
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Win32/rootkit
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
- Návštěvník
- Příspěvky: 16
- Registrován: 23 led 2010 15:48
Win32/rootkit
Dodbrý všechny hezky zdravím a žádám vás o pomoc, v mém počítači se objevil vir a já nevím jak na něj. Jsem amatér takže bych chtěl poprosit o podrobný postup jak tento problém odstranit. Přikládám log z RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by HonzaN at 2010-01-23 15:46:10
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 16 GB (43%) free of 38 GB
Total RAM: 511 MB (27% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:55:45, on 23.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\HonzaN\Plocha\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\trend micro\HonzaN.exe
C:\Documents and Settings\HonzaN\Plocha\RSIT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.0.20:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb125\Dealio.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O2 - BHO: (no name) - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb125\Dealio.dll
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] ~"C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: wwwpos32.exe
O4pe\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66307ae0-160e-11de-9055-000c76367308}]
shell\AutoRun\command - H:\exofucp.exe
shell\explore\command - H:\exofucp.exe
shell\open\command - H:\exofucp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98e24849-d654-11db-a7be-806d6172696f}]
shell\AutoRun\command - E:\setup.exe
======List of files/folders created in the last 1 months======
2010-01-23 15:46:20 ----D---- C:\Program Files\trend micro
2010-01-23 15:46:10 ----D---- C:\rsit
2010-01-22 16:07:19 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2009-12-30 17:33:10 ----D---- C:\Program Files\Valve
2009-12-24 11:59:13 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\ZoomBrowser EX
2009-12-24 11:57:57 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\CameraWindowDC
2009-12-24 11:57:55 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\CANON INC
2009-12-24 11:48:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\ZoomBrowser
2009-12-24 11:46:43 ----D---- C:\Program Files\Common Files\Canon
======List of files/folders modified in the last 1 months======
2010-01-23 15:46:37 ----D---- C:\WINDOWS\Prefetch
2010-01-23 15:46:20 ----RD---- C:\Program Files
2010-01-23 15:09:17 ----D---- C:\WINDOWS
2010-01-23 14:42:06 ----A---- C:\WINDOWS\wincmd.ini
2010-01-23 13:12:24 ----D---- C:\WINDOWS\Temp
2010-01-23 12:35:56 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\Skype
2010-01-23 12:33:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-23 10:24:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-23 10:22:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-22 22:26:07 ----D---- C:\Program Files\Mozilla Firefox
2010-01-22 22:26:04 ----D---- C:\WINDOWS\system32\drivers
2010-01-22 19:15:55 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\vlc
2010-01-22 16:08:29 ----D---- C:\WINDOWS\system32
2010-01-22 16:07:29 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-22 14:39:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-21 18:24:37 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-01-19 18:53:40 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\ICQ
2010-01-17 10:35:32 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\dvdcss
2010-01-03 12:50:17 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\BSplayer Pro
2009-12-28 22:08:10 ----D---- C:\Program Files\ICQ6.5
2009-12-25 17:11:31 ----A---- C:\WINDOWS\win.ini
2009-12-24 11:49:59 ----D---- C:\Program Files\Canon
2009-12-24 11:46:43 ----D---- C:\Program Files\Common Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 71088]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 kbdcap;kbdcap; C:\WINDOWS\system32\drivers\kbdcap.sys [2009-04-25 109440]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-04-08 29696]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-04-08 282880]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-03 163584]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 a6tdd6un;a6tdd6un; C:\WINDOWS\system32\drivers\a6tdd6un.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-02-20 1222192]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-09 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-12-27 187536]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2007-08-17 126976]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 gupdate1ca215d1fa40b00;Služba Google Update (gupdate1ca215d1fa40b00); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-20 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-21 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-07 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
-----------------EOF-----------------
-01 153136]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"au"=C:\Program Files\Dealio\DealioAU.exe [2008-01-15 546144]
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2007-12-06 1069920]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-08-20 198160]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"ICQ"=~C:\Program Files\ICQ6.5\ICQ.exe silent []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\HonzaN\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
wwwpos32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\ThunMail\testabd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\ICQLite\ICQLite.exe"="D:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Disabled:Sunbelt Kerio Firewall GUI"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66307ae0-160e-11de-9055-000c76367308}]
shell\AutoRun\command - H:\exofucp.exe
shell\explore\command - H:\exofucp.exe
shell\open\command - H:\exofucp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98e24849-d654-11db-a7be-806d6172696f}]
shell\AutoRun\command - E:\setup.exe
======List of files/folders created in the last 1 months======
2010-01-23 15:46:20 ----D---- C:\Program Files\trend micro
2010-01-23 15:46:10 ----D---- C:\rsit
2010-01-22 16:07:19 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2009-12-30 17:33:10 ----D---- C:\Program Files\Valve
2009-12-24 11:59:13 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\ZoomBrowser EX
2009-12-24 11:57:57 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\CameraWindowDC
2009-12-24 11:57:55 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\CANON INC
2009-12-24 11:48:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\ZoomBrowser
2009-12-24 11:46:43 ----D---- C:\Program Files\Common Files\Canon
======List of files/folders modified in the last 1 months======
2010-01-23 15:46:37 ----D---- C:\WINDOWS\Prefetch
2010-01-23 15:46:20 ----RD---- C:\Program Files
2010-01-23 15:09:17 ----D---- C:\WINDOWS
2010-01-23 14:42:06 ----A---- C:\WINDOWS\wincmd.ini
2010-01-23 13:12:24 ----D---- C:\WINDOWS\Temp
2010-01-23 12:35:56 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\Skype
2010-01-23 12:33:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-23 10:24:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-23 10:22:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-22 22:26:07 ----D---- C:\Program Files\Mozilla Firefox
2010-01-22 22:26:04 ----D---- C:\WINDOWS\system32\drivers
2010-01-22 19:15:55 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\vlc
2010-01-22 16:08:29 ----D---- C:\WINDOWS\system32
2010-01-22 16:07:29 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-22 14:39:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-21 18:24:37 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-01-19 18:53:40 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\ICQ
2010-01-17 10:35:32 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\dvdcss
2010-01-03 12:50:17 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\BSplayer Pro
2009-12-28 22:08:10 ----D---- C:\Program Files\ICQ6.5
2009-12-25 17:11:31 ----A---- C:\WINDOWS\win.ini
2009-12-24 11:49:59 ----D---- C:\Program Files\Canon
2009-12-24 11:46:43 ----D---- C:\Program Files\Common Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 71088]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 kbdcap;kbdcap; C:\WINDOWS\system32\drivers\kbdcap.sys [2009-04-25 109440]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-04-08 29696]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-04-08 282880]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-03 163584]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 a6tdd6un;a6tdd6un; C:\WINDOWS\system32\drivers\a6tdd6un.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-02-20 1222192]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-09 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-12-27 187536]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2007-08-17 126976]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 gupdate1ca215d1fa40b00;Služba Google Update (gupdate1ca215d1fa40b00); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-20 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-21 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-07 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by HonzaN at 2010-01-23 15:46:10
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 16 GB (43%) free of 38 GB
Total RAM: 511 MB (27% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:55:45, on 23.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\HonzaN\Plocha\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\trend micro\HonzaN.exe
C:\Documents and Settings\HonzaN\Plocha\RSIT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.0.20:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb125\Dealio.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O2 - BHO: (no name) - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb125\Dealio.dll
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] ~"C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: wwwpos32.exe
O4pe\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66307ae0-160e-11de-9055-000c76367308}]
shell\AutoRun\command - H:\exofucp.exe
shell\explore\command - H:\exofucp.exe
shell\open\command - H:\exofucp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98e24849-d654-11db-a7be-806d6172696f}]
shell\AutoRun\command - E:\setup.exe
======List of files/folders created in the last 1 months======
2010-01-23 15:46:20 ----D---- C:\Program Files\trend micro
2010-01-23 15:46:10 ----D---- C:\rsit
2010-01-22 16:07:19 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2009-12-30 17:33:10 ----D---- C:\Program Files\Valve
2009-12-24 11:59:13 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\ZoomBrowser EX
2009-12-24 11:57:57 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\CameraWindowDC
2009-12-24 11:57:55 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\CANON INC
2009-12-24 11:48:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\ZoomBrowser
2009-12-24 11:46:43 ----D---- C:\Program Files\Common Files\Canon
======List of files/folders modified in the last 1 months======
2010-01-23 15:46:37 ----D---- C:\WINDOWS\Prefetch
2010-01-23 15:46:20 ----RD---- C:\Program Files
2010-01-23 15:09:17 ----D---- C:\WINDOWS
2010-01-23 14:42:06 ----A---- C:\WINDOWS\wincmd.ini
2010-01-23 13:12:24 ----D---- C:\WINDOWS\Temp
2010-01-23 12:35:56 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\Skype
2010-01-23 12:33:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-23 10:24:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-23 10:22:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-22 22:26:07 ----D---- C:\Program Files\Mozilla Firefox
2010-01-22 22:26:04 ----D---- C:\WINDOWS\system32\drivers
2010-01-22 19:15:55 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\vlc
2010-01-22 16:08:29 ----D---- C:\WINDOWS\system32
2010-01-22 16:07:29 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-22 14:39:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-21 18:24:37 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-01-19 18:53:40 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\ICQ
2010-01-17 10:35:32 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\dvdcss
2010-01-03 12:50:17 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\BSplayer Pro
2009-12-28 22:08:10 ----D---- C:\Program Files\ICQ6.5
2009-12-25 17:11:31 ----A---- C:\WINDOWS\win.ini
2009-12-24 11:49:59 ----D---- C:\Program Files\Canon
2009-12-24 11:46:43 ----D---- C:\Program Files\Common Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 71088]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 kbdcap;kbdcap; C:\WINDOWS\system32\drivers\kbdcap.sys [2009-04-25 109440]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-04-08 29696]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-04-08 282880]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-03 163584]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 a6tdd6un;a6tdd6un; C:\WINDOWS\system32\drivers\a6tdd6un.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-02-20 1222192]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-09 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-12-27 187536]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2007-08-17 126976]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 gupdate1ca215d1fa40b00;Služba Google Update (gupdate1ca215d1fa40b00); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-20 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-21 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-07 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
-----------------EOF-----------------
-01 153136]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"au"=C:\Program Files\Dealio\DealioAU.exe [2008-01-15 546144]
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2007-12-06 1069920]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-08-20 198160]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"ICQ"=~C:\Program Files\ICQ6.5\ICQ.exe silent []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\HonzaN\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
wwwpos32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\ThunMail\testabd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\ICQLite\ICQLite.exe"="D:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Disabled:Sunbelt Kerio Firewall GUI"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66307ae0-160e-11de-9055-000c76367308}]
shell\AutoRun\command - H:\exofucp.exe
shell\explore\command - H:\exofucp.exe
shell\open\command - H:\exofucp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98e24849-d654-11db-a7be-806d6172696f}]
shell\AutoRun\command - E:\setup.exe
======List of files/folders created in the last 1 months======
2010-01-23 15:46:20 ----D---- C:\Program Files\trend micro
2010-01-23 15:46:10 ----D---- C:\rsit
2010-01-22 16:07:19 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2009-12-30 17:33:10 ----D---- C:\Program Files\Valve
2009-12-24 11:59:13 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\ZoomBrowser EX
2009-12-24 11:57:57 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\CameraWindowDC
2009-12-24 11:57:55 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\CANON INC
2009-12-24 11:48:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\ZoomBrowser
2009-12-24 11:46:43 ----D---- C:\Program Files\Common Files\Canon
======List of files/folders modified in the last 1 months======
2010-01-23 15:46:37 ----D---- C:\WINDOWS\Prefetch
2010-01-23 15:46:20 ----RD---- C:\Program Files
2010-01-23 15:09:17 ----D---- C:\WINDOWS
2010-01-23 14:42:06 ----A---- C:\WINDOWS\wincmd.ini
2010-01-23 13:12:24 ----D---- C:\WINDOWS\Temp
2010-01-23 12:35:56 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\Skype
2010-01-23 12:33:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-23 10:24:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-23 10:22:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-22 22:26:07 ----D---- C:\Program Files\Mozilla Firefox
2010-01-22 22:26:04 ----D---- C:\WINDOWS\system32\drivers
2010-01-22 19:15:55 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\vlc
2010-01-22 16:08:29 ----D---- C:\WINDOWS\system32
2010-01-22 16:07:29 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-22 14:39:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-21 18:24:37 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-01-19 18:53:40 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\ICQ
2010-01-17 10:35:32 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\dvdcss
2010-01-03 12:50:17 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\BSplayer Pro
2009-12-28 22:08:10 ----D---- C:\Program Files\ICQ6.5
2009-12-25 17:11:31 ----A---- C:\WINDOWS\win.ini
2009-12-24 11:49:59 ----D---- C:\Program Files\Canon
2009-12-24 11:46:43 ----D---- C:\Program Files\Common Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 71088]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 kbdcap;kbdcap; C:\WINDOWS\system32\drivers\kbdcap.sys [2009-04-25 109440]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-04-08 29696]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-04-08 282880]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-03 163584]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 a6tdd6un;a6tdd6un; C:\WINDOWS\system32\drivers\a6tdd6un.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-02-20 1222192]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-09 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-12-27 187536]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2007-08-17 126976]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 gupdate1ca215d1fa40b00;Služba Google Update (gupdate1ca215d1fa40b00); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-20 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-21 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-07 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
-----------------EOF-----------------
- cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Win32/rootkit
Vítám tě u nás,
je toho tam víc, tak mi dej chvíli na zpracování návodu
je toho tam víc, tak mi dej chvíli na zpracování návodu

Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím

-------------------------------------------------------------------------------------------------
> Podpora fóra <
- cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Win32/rootkit
Tak první část
Po proběhnutí sem dáš C:\ComboFix.txt a nový RSIT - a dej je sem kompletní, v tom prvním důležitá část chybí 
CFscriptStáhni siComboFix
a ulož ho na plochu. - zatím nespouštěj
Ukonči všechna aktivní okna,vypni Antispy a Antivir
Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace
Kód: Vybrat vše
KillAll::
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66307ae0-160e-11de-9055-000c76367308}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
File::
C:\WINDOWS\system32\fjhdyfhsn.bat
C:\Documents and Settings\HonzaN\Nabídka Start\Programy\Po spuštění\wwwpos32.exe
Folder::
C:\Program Files\Dealio
C:\Program Files\ThunMail
Driver::
gupdate1ca215d1fa40b00

Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím

-------------------------------------------------------------------------------------------------
> Podpora fóra <
-
- Návštěvník
- Příspěvky: 16
- Registrován: 23 led 2010 15:48
Re: Win32/rootkit
Promin že to píšu tak pozdě ale tedka mi všechno hrozně pomalu nabíhá. Asi kvůli tomu viru.
takže tdy je log, kterej mi vyjel:
ComboFix 10-01-22.05 - HonzaN 23.01.2010 17:50:57.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.96 [GMT 1:00]
Spuštěný z: c:\documents and settings\HonzaN\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\HonzaN\Plocha\CFscript.txt
AV: avast! antivirus 4.8.1351 [VPS 100122-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HonzaN\Plocha\Miley Cyrus- The Climb
c:\documents and settings\HonzaN\Plocha\Miley Cyrus- The Climb
c:\program files\Search Settings
c:\program files\Search Settings\kb125\res\ErrorPageTemplate.css
c:\program files\Search Settings\kb125\res\help.gif
c:\program files\Search Settings\kb125\res\pixel.gif
c:\program files\Search Settings\kb125\res\tab_icon.png
c:\program files\Search Settings\kb125\res\tabdata.js
c:\program files\Search Settings\kb125\res\tablib.js
c:\program files\Search Settings\kb125\res\tabwelcome_en.html
c:\program files\Search Settings\kb125\res\toolbar_background.gif
c:\program files\Search Settings\kb125\res\vista_directions.png
c:\program files\Search Settings\kb125\res\xp_directions.png
c:\program files\Search Settings\kb125\res\yahoo_search.gif
c:\program files\Search Settings\kb125\SearchSettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\ThunMail
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\ieuinit.inf
c:\windows\system32\twain_32.dll
C:\wow.jpg
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GUPDATE1CA215D1FA40B00
-------\Service_gupdate1ca215d1fa40b00
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-23 do 2010-01-23 )))))))))))))))))))))))))))))))
.
2010-01-23 16:15 . 2010-01-23 16:14 389632 ----a-w- c:\windows\system32\CF13226.exe
2010-01-23 14:46 . 2010-01-23 14:55 -------- d-----w- c:\program files\trend micro
2010-01-23 14:46 . 2010-01-23 14:56 -------- d-----w- C:\rsit
2010-01-22 15:07 . 2010-01-22 15:07 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-01-22 13:36 . 2004-08-03 21:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-01-22 13:36 . 2004-08-03 21:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-01-22 13:35 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-01-22 13:35 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-01-22 13:33 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-01-22 13:33 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2009-12-30 16:33 . 2009-12-30 16:37 -------- d-----w- c:\program files\Valve
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 09:24 . 2007-03-21 17:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-28 21:08 . 2009-01-04 19:56 -------- d-----w- c:\program files\ICQ6.5
2009-12-24 10:49 . 2007-08-06 10:23 -------- d-----w- c:\program files\Canon
2009-12-24 10:46 . 2009-12-24 10:46 -------- d-----w- c:\program files\Common Files\Canon
2009-12-23 11:27 . 2007-12-09 16:13 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-12-23 11:26 . 2007-10-20 15:15 -------- d-----w- c:\program files\MobMapUpdater
2009-12-11 12:46 . 2009-05-19 15:40 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2009-12-06 09:18 . 2009-12-06 09:10 -------- d-----w- c:\program files\Unlocker
2009-12-03 17:23 . 2009-12-03 17:22 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-12-03 17:22 . 2009-12-03 17:22 -------- d-----w- c:\program files\Borland
2009-11-29 21:19 . 2009-11-29 21:19 -------- d-----w- c:\program files\Macromedia
2007-03-29 16:13 . 2007-03-29 16:13 110592 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-20 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"PcSync"="d:\program files\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
c:\documents and settings\HonzaN\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
wwwpos32.exe [2004-8-17 23040]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16425:TCP"= 16425:TCP:BitComet 16425 TCP
"16425:UDP"= 16425:UDP:BitComet 16425 UDP
"21253:TCP"= 21253:TCP:BitComet 21253 TCP
"21253:UDP"= 21253:UDP:BitComet 21253 UDP
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.3.2007 13:27 682232]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.6.2008 16:00 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 13:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 13:34 71088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.6.2008 16:00 20560]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [25.4.2009 20:50 109440]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 06:11]
2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 06:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 10.1.0.20:3128
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: Compare Prices with &Dealio - c:\documents and settings\HonzaN\Data aplikací\Dealio\kb125\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
TCP: {A920D826-3444-43C3-81C6-88B48C83185B} = 82.99.161.243,212.158.128.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\HonzaN\Data aplikací\Mozilla\Firefox\Profiles\boc0wj5k.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\Search Settings\kb125\SearchSettings.dll
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-ICQ - ~c:\program files\ICQ6.5\ICQ.exe
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 18:23
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x823571E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf858afc3
\Driver\ACPI -> ACPI.sys @ 0xf83edcb8
\Driver\atapi -> sfsync02.sys @ 0xf85578b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:54,18,d0,c0,41,08,b9,33,2d,54,c8,1e,c0,80,56,ee,47,6a,95,91,d6,a6,08,
88,40,f0,10,8e,7f,50,98,7c,b4,05,7f,66,34,2d,08,21,d2,3d,b9,19,bd,11,3d,b3,\
"??"=hex:42,37,0b,2a,e7,91,61,35,df,a0,94,be,1f,90,ed,7a
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'Explorer.EXE'(2296)
c:\windows\system32\msi.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\UAService7.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Alwil Software\Avast4\setup\avast.setup
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre1.6.0_03\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-01-23 18:41:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-23 17:40
Před spuštěním: Volných bajtů: 17 082 535 936
Po spuštění: Volných bajtů: 16 942 649 344
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 63C29763A2C985F6DA9A1246D85F239F
takže tdy je log, kterej mi vyjel:
ComboFix 10-01-22.05 - HonzaN 23.01.2010 17:50:57.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.96 [GMT 1:00]
Spuštěný z: c:\documents and settings\HonzaN\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\HonzaN\Plocha\CFscript.txt
AV: avast! antivirus 4.8.1351 [VPS 100122-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HonzaN\Plocha\Miley Cyrus- The Climb
c:\documents and settings\HonzaN\Plocha\Miley Cyrus- The Climb
c:\program files\Search Settings
c:\program files\Search Settings\kb125\res\ErrorPageTemplate.css
c:\program files\Search Settings\kb125\res\help.gif
c:\program files\Search Settings\kb125\res\pixel.gif
c:\program files\Search Settings\kb125\res\tab_icon.png
c:\program files\Search Settings\kb125\res\tabdata.js
c:\program files\Search Settings\kb125\res\tablib.js
c:\program files\Search Settings\kb125\res\tabwelcome_en.html
c:\program files\Search Settings\kb125\res\toolbar_background.gif
c:\program files\Search Settings\kb125\res\vista_directions.png
c:\program files\Search Settings\kb125\res\xp_directions.png
c:\program files\Search Settings\kb125\res\yahoo_search.gif
c:\program files\Search Settings\kb125\SearchSettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\ThunMail
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\ieuinit.inf
c:\windows\system32\twain_32.dll
C:\wow.jpg
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GUPDATE1CA215D1FA40B00
-------\Service_gupdate1ca215d1fa40b00
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-23 do 2010-01-23 )))))))))))))))))))))))))))))))
.
2010-01-23 16:15 . 2010-01-23 16:14 389632 ----a-w- c:\windows\system32\CF13226.exe
2010-01-23 14:46 . 2010-01-23 14:55 -------- d-----w- c:\program files\trend micro
2010-01-23 14:46 . 2010-01-23 14:56 -------- d-----w- C:\rsit
2010-01-22 15:07 . 2010-01-22 15:07 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-01-22 13:36 . 2004-08-03 21:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-01-22 13:36 . 2004-08-03 21:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-01-22 13:35 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-01-22 13:35 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-01-22 13:33 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-01-22 13:33 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2009-12-30 16:33 . 2009-12-30 16:37 -------- d-----w- c:\program files\Valve
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 09:24 . 2007-03-21 17:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-28 21:08 . 2009-01-04 19:56 -------- d-----w- c:\program files\ICQ6.5
2009-12-24 10:49 . 2007-08-06 10:23 -------- d-----w- c:\program files\Canon
2009-12-24 10:46 . 2009-12-24 10:46 -------- d-----w- c:\program files\Common Files\Canon
2009-12-23 11:27 . 2007-12-09 16:13 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-12-23 11:26 . 2007-10-20 15:15 -------- d-----w- c:\program files\MobMapUpdater
2009-12-11 12:46 . 2009-05-19 15:40 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2009-12-06 09:18 . 2009-12-06 09:10 -------- d-----w- c:\program files\Unlocker
2009-12-03 17:23 . 2009-12-03 17:22 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-12-03 17:22 . 2009-12-03 17:22 -------- d-----w- c:\program files\Borland
2009-11-29 21:19 . 2009-11-29 21:19 -------- d-----w- c:\program files\Macromedia
2007-03-29 16:13 . 2007-03-29 16:13 110592 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-20 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"PcSync"="d:\program files\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
c:\documents and settings\HonzaN\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
wwwpos32.exe [2004-8-17 23040]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16425:TCP"= 16425:TCP:BitComet 16425 TCP
"16425:UDP"= 16425:UDP:BitComet 16425 UDP
"21253:TCP"= 21253:TCP:BitComet 21253 TCP
"21253:UDP"= 21253:UDP:BitComet 21253 UDP
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.3.2007 13:27 682232]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.6.2008 16:00 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 13:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 13:34 71088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.6.2008 16:00 20560]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [25.4.2009 20:50 109440]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 06:11]
2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 06:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 10.1.0.20:3128
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: Compare Prices with &Dealio - c:\documents and settings\HonzaN\Data aplikací\Dealio\kb125\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
TCP: {A920D826-3444-43C3-81C6-88B48C83185B} = 82.99.161.243,212.158.128.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\HonzaN\Data aplikací\Mozilla\Firefox\Profiles\boc0wj5k.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\Search Settings\kb125\SearchSettings.dll
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-ICQ - ~c:\program files\ICQ6.5\ICQ.exe
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 18:23
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x823571E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf858afc3
\Driver\ACPI -> ACPI.sys @ 0xf83edcb8
\Driver\atapi -> sfsync02.sys @ 0xf85578b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:54,18,d0,c0,41,08,b9,33,2d,54,c8,1e,c0,80,56,ee,47,6a,95,91,d6,a6,08,
88,40,f0,10,8e,7f,50,98,7c,b4,05,7f,66,34,2d,08,21,d2,3d,b9,19,bd,11,3d,b3,\
"??"=hex:42,37,0b,2a,e7,91,61,35,df,a0,94,be,1f,90,ed,7a
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'Explorer.EXE'(2296)
c:\windows\system32\msi.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\UAService7.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Alwil Software\Avast4\setup\avast.setup
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre1.6.0_03\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-01-23 18:41:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-23 17:40
Před spuštěním: Volných bajtů: 17 082 535 936
Po spuštění: Volných bajtů: 16 942 649 344
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 63C29763A2C985F6DA9A1246D85F239F
-
- Návštěvník
- Příspěvky: 16
- Registrován: 23 led 2010 15:48
Re: Win32/rootkit
Logfile of random's system information tool 1.06 (written by random/random)
Run by HonzaN at 2010-01-23 19:48:45
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 16 GB (42%) free of 38 GB
Total RAM: 511 MB (18% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:41, on 23.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
D:\Program Files\VLC\vlc.exe
C:\Documents and Settings\HonzaN\Plocha\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\trend micro\HonzaN.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.0.20:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb125\Dealio.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb125\Dealio.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] D:\Program Files\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: wwwpos32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\HonzaN\Data aplikací\Dealio\kb125\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A920D826-3444-43C3-81C6-88B48C83185B}: NameServer = 82.99.161.243,212.158.128.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 12125 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-08-20 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class - C:\Program Files\Dealio\kb125\Dealio.dll [2008-01-15 2974048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - C:\Program Files\Dealio\kb125\Dealio.dll [2008-01-15 2974048]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-08-20 198160]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\HonzaN\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
wwwpos32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Disabled:Sunbelt Kerio Firewall GUI"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-01-23 18:41:10 ----A---- C:\ComboFix.txt
2010-01-23 18:18:10 ----D---- C:\WINDOWS\temp
2010-01-23 17:45:49 ----A---- C:\Boot.bak
2010-01-23 17:45:37 ----RASHD---- C:\cmdcons
2010-01-23 17:40:07 ----A---- C:\WINDOWS\zip.exe
2010-01-23 17:40:07 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-23 17:40:07 ----A---- C:\WINDOWS\SWSC.exe
2010-01-23 17:40:07 ----A---- C:\WINDOWS\SWREG.exe
2010-01-23 17:40:07 ----A---- C:\WINDOWS\sed.exe
2010-01-23 17:40:07 ----A---- C:\WINDOWS\PEV.exe
2010-01-23 17:40:07 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-23 17:40:07 ----A---- C:\WINDOWS\MBR.exe
2010-01-23 17:40:07 ----A---- C:\WINDOWS\grep.exe
2010-01-23 17:15:26 ----D---- C:\WINDOWS\ERDNT
2010-01-23 17:15:10 ----A---- C:\WINDOWS\system32\CF13226.exe
2010-01-23 17:14:26 ----D---- C:\Qoobox
2010-01-23 15:46:20 ----D---- C:\Program Files\trend micro
2010-01-23 15:46:10 ----D---- C:\rsit
2010-01-22 16:07:19 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2009-12-30 17:33:10 ----D---- C:\Program Files\Valve
2009-12-24 11:59:13 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\ZoomBrowser EX
2009-12-24 11:57:57 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\CameraWindowDC
2009-12-24 11:57:55 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\CANON INC
2009-12-24 11:48:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\ZoomBrowser
2009-12-24 11:46:43 ----D---- C:\Program Files\Common Files\Canon
======List of files/folders modified in the last 1 months======
2010-01-23 18:41:42 ----D---- C:\WINDOWS\system32\drivers
2010-01-23 18:30:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-23 18:24:39 ----D---- C:\WINDOWS
2010-01-23 18:24:39 ----A---- C:\WINDOWS\system.ini
2010-01-23 18:21:04 ----D---- C:\WINDOWS\system32\config
2010-01-23 18:17:18 ----RD---- C:\Program Files
2010-01-23 18:17:09 ----D---- C:\WINDOWS\system32
2010-01-23 18:17:04 ----RSD---- C:\WINDOWS\Fonts
2010-01-23 18:08:35 ----D---- C:\WINDOWS\AppPatch
2010-01-23 18:08:13 ----D---- C:\Program Files\Common Files
2010-01-23 17:45:50 ----RASH---- C:\boot.ini
2010-01-23 17:40:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-23 17:24:21 ----D---- C:\WINDOWS\Prefetch
2010-01-23 17:07:29 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\vlc
2010-01-23 16:40:37 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\dvdcss
2010-01-23 14:42:06 ----A---- C:\WINDOWS\wincmd.ini
2010-01-23 12:35:56 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\Skype
2010-01-23 10:24:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-23 10:22:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-22 22:26:07 ----D---- C:\Program Files\Mozilla Firefox
2010-01-22 14:39:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-21 18:24:37 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-01-19 18:53:40 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\ICQ
2010-01-03 12:50:17 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\BSplayer Pro
2009-12-28 22:08:10 ----D---- C:\Program Files\ICQ6.5
2009-12-25 17:11:31 ----A---- C:\WINDOWS\win.ini
2009-12-24 11:49:59 ----D---- C:\Program Files\Canon
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 71088]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 kbdcap;kbdcap; C:\WINDOWS\system32\drivers\kbdcap.sys [2009-04-25 109440]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-04-08 29696]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-04-08 282880]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-03 163584]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 aml24fa6;aml24fa6; C:\WINDOWS\system32\drivers\aml24fa6.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-02-20 1222192]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-09 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-12-27 187536]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2007-08-17 126976]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-21 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-07 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
-----------------EOF-----------------
Run by HonzaN at 2010-01-23 19:48:45
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 16 GB (42%) free of 38 GB
Total RAM: 511 MB (18% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:41, on 23.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
D:\Program Files\VLC\vlc.exe
C:\Documents and Settings\HonzaN\Plocha\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\trend micro\HonzaN.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.0.20:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb125\Dealio.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb125\Dealio.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] D:\Program Files\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: wwwpos32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\HonzaN\Data aplikací\Dealio\kb125\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A920D826-3444-43C3-81C6-88B48C83185B}: NameServer = 82.99.161.243,212.158.128.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 12125 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-08-20 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class - C:\Program Files\Dealio\kb125\Dealio.dll [2008-01-15 2974048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - C:\Program Files\Dealio\kb125\Dealio.dll [2008-01-15 2974048]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-08-20 198160]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\HonzaN\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
wwwpos32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Disabled:Sunbelt Kerio Firewall GUI"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-01-23 18:41:10 ----A---- C:\ComboFix.txt
2010-01-23 18:18:10 ----D---- C:\WINDOWS\temp
2010-01-23 17:45:49 ----A---- C:\Boot.bak
2010-01-23 17:45:37 ----RASHD---- C:\cmdcons
2010-01-23 17:40:07 ----A---- C:\WINDOWS\zip.exe
2010-01-23 17:40:07 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-23 17:40:07 ----A---- C:\WINDOWS\SWSC.exe
2010-01-23 17:40:07 ----A---- C:\WINDOWS\SWREG.exe
2010-01-23 17:40:07 ----A---- C:\WINDOWS\sed.exe
2010-01-23 17:40:07 ----A---- C:\WINDOWS\PEV.exe
2010-01-23 17:40:07 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-23 17:40:07 ----A---- C:\WINDOWS\MBR.exe
2010-01-23 17:40:07 ----A---- C:\WINDOWS\grep.exe
2010-01-23 17:15:26 ----D---- C:\WINDOWS\ERDNT
2010-01-23 17:15:10 ----A---- C:\WINDOWS\system32\CF13226.exe
2010-01-23 17:14:26 ----D---- C:\Qoobox
2010-01-23 15:46:20 ----D---- C:\Program Files\trend micro
2010-01-23 15:46:10 ----D---- C:\rsit
2010-01-22 16:07:19 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2009-12-30 17:33:10 ----D---- C:\Program Files\Valve
2009-12-24 11:59:13 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\ZoomBrowser EX
2009-12-24 11:57:57 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\CameraWindowDC
2009-12-24 11:57:55 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\CANON INC
2009-12-24 11:48:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\ZoomBrowser
2009-12-24 11:46:43 ----D---- C:\Program Files\Common Files\Canon
======List of files/folders modified in the last 1 months======
2010-01-23 18:41:42 ----D---- C:\WINDOWS\system32\drivers
2010-01-23 18:30:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-23 18:24:39 ----D---- C:\WINDOWS
2010-01-23 18:24:39 ----A---- C:\WINDOWS\system.ini
2010-01-23 18:21:04 ----D---- C:\WINDOWS\system32\config
2010-01-23 18:17:18 ----RD---- C:\Program Files
2010-01-23 18:17:09 ----D---- C:\WINDOWS\system32
2010-01-23 18:17:04 ----RSD---- C:\WINDOWS\Fonts
2010-01-23 18:08:35 ----D---- C:\WINDOWS\AppPatch
2010-01-23 18:08:13 ----D---- C:\Program Files\Common Files
2010-01-23 17:45:50 ----RASH---- C:\boot.ini
2010-01-23 17:40:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-23 17:24:21 ----D---- C:\WINDOWS\Prefetch
2010-01-23 17:07:29 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\vlc
2010-01-23 16:40:37 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\dvdcss
2010-01-23 14:42:06 ----A---- C:\WINDOWS\wincmd.ini
2010-01-23 12:35:56 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\Skype
2010-01-23 10:24:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-23 10:22:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-22 22:26:07 ----D---- C:\Program Files\Mozilla Firefox
2010-01-22 14:39:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-21 18:24:37 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-01-19 18:53:40 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\ICQ
2010-01-03 12:50:17 ----D---- C:\Documents and Settings\HonzaN\Data aplikací\BSplayer Pro
2009-12-28 22:08:10 ----D---- C:\Program Files\ICQ6.5
2009-12-25 17:11:31 ----A---- C:\WINDOWS\win.ini
2009-12-24 11:49:59 ----D---- C:\Program Files\Canon
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 71088]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 kbdcap;kbdcap; C:\WINDOWS\system32\drivers\kbdcap.sys [2009-04-25 109440]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-04-08 29696]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-04-08 282880]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-03 163584]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 aml24fa6;aml24fa6; C:\WINDOWS\system32\drivers\aml24fa6.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-02-20 1222192]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-09 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-12-27 187536]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2007-08-17 126976]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-21 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-07 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
-----------------EOF-----------------
- cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Win32/rootkit
OTMscriptStáhni OTMoveIt3 z odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
Spusť program „OTMoveIt3.exe“ (pro Vistu – pravým a „Run As Administrator“).
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“
Klikni na červené „Moveit!“
Do své odpovědi vlož obsah zeleného okna
Při nabídce restartu „YES“
a log potom najdeš v C:\_OTMoveIt\MovedFiles
Kód: Vybrat vše
:Processes
explorer.exe
:Files
c:\documents and settings\HonzaN\Nabídka Start\Programy\Po spuštění\wwwpos32.exe
c:\windows\system32\fjhdyfhsn.bat
C:\Program Files\Dealio
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"SunJavaUpdateSched"=-
"TkBellExe"=-
:Services
SetupNTGLM7X
NTACCESS
GMSIPCI
NMIndexingService
:Commands
[emptytemp]
[Reboot]
stáhneš speciální verzi G-Mer
Special
ulož na plochu a spusť -> proběhne krátký scan
když dostaneš hlášku rootkit activity and asks if you want to run scan>>klikneš NO<<
a nastavíš to takto
>> klikneš scan,<<
na konci scanu >>SAVE<< název dej Gspeclog.txt>>ulož na plochu a log vlož sem

Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím

-------------------------------------------------------------------------------------------------
> Podpora fóra <
-
- Návštěvník
- Příspěvky: 16
- Registrován: 23 led 2010 15:48
Re: Win32/rootkit
tady je ten první z toho OTM:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File move failed. c:\documents and settings\HonzaN\Nabídka Start\Programy\Po spuštění\wwwpos32.exe scheduled to be moved on reboot.
c:\windows\system32\fjhdyfhsn.bat moved successfully.
C:\Program Files\Dealio\kb125\temp folder moved successfully.
C:\Program Files\Dealio\kb125\rulesFF folder moved successfully.
C:\Program Files\Dealio\kb125\rules folder moved successfully.
C:\Program Files\Dealio\kb125\resFF folder moved successfully.
C:\Program Files\Dealio\kb125\res folder moved successfully.
C:\Program Files\Dealio\kb125 folder moved successfully.
C:\Program Files\Dealio folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
========== SERVICES/DRIVERS ==========
Service SetupNTGLM7X stopped successfully!
Service SetupNTGLM7X deleted successfully!
Service NTACCESS stopped successfully!
Service NTACCESS deleted successfully!
Service GMSIPCI stopped successfully!
Service GMSIPCI deleted successfully!
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: davi9.HONZA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: HonzaN
->Temp folder emptied: 18108 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 291660123 bytes
->Google Chrome cache emptied: 12865393 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1119633 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 292,00 mb
OTM by OldTimer - Version 3.1.6.0 log created on 01232010_204747
Files moved on Reboot...
c:\documents and settings\HonzaN\Nabídka Start\Programy\Po spuštění\wwwpos32.exe moved successfully.
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File move failed. c:\documents and settings\HonzaN\Nabídka Start\Programy\Po spuštění\wwwpos32.exe scheduled to be moved on reboot.
c:\windows\system32\fjhdyfhsn.bat moved successfully.
C:\Program Files\Dealio\kb125\temp folder moved successfully.
C:\Program Files\Dealio\kb125\rulesFF folder moved successfully.
C:\Program Files\Dealio\kb125\rules folder moved successfully.
C:\Program Files\Dealio\kb125\resFF folder moved successfully.
C:\Program Files\Dealio\kb125\res folder moved successfully.
C:\Program Files\Dealio\kb125 folder moved successfully.
C:\Program Files\Dealio folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
========== SERVICES/DRIVERS ==========
Service SetupNTGLM7X stopped successfully!
Service SetupNTGLM7X deleted successfully!
Service NTACCESS stopped successfully!
Service NTACCESS deleted successfully!
Service GMSIPCI stopped successfully!
Service GMSIPCI deleted successfully!
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: davi9.HONZA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: HonzaN
->Temp folder emptied: 18108 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 291660123 bytes
->Google Chrome cache emptied: 12865393 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1119633 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 292,00 mb
OTM by OldTimer - Version 3.1.6.0 log created on 01232010_204747
Files moved on Reboot...
c:\documents and settings\HonzaN\Nabídka Start\Programy\Po spuštění\wwwpos32.exe moved successfully.
Registry entries deleted on Reboot...
- cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Win32/rootkit

http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 - kompletní návodhttp://www.gmer.net/gmer.zip
Stáhni a rozbal přímo na C: a spusť
po ukonční scanu se zobrazí výsledek > "Save" > uloží log který zkopíruj do svého příspěvku.
Při zaškrtnutých všech položkách v pravém sloupci klik na "Scan"
po dokončení scanu opět "Save" > uloží se log který rovněž zkopíruj na fórum.
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím

-------------------------------------------------------------------------------------------------
> Podpora fóra <
-
- Návštěvník
- Příspěvky: 16
- Registrován: 23 led 2010 15:48
Re: Win32/rootkit
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-23 23:58:05
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\HonzaN\LOCALS~1\Temp\uxtdipoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xBAD456B8]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xBAFB2552]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xBAD45574]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xBAFB1A1A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xBAFB1910]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xBAFB1F2A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xBAFB3034]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xBAFAED54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xBAD45A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xBAD4514C]
SSDT sptd.sys ZwEnumerateKey [0xF8433E2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF84341BA]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xF86D8F4C]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xF86D9232]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xBAFB2906]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xBAD4564E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xBAD4508C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xBAD450F0]
SSDT sptd.sys ZwQueryKey [0xF8434292]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xBAD4576E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xBAD4572E]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xBAFB20DC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xBAFB2CE0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xBAD458AE]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xBAFB2BB2]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
PAGENDSM NDIS.sys!NdisMIndicateStatus F8291A5F 6 Bytes JMP BAFA6C5E \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
.text USBPORT.SYS!DllUnload F744162C 5 Bytes JMP 821CB1C8
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF8883A1E]
? System32\Drivers\asc07t96.SYS Systém nemůže nalézt uvedenou cestu. !
init C:\WINDOWS\System32\Drivers\kbdcap.SYS entry point in "init" section [0xF71C25B0]
pnidata C:\WINDOWS\System32\DRIVERS\secdrv.sys unknown last section [0xB85F1F00, 0x24000, 0x48000000]
Rootkit scan 2010-01-23 23:58:05
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\HonzaN\LOCALS~1\Temp\uxtdipoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xBAD456B8]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xBAFB2552]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xBAD45574]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xBAFB1A1A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xBAFB1910]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xBAFB1F2A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xBAFB3034]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xBAFAED54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xBAD45A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xBAD4514C]
SSDT sptd.sys ZwEnumerateKey [0xF8433E2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF84341BA]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xF86D8F4C]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xF86D9232]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xBAFB2906]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xBAD4564E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xBAD4508C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xBAD450F0]
SSDT sptd.sys ZwQueryKey [0xF8434292]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xBAD4576E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xBAD4572E]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xBAFB20DC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xBAFB2CE0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xBAD458AE]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xBAFB2BB2]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
PAGENDSM NDIS.sys!NdisMIndicateStatus F8291A5F 6 Bytes JMP BAFA6C5E \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
.text USBPORT.SYS!DllUnload F744162C 5 Bytes JMP 821CB1C8
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF8883A1E]
? System32\Drivers\asc07t96.SYS Systém nemůže nalézt uvedenou cestu. !
init C:\WINDOWS\System32\Drivers\kbdcap.SYS entry point in "init" section [0xF71C25B0]
pnidata C:\WINDOWS\System32\DRIVERS\secdrv.sys unknown last section [0xB85F1F00, 0x24000, 0x48000000]
-
- Návštěvník
- Příspěvky: 16
- Registrován: 23 led 2010 15:48
Re: Win32/rootkit
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00130F54
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00130D24
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00130E3C
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00130FE0
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00130DB0
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00130EC8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00030838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00030950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PnkBstrA.exe[620] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PnkBstrA.exe[620] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PnkBstrA.exe[620] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\PnkBstrA.exe[620] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PnkBstrA.exe[620] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PnkBstrB.exe[640] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PnkBstrB.exe[640] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrB.exe[640] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PnkBstrB.exe[640] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PnkBstrB.exe[640] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[740] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[740] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\csrss.exe[772] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[772] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[800] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[800] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[800] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00070950
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[304] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Bonjour\mDNSResponder.exe[352] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00130F54
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00130D24
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00130E3C
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00130FE0
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00130DB0
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[472] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00130EC8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00030838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00030950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[480] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PnkBstrA.exe[620] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PnkBstrA.exe[620] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PnkBstrA.exe[620] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PnkBstrA.exe[620] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\PnkBstrA.exe[620] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PnkBstrA.exe[620] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PnkBstrB.exe[640] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PnkBstrB.exe[640] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PnkBstrB.exe[640] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrB.exe[640] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PnkBstrB.exe[640] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PnkBstrB.exe[640] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[740] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[740] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[740] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\csrss.exe[772] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[772] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[800] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[800] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[800] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00070950
-
- Návštěvník
- Příspěvky: 16
- Registrován: 23 led 2010 15:48
Re: Win32/rootkit
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[844] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[844] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[844] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[864] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[864] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[864] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[864] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[864] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wdfmgr.exe[976] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\wdfmgr.exe[976] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1036] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1036] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1036] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1200] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1200] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1200] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00080EC8
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1280] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1280] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1280] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1280] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1280] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1360] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1360] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1360] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1360] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1360] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1360] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1360] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1360] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1360] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1360] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1360] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00080EC8
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[1716] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[1716] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[1716] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[1716] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[1716] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[1980] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[1980] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[1980] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[1980] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[1980] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wscntfy.exe[2248] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\wscntfy.exe[2248] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[844] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[844] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[844] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[864] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[864] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[864] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[864] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[864] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wdfmgr.exe[976] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wdfmgr.exe[976] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\wdfmgr.exe[976] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[1020] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1036] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1036] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1036] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\UAService7.exe[1184] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1200] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1200] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1200] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00080EC8
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1280] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1280] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1280] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1280] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1280] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1360] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1360] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1360] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1360] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1360] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1360] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1360] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1360] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1360] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1360] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1360] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00080EC8
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1404] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1444] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1492] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1636] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1684] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[1716] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[1716] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[1716] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[1716] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[1716] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[1716] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[1980] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[1980] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[1980] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[1980] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[1980] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[1980] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wscntfy.exe[2248] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wscntfy.exe[2248] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\wscntfy.exe[2248] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00070720
-
- Návštěvník
- Příspěvky: 16
- Registrován: 23 led 2010 15:48
Re: Win32/rootkit
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[2340] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[2340] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[2340] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[2340] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[2340] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[2340] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[2340] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[2340] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[2340] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[2340] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[2340] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00140F54
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00140D24
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00140E3C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00140FE0
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00140DB0
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00140EC8
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00140F54
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00140D24
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00140E3C
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00140FE0
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00140DB0
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00140EC8
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] ws2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] ws2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] ws2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00140F54
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00140D24
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00140E3C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00140FE0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00140DB0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00140EC8
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\iPod\bin\iPodService.exe[3004] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\iPod\bin\iPodService.exe[3004] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\Skype\Phone\Skype.exe[3120] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\Skype\Phone\Skype.exe[3120] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\Skype\Phone\Skype.exe[3120] wininet.dll!InternetConnectA 771B44DB 5 Bytes JMP 00140F54
.text C:\Program Files\Skype\Phone\Skype.exe[3120] wininet.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00140D24
.text C:\Program Files\Skype\Phone\Skype.exe[3120] wininet.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00140E3C
.text C:\Program Files\Skype\Phone\Skype.exe[3120] wininet.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00140FE0
.text C:\Program Files\Skype\Phone\Skype.exe[3120] wininet.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00140DB0
.text C:\Program Files\Skype\Phone\Skype.exe[3120] wininet.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00140EC8
.text C:\Program Files\Skype\Phone\Skype.exe[3120] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\Skype\Phone\Skype.exe[3120] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\Skype\Phone\Skype.exe[3120] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00140F54
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00140D24
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00140E3C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00140FE0
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00140DB0
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00140EC8
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\WinRAR\WinRAR.exe[3372] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\WinRAR\WinRAR.exe[3372] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\WinRAR\WinRAR.exe[3372] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00140F54
.text C:\Program Files\WinRAR\WinRAR.exe[3372] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00140D24
.text C:\Program Files\WinRAR\WinRAR.exe[3372] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00140E3C
.text C:\Program Files\WinRAR\WinRAR.exe[3372] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00140FE0
.text C:\Program Files\WinRAR\WinRAR.exe[3372] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00140DB0
.text C:\Program Files\WinRAR\WinRAR.exe[3372] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00140EC8
.text C:\Program Files\WinRAR\WinRAR.exe[3372] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\WinRAR\WinRAR.exe[3372] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\WinRAR\WinRAR.exe[3372] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[2268] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2324] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[2340] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[2340] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[2340] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[2340] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[2340] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[2340] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[2340] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[2340] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[2340] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[2340] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[2340] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2360] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2788] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2808] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2900] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00140F54
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00140D24
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00140E3C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00140FE0
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00140DB0
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2908] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00140EC8
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00140F54
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00140D24
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00140E3C
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00140FE0
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00140DB0
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00140EC8
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\iTunes\iTunesHelper.exe[2916] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] ws2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] ws2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] ws2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00140F54
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00140D24
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00140E3C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00140FE0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00140DB0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2928] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00140EC8
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\iPod\bin\iPodService.exe[3004] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\iPod\bin\iPodService.exe[3004] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001307AC
.text C:\Program Files\iPod\bin\iPodService.exe[3004] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00130720
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\Skype\Phone\Skype.exe[3120] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\Skype\Phone\Skype.exe[3120] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\Skype\Phone\Skype.exe[3120] wininet.dll!InternetConnectA 771B44DB 5 Bytes JMP 00140F54
.text C:\Program Files\Skype\Phone\Skype.exe[3120] wininet.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00140D24
.text C:\Program Files\Skype\Phone\Skype.exe[3120] wininet.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00140E3C
.text C:\Program Files\Skype\Phone\Skype.exe[3120] wininet.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00140FE0
.text C:\Program Files\Skype\Phone\Skype.exe[3120] wininet.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00140DB0
.text C:\Program Files\Skype\Phone\Skype.exe[3120] wininet.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00140EC8
.text C:\Program Files\Skype\Phone\Skype.exe[3120] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\Skype\Phone\Skype.exe[3120] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\Skype\Phone\Skype.exe[3120] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00140F54
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00140D24
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00140E3C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00140FE0
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00140DB0
.text C:\Program Files\Mozilla Firefox\firefox.exe[3144] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00140EC8
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\WinRAR\WinRAR.exe[3372] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\WinRAR\WinRAR.exe[3372] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\WinRAR\WinRAR.exe[3372] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\WinRAR\WinRAR.exe[3372] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00140F54
.text C:\Program Files\WinRAR\WinRAR.exe[3372] WININET.dll!InternetOpenA 771B6D2A 5 Bytes JMP 00140D24
.text C:\Program Files\WinRAR\WinRAR.exe[3372] WININET.dll!InternetOpenUrlA 771B6FDD 5 Bytes JMP 00140E3C
.text C:\Program Files\WinRAR\WinRAR.exe[3372] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00140FE0
.text C:\Program Files\WinRAR\WinRAR.exe[3372] WININET.dll!InternetOpenW 771C6CF3 5 Bytes JMP 00140DB0
.text C:\Program Files\WinRAR\WinRAR.exe[3372] WININET.dll!InternetOpenUrlW 771C7304 5 Bytes JMP 00140EC8
.text C:\Program Files\WinRAR\WinRAR.exe[3372] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\WinRAR\WinRAR.exe[3372] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\WinRAR\WinRAR.exe[3372] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
-
- Návštěvník
- Příspěvky: 16
- Registrován: 23 led 2010 15:48
Re: Win32/rootkit
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] ws2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] ws2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] ws2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] ws2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] ws2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] ws2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F8444886] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8444832] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8466892] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F8444886] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F842EAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F842EC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F842EB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F842F748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F842F61E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8443ACA] sptd.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BAFA6B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BAFA6B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BAFA6B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BAFA6B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BAFA6B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BAFA6B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [BAFA6B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [BAFA6B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [BAFA6B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [BAFA6B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [BAFA6B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BAFA6B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BAFA6B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [BAFA6B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BAFA6B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 823561E8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Fastfat \FatCdrom 81F467A0
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 kbdcap.SYS
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 kbdcap.SYS
Device \Driver\usbohci \Device\USBPDO-0 821CA1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 823C31E8
Device \Driver\dmio \Device\DmControl\DmConfig 823C31E8
Device \Driver\dmio \Device\DmControl\DmPnP 823C31E8
Device \Driver\dmio \Device\DmControl\DmInfo 823C31E8
Device \Driver\usbohci \Device\USBPDO-1 821CA1E8
Device \Driver\usbehci \Device\USBPDO-2 821B31E8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 823581E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 823581E8
Device \Driver\Cdrom \Device\CdRom0 821A71E8
Device \Driver\Cdrom \Device\CdRom1 821A71E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 823571E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 823571E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 823571E8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 823571E8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 823571E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom2 821A71E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 821757A0
Device \Driver\NetBT \Device\NetbiosSmb 821757A0
Device \Driver\PCI_NTPNP0160 \Device\0000004c sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{A920D826-3444-43C3-81C6-88B48C83185B} 821757A0
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbohci \Device\USBFDO-0 821CA1E8
Device \Driver\usbohci \Device\USBFDO-1 821CA1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81F6D7A0
Device \Driver\usbehci \Device\USBFDO-2 821B31E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 81F6D7A0
Device \Driver\Ftdisk \Device\FtControl 823581E8
Device \Driver\asc07t96 \Device\Scsi\asc07t961 81F35608
Device \Driver\asc07t96 \Device\Scsi\asc07t961 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\asc07t96 \Device\Scsi\asc07t961Port2Path0Target0Lun0 81F35608
Device \Driver\asc07t96 \Device\Scsi\asc07t961Port2Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fastfat \Fat 81F467A0
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Cdfs \Cdfs 81F071E8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1125373911
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -194791132
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0xF8 0x24 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x22 0x15 0x29 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA9 0x1A 0x27 0x35 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0xF8 0x24 0x16 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x22 0x15 0x29 0xA8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA9 0x1A 0x27 0x35 ...
---- EOF - GMER 1.0.15 ----
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe[3548] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\DOCUME~1\HonzaN\LOCALS~1\Temp\Rar$EX06.843\gmer.exe[3792] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] ws2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] ws2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4004] ws2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 001407AC
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00140720
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] ws2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] ws2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[4020] ws2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F8444886] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8444832] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8466892] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F8444886] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F842EAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F842EC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F842EB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F842F748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F842F61E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8443ACA] sptd.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BAFA6B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BAFA6B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BAFA6B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BAFA6B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BAFA6B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BAFA6B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [BAFA6B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [BAFA6B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [BAFA6B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [BAFA6B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [BAFA6B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BAFA6B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BAFA6B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [BAFA6B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BAFA6B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 823561E8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Fastfat \FatCdrom 81F467A0
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 kbdcap.SYS
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 kbdcap.SYS
Device \Driver\usbohci \Device\USBPDO-0 821CA1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 823C31E8
Device \Driver\dmio \Device\DmControl\DmConfig 823C31E8
Device \Driver\dmio \Device\DmControl\DmPnP 823C31E8
Device \Driver\dmio \Device\DmControl\DmInfo 823C31E8
Device \Driver\usbohci \Device\USBPDO-1 821CA1E8
Device \Driver\usbehci \Device\USBPDO-2 821B31E8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 823581E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 823581E8
Device \Driver\Cdrom \Device\CdRom0 821A71E8
Device \Driver\Cdrom \Device\CdRom1 821A71E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 823571E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 823571E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 823571E8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 823571E8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 823571E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom2 821A71E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 821757A0
Device \Driver\NetBT \Device\NetbiosSmb 821757A0
Device \Driver\PCI_NTPNP0160 \Device\0000004c sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{A920D826-3444-43C3-81C6-88B48C83185B} 821757A0
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbohci \Device\USBFDO-0 821CA1E8
Device \Driver\usbohci \Device\USBFDO-1 821CA1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81F6D7A0
Device \Driver\usbehci \Device\USBFDO-2 821B31E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 81F6D7A0
Device \Driver\Ftdisk \Device\FtControl 823581E8
Device \Driver\asc07t96 \Device\Scsi\asc07t961 81F35608
Device \Driver\asc07t96 \Device\Scsi\asc07t961 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\asc07t96 \Device\Scsi\asc07t961Port2Path0Target0Lun0 81F35608
Device \Driver\asc07t96 \Device\Scsi\asc07t961Port2Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fastfat \Fat 81F467A0
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Cdfs \Cdfs 81F071E8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1125373911
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -194791132
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0xF8 0x24 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x22 0x15 0x29 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA9 0x1A 0x27 0x35 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0xF8 0x24 0x16 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x22 0x15 0x29 0xA8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA9 0x1A 0x27 0x35 ...
---- EOF - GMER 1.0.15 ----
- cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Win32/rootkit
Trochu to uklidíme - domácí úkoly na neděli (prováděj v daném pořadí)
Odinstaluj G-Mer
přes Start -> Spustit... -> do okénka zkopíruj příkaz
C:\WINDOWS\gmer_uninstall.cmd
ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK
Spusť opět OTMoveIt -> CleanUp! - odinstaluje a vyčistí po sobě.
stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho (smaže dříve použité čističe)
Mohu doporučit kontrolu a vyčištění Ccleanerem
kontrolní RSIT + napiš jak se chová PC - nějaké problémy?


přes Start -> Spustit... -> do okénka zkopíruj příkaz
C:\WINDOWS\gmer_uninstall.cmd

jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK



Ten si můžeš nechat i na budoucí občasné čištění.Stáhni Ccleaner - odkaz v mém podpisu.
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"
zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.
spustit "Nástroje" > "Obnova systému" - 1.řádek zachovej, ostatní "Odstranit"
Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Stáhni a nainstaluj MBAM z odkazu v mém podpisu.
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Skener" > Provést rychlý sken > Skenovat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení

Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím

-------------------------------------------------------------------------------------------------
> Podpora fóra <
-
- Návštěvník
- Příspěvky: 16
- Registrován: 23 led 2010 15:48
Re: Win32/rootkit
Už ten první ukol nejde (odinstalování GMER) píše to že to ten soubour nenůže najít