G-VGA.exe:*:Enabled:Menu -- ()ഀ
"C:\MSI\MSI2\BlueSoleil.exe" = C:\MSI\MSI2\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)ഀ
"C:\Program Files\ICQLite\ICQLite.exe" = C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not foundഀ
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe" = C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI -- (Sunbelt Software)ഀ
"C:\Program Files\Magentic\bin\MgImp.exe" = C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic -- (IncrediMail, Ltd.)ഀ
"C:\Program Files\Magentic\bin\Magentic.exe" = C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic -- ()ഀ
"C:\Program Files\Magentic\bin\MgApp.exe" = C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic -- ()ഀ
"C:\Magentic\magentic_install.exe" = C:\Magentic\magentic_install.exe:*:Enabled:IncrediMail Installer -- File not foundഀ
"C:\Kilerka\ICQ\ICQ.exe" = C:\Kilerka\ICQ\ICQ.exe:*:Enabled:ICQ6 -- File not foundഀ
"C:\Kilerka\ICQ6\ICQ.exe" = C:\Kilerka\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not foundഀ
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)ഀ
"C:\Kilerka\ICQ6.5\ICQ.exe" = C:\Kilerka\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)ഀ
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)ഀ
"C:\WINDOWS\adobeupdz.exe" = C:\WINDOWS\adobeupdz.exe:*:Enabled:adobeupdz -- File not foundഀ
ഀ
ഀ
========== HKEY_LOCAL_MACHINE Uninstall List ==========ഀ
ഀ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]ഀ
"{08FC8F60-D010-11D3-B606-00A0C9B635C8}" = Eurofighter Typhoonഀ
"{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driverഀ
"{18E0918E-1060-48f3-925C-56C82E88551B}" = HP PSC & OfficeJet 3.5ഀ
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProcഀ
"{21BBAD12-C75F-4F06-A9B0-6F8BEEAF3846}" = Moorhuhn X - XSഀ
"{22988B2A-374A-4A7B-B795-A1AFF2046BE9}" = PhotoGalleryഀ
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorerഀ
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scanഀ
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14ഀ
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1ഀ
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1ഀ
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1ഀ
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Updateഀ
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XPഀ
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnosticsഀ
"{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}" = Ulead DVD MovieFactory 4.0 Suiteഀ
"{47C25360-AEBC-4B21-B233-87CE653B3369}" = AIOMinimalഀ
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copyഀ
"{4908C75E-E5E2-43F7-B1DF-023CBA831029}" = Nero 7 Ultra Editionഀ
"{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}" = Opera 9.27ഀ
"{55DCBED7-5710-4939-A928-4CBD9AB09EBB}" = 1310_Helpഀ
"{5786D2C8-A4C4-4DDB-B671-8ED2A53310EC}" = 1310Tourഀ
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreenഀ
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5ഀ
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Packഀ
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5ഀ
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decadeഀ
"{6864A62D-3EF3-415F-9922-240EED34B4C0}" = Faxഀ
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Updateഀ
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Directorഀ
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShareഀ
"{7B03A08B-AFAF-45CE-B2F1-787AD6CF45F6}" = OpenOffice.org 2.0ഀ
"{7CFFE053-748A-44DC-A248-06EA38E4BC03}" = School Tycoonഀ
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Themeഀ
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayAppഀ
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11144067}" = Bricks of Egypt 2ഀ
"{843B6370-4102-4FE9-9519-C0206A0A27DF}" = BlueSoleilഀ
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolderഀ
"{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}" = Ulead VideoStudio 9.0 SE DVDഀ
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003ഀ
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2ഀ
"{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SEഀ
"{99D48FBB-2DEF-49A9-BCC9-C5AF63DD2643}" = AiOSoftwareഀ
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjectsഀ
"{A047546B-1FC0-42AB-972E-EC689D9CF08D}" = CAMagic Mobile for Bluetoothഀ
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributableഀ
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0ഀ
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driverഀ
"{AD8E6D29-95EC-494E-8AF5-566E784819A6}" = Ulead Data-Add 2.0ഀ
"{AEC20FEC-47D8-4DEA-85D7-0B7E5D905D11}" = AiO_Scanഀ
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Driversഀ
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2ഀ
"{BE4AA694-815A-4045-BD49-C94F2BED7458}" = WinFast Entertainment Centerഀ
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTimeഀ
"{C92C584E-C781-475E-A8E2-C67D993A6B95}" = WinFast DTVഀ
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driverഀ
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1ഀ
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjectsഀ
"{CC419DDC-E0F0-4013-B25A-6FA036516F0D}" = Need for Speed™ ProStreetഀ
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overlandഀ
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007ഀ
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Seriesഀ
"{E443F067-3345-482C-BD7A-12675A53D292}" = Readmeഀ
"{E5C13A44-7C32-4CBB-B318-518B54F834C5}" = Ulead DVD Player 2.0ഀ
"{E659E0EE-10E6-49B7-8696-60F38D0EB174}" = Sunbelt Kerio Personal Firewallഀ
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driverഀ
"{F730A60D-F6DA-4653-9C6E-548F7A3A5EE0}" = 1310Trbഀ
"{F9B0968A-810E-484C-B81D-7F19DC2CBBF5}" = 1310ഀ
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebRegഀ
"{FF895069-BD9A-11D5-986D-00500443CF9F}" = Moorhuhn 3 DLഀ
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveXഀ
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Pluginഀ
"Adobe Shockwave Player" = Adobe Shockwave Player 11ഀ
"Atf" = All Ten Fingersഀ
"avast!" = avast! Antivirusഀ
"Beach Party Craze 1.00 Saralawler" = Beach Party Craze 1.00 Saralawlerഀ
"Beauty Pilot_is1" = Beauty Pilot 1.10 Trialഀ
"BFGC" = Big Fish Games Clientഀ
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0ഀ
"DVD Shrink_is1" = DVD Shrink 3.2ഀ
"Farm Mania_is1" = Farm Maniaഀ
"Farm Mania1.0" = Farm Maniaഀ
"FastStone Image Viewer" = FastStone Image Viewer 2.6ഀ
"GamesBar" = GamesBar 1.1.0.5ഀ
"GIGABYTE VGA Utility Manager" = GIGABYTE VGA Utility Managerഀ
"HijackThis" = HijackThis 2.0.2ഀ
"HP Photo & Imaging" = HP Image Zone 3.5ഀ
"InterActual Player" = InterActual Playerഀ
"IZArc 3.5 beta 3_is1" = IZArc 3.5 beta 3ഀ
"Magentic" = Magenticഀ
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malwareഀ
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1ഀ
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)ഀ
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XPഀ
"NVIDIA Drivers" = NVIDIA Driversഀ
"QIP2005" = QIP 2005 Uninstallഀ
"Return to Castle Wolfenstein" = Return to Castle Wolfensteinഀ
"S3 Gold" = The Settlers III Gold Editionഀ
"ToolbarICQToolbar.ICQToolbarObjectIEToolbar" = ICQ Toolbarഀ
"Windows Media Encoder 9" = Windows Media Encoder 9 Seriesഀ
"Windows Media Format Runtime" = Windows Media Format 11 runtimeഀ
"Windows Media Player" = Windows Media Player 11ഀ
"WinRAR archiver" = WinRARഀ
"WMFDist11" = Windows Media Format 11 runtimeഀ
"wmp11" = Windows Media Player 11ഀ
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0ഀ
"ZonerPhotoStudio10_CZ_is1" = Zoner Photo Studio 10ഀ
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoonഀ
ഀ
========== HKEY_CURRENT_USER Uninstall List ==========ഀ
ഀ
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]ഀ
"uTorrent" = µTorrentഀ
ഀ
========== Last 10 Event Log Errors ==========ഀ
ഀ
[ Antivirus Events ]ഀ
Error - 23.1.2009 6:17:13 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
Error - 24.1.2009 18:13:44 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
Error - 28.1.2009 4:28:06 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
Error - 1.2.2009 4:30:50 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
Error - 8.2.2009 7:29:55 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
Error - 9.2.2009 9:20:32 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
Error - 10.2.2009 8:16:54 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
Error - 11.2.2009 11:13:03 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
Error - 12.2.2009 4:41:59 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
Error - 18.2.2009 9:25:35 | Computer Name = KORAABONA | Source = avast! | ID = 33554522ഀ
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanRealഀ
of http://1.im.cz/ad/im.js failed, 0000A413. ഀ
ഀ
[ Application Events ]ഀ
Error - 19.12.2008 5:40:52 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace icq.exe, verze 6.0.0.7015, chybující modul unknown,ഀ
verze 0.0.0.0, adresa chyby 0x003e01c0. ഀ
ഀ
Error - 25.12.2008 7:26:27 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace bluesoleil.exe, verze 1.6.2.0, chybující modul ഀ
mfc42.dll, verze 6.2.4131.0, adresa chyby 0x000011c7. ഀ
ഀ
Error - 31.12.2008 5:28:31 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace hpqkygrp.exe, verze 3.5.0.556, chybující modul ഀ
mfc42.dll, verze 6.2.4131.0, adresa chyby 0x000076f2. ഀ
ഀ
Error - 12.2.2009 5:04:46 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace firefox.exe, verze 1.9.0.3306, chybující modul ഀ
mozcrt19.dll, verze 8.0.0.0, adresa chyby 0x00006ad3. ഀ
ഀ
Error - 13.2.2009 7:33:39 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace icq.exe, verze 6.0.0.7015, chybující modul unknown,ഀ
verze 0.0.0.0, adresa chyby 0x003e01c0. ഀ
ഀ
Error - 15.2.2009 5:16:57 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace icq.exe, verze 6.0.0.7015, chybující modul unknown,ഀ
verze 0.0.0.0, adresa chyby 0x00000000. ഀ
ഀ
Error - 23.3.2009 5:41:38 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace adobeupdz.exe, verze 0.0.0.0, chybující modul unknown,ഀ
verze 0.0.0.0, adresa chyby 0x00000000. ഀ
ഀ
Error - 6.4.2009 14:07:50 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace hpqkygrp.exe, verze 3.5.0.556, chybující modul ഀ
mfc42.dll, verze 6.2.4131.0, adresa chyby 0x000076f2. ഀ
ഀ
Error - 11.4.2009 16:29:56 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace adobeupdz.exe, verze 0.0.0.0, chybující modul unknown,ഀ
verze 0.0.0.0, adresa chyby 0x00000000. ഀ
ഀ
Error - 13.4.2009 2:02:04 | Computer Name = KORAABONA | Source = Application Error | ID = 1000ഀ
Description = Chybující aplikace adobeupdz.exe, verze 0.0.0.0, chybující modul unknown,ഀ
verze 0.0.0.0, adresa chyby 0x00000000. ഀ
ഀ
[ System Events ]ഀ
Error - 18.8.2009 2:20:21 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
Error - 18.8.2009 4:06:12 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
Error - 18.8.2009 4:06:12 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
Error - 18.8.2009 4:06:12 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
Error - 18.8.2009 4:38:36 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
Error - 18.8.2009 4:38:36 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
Error - 18.8.2009 4:39:14 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
Error - 18.8.2009 4:39:14 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
Error - 18.8.2009 4:40:29 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
Error - 18.8.2009 4:40:29 | Computer Name = KORAABONA | Source = DCOM | ID = 10000ഀ
Description = Nelze spustit server DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.ഀ
Došloഀ
k chybě: %5 při provádění příkazu: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embeddingഀ
ഀ
ഀ
< End of report >ഀ
Přispějete na provoz fóra?
