Spywarefri Forum | Ufjerneligt efterladenskab?

2 af 2

Ufjerneligt efterladenskab?

[ Ignorer ] [ # 16 ] Ejvindh
22.02.2007 17:43:43 Redaktør Supporter Emeritus Antal indlæg: 6158	Hvis du slår op på denne side: http://www.sweetim.com/help_getting.asp ...og klikker dig ned på “Privacy”, så kan du se hvordan de behandler de oplysninger, som de logger på dig. Vi synes de er lidt uldne i kanten, og anbefaler derfor afinstallering. Ja, du kan godt afinstallere AVG-AS og regsupreme, hvis du ikke ønsker at beholde dem. Jeg vil gerne lige høre, om du har haft “WinPcap Netgroup Packet Filter Driver” installeret på din computer. Ellers skal vi nemlig lige have kørt et par ekstra checks på din computer
[ Ignorer ] [ # 17 ] hem
22.02.2007 17:51:29 Antal indlæg: 199	[:D] Hej igen. Tak for svarene, det er nok klogt ikke at anvende SweetIM. Hvad er “WinPcap Netgroup Packet Filter Driver”[?] Umiddelbart kender jeg det ikke? Så der er måske mere der skal “fejes ud”[?] hilsen HEM
[ Ignorer ] [ # 18 ] Ejvindh
22.02.2007 22:32:54 Redaktør Supporter Emeritus Antal indlæg: 6158	Så synes jeg lige der skal laves et ekstra check for rootkits. Jeg overfører derfor tråden til Rootkit-kategorien. Der gælder nogle særlige forhold for supporten i denne kategori, som du kan læse om her: http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=29320 Download Gmer-rootkit scanner, og pak den ud til skrivebordet: http://www.young-andersen.dk/gamer/gamer.zip Start med at omdøbe programmet gmer.exe (fx til abc.exe). Kør programmet, klik på fanebladet “Rootkit”, og klik på “Scan”. Imens der scannes, er det vigtigt at du ikke bruger computeren til andre ting. Du bør heller ikke klikke på andre ting i Gmer-scanneren. Når scanningen er færdig, skal du klikke på “Copy”. Så dukker et vindue op, som fortæller at resultatet af rootkit-scanningen er blevet lagt ind i udklipsholderen. Du kan herefter gå ind i denne tråd, og kopiere indholdet herind, ved at stille dig i indtastningsfeltet, og trykke ctrl-v.
[ Ignorer ] [ # 19 ] hem
23.02.2007 15:27:39 Antal indlæg: 199	[:D] Hej Ejvindh. Hermed resultat af abc.exe: GMER 1.0.12.12027 - http://www.gmer.net Rootkit scan 2007-02-23 13:16:00 Windows 5.1.2600 Service Pack 2 ——System - GMER 1.0.12—— SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile Code 807BE51F IoReadTransferCount ——Kernel code sections - GMER 1.0.12—— PAGENDSM NDIS.sys!NdisMIndicateStatus F766EA5F 6 Bytes [ FF, 25, E8, 4B, D5, F4 ] ——User code sections - GMER 1.0.12—— .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8 .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090 .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694 .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0 .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234 .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004 .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0 .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8 .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464 .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00160608 .text C:\WINDOWS\system32\csrss.exe[356] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001607AC .text C:\WINDOWS\system32\csrss.exe[356] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00160720 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\winlogon.exe[464] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\winlogon.exe[464] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00070720 .text C:\WINDOWS\system32\winlogon.exe[464] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000708C4 .text C:\WINDOWS\system32\winlogon.exe[464] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00070838 .text C:\WINDOWS\system32\winlogon.exe[464] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00070950 .text C:\WINDOWS\system32\winlogon.exe[464] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00070F54 .text C:\WINDOWS\system32\winlogon.exe[464] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00070FE0 .text C:\WINDOWS\system32\winlogon.exe[464] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00070D24 .text C:\WINDOWS\system32\winlogon.exe[464] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00070DB0 .text C:\WINDOWS\system32\winlogon.exe[464] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00070E3C .text C:\WINDOWS\system32\winlogon.exe[464] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00070EC8 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\services.exe[508] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\services.exe[508] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\services.exe[508] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\services.exe[508] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\services.exe[508] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\lsass.exe[520] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\lsass.exe[520] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\lsass.exe[520] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\lsass.exe[520] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\lsass.exe[520] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] WS2_32.dll!socket 71A83B91 5 Bytes JMP 001308C4 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00130838 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00130950 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[672] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[672] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[672] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[672] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[672] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] WS2_32.dll!socket 71A83B91 5 Bytes JMP 001308C4 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00130838 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00130950 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[720] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[720] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[720] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[720] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[720] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000707AC .text C:\Programmer\Windows Defender\MsMpEng.exe[752] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00070720 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000708C4 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00070838 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00070950 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[792] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[792] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[792] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[792] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[792] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[792] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54 .text C:\WINDOWS\system32\svchost.exe[792] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0 .text C:\WINDOWS\system32\svchost.exe[792] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00080D24 .text C:\WINDOWS\system32\svchost.exe[792] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0 .text C:\WINDOWS\system32\svchost.exe[792] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C .text C:\WINDOWS\system32\svchost.exe[792] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[904] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[904] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[904] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[904] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[904] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[944] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[944] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[944] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54 .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0 .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00080D24 .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0 .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\spoolsv.exe[1144] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\spoolsv.exe[1144] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\spoolsv.exe[1144] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\spoolsv.exe[1144] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\spoolsv.exe[1144] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\scardsvr.exe[1184] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\scardsvr.exe[1184] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] WS2_32.dll!socket 71A83B91 5 Bytes JMP 001308C4 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00130838 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00130950 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] WS2_32.dll!socket 71A83B91 5 Bytes JMP 001308C4 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00130838 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1424] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1424] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1424] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00030608 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000308C4 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00030838 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00030950 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000307AC .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00030720 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00030F54 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00030FE0 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00030D24 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00030DB0 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00030E3C .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00030EC8 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\nvsvc32.exe[1568] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\nvsvc32.exe[1568] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\nvsvc32.exe[1568] WS2_32.dll!socket 71A83B91 5 Bytes JMP 001308C4 .text C:\WINDOWS\system32\nvsvc32.exe[1568] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00130838 .text C:\WINDOWS\system32\nvsvc32.exe[1568] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1712] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1712] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\alg.exe[1784] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\alg.exe[1784] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\alg.exe[1784] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\alg.exe[1784] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\alg.exe[1784] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes
[ Ignorer ] [ # 20 ] hem
23.02.2007 15:30:15 Antal indlæg: 199	GMER 1.0.12.12027 - http://www.gmer.net Rootkit scan 2007-02-23 13:16:00 Windows 5.1.2600 Service Pack 2 ——System - GMER 1.0.12—— SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile Code 807BE51F IoReadTransferCount ——Kernel code sections - GMER 1.0.12—— PAGENDSM NDIS.sys!NdisMIndicateStatus F766EA5F 6 Bytes [ FF, 25, E8, 4B, D5, F4 ] ——User code sections - GMER 1.0.12—— .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8 .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090 .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694 .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0 .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234 .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004 .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0 .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8 .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464 .text C:\WINDOWS\system32\csrss.exe[356] KERNEL32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00160608 .text C:\WINDOWS\system32\csrss.exe[356] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001607AC .text C:\WINDOWS\system32\csrss.exe[356] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00160720 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\winlogon.exe[464] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\winlogon.exe[464] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\winlogon.exe[464] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00070720 .text C:\WINDOWS\system32\winlogon.exe[464] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000708C4 .text C:\WINDOWS\system32\winlogon.exe[464] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00070838 .text C:\WINDOWS\system32\winlogon.exe[464] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00070950 .text C:\WINDOWS\system32\winlogon.exe[464] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00070F54 .text C:\WINDOWS\system32\winlogon.exe[464] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00070FE0 .text C:\WINDOWS\system32\winlogon.exe[464] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00070D24 .text C:\WINDOWS\system32\winlogon.exe[464] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00070DB0 .text C:\WINDOWS\system32\winlogon.exe[464] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00070E3C .text C:\WINDOWS\system32\winlogon.exe[464] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00070EC8 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\services.exe[508] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\services.exe[508] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\services.exe[508] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\services.exe[508] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\services.exe[508] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\services.exe[508] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\lsass.exe[520] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\lsass.exe[520] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\lsass.exe[520] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\lsass.exe[520] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\lsass.exe[520] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\lsass.exe[520] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] WS2_32.dll!socket 71A83B91 5 Bytes JMP 001308C4 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00130838 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00130950 .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[636] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[672] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[672] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[672] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[672] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[672] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[672] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] WS2_32.dll!socket 71A83B91 5 Bytes JMP 001308C4 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00130838 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00130950 .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\Alwil Software\Avast4\ashWebSv.exe[680] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[720] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[720] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[720] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[720] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[720] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000707AC .text C:\Programmer\Windows Defender\MsMpEng.exe[752] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00070720 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000708C4 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00070838 .text C:\Programmer\Windows Defender\MsMpEng.exe[752] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00070950 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[792] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[792] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[792] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[792] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[792] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[792] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54 .text C:\WINDOWS\system32\svchost.exe[792] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0 .text C:\WINDOWS\system32\svchost.exe[792] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00080D24 .text C:\WINDOWS\system32\svchost.exe[792] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0 .text C:\WINDOWS\system32\svchost.exe[792] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C .text C:\WINDOWS\system32\svchost.exe[792] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[904] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[904] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[904] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[904] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[904] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[944] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[944] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[944] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54 .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0 .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00080D24 .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0 .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\spoolsv.exe[1144] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\spoolsv.exe[1144] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\spoolsv.exe[1144] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\spoolsv.exe[1144] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\spoolsv.exe[1144] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\scardsvr.exe[1184] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\scardsvr.exe[1184] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\scardsvr.exe[1184] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] WS2_32.dll!socket 71A83B91 5 Bytes JMP 001308C4 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00130838 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1300] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00130950 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] WS2_32.dll!socket 71A83B91 5 Bytes JMP 001308C4 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00130838 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1312] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1424] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1424] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1424] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00030608 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000308C4 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00030838 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00030950 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000307AC .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00030720 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00030F54 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00030FE0 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00030D24 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00030DB0 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00030E3C .text C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe[1476] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00030EC8 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\nvsvc32.exe[1568] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\nvsvc32.exe[1568] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\nvsvc32.exe[1568] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\nvsvc32.exe[1568] WS2_32.dll!socket 71A83B91 5 Bytes JMP 001308C4 .text C:\WINDOWS\system32\nvsvc32.exe[1568] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00130838 .text C:\WINDOWS\system32\nvsvc32.exe[1568] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1712] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1712] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\alg.exe[1784] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\alg.exe[1784] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\alg.exe[1784] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\alg.exe[1784] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\alg.exe[1784] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\alg.exe[1784] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[1884] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\Kerio\Per
[ Ignorer ] [ # 21 ] hem
23.02.2007 15:35:27 Antal indlæg: 199	.text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[2720] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[2720] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[2720] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[2720] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[2720] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[2720] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[2720] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[2720] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[2720] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[2720] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[2720] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[2720] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[2720] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[2720] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[2720] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[2720] WS2_32.dll!socket 71A83B91 5 Bytes JMP 001308C4 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[2720] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00130838 .text C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe[2720] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00130950 .text C:\WINDOWS\Dit.exe[3216] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\Dit.exe[3216] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\Dit.exe[3216] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\Dit.exe[3216] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\Dit.exe[3216] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\Dit.exe[3216] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\WINDOWS\Dit.exe[3216] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\WINDOWS\Dit.exe[3216] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\WINDOWS\Dit.exe[3216] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\WINDOWS\Dit.exe[3216] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\WINDOWS\Dit.exe[3216] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\WINDOWS\Dit.exe[3216] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\WINDOWS\Dit.exe[3216] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\WINDOWS\Dit.exe[3216] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\WINDOWS\Dit.exe[3216] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\WINDOWS\AGRSMMSG.exe[3232] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\AGRSMMSG.exe[3232] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\AGRSMMSG.exe[3232] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\AGRSMMSG.exe[3232] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\AGRSMMSG.exe[3232] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\AGRSMMSG.exe[3232] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\WINDOWS\AGRSMMSG.exe[3232] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\WINDOWS\AGRSMMSG.exe[3232] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\WINDOWS\AGRSMMSG.exe[3232] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\WINDOWS\AGRSMMSG.exe[3232] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\WINDOWS\AGRSMMSG.exe[3232] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\WINDOWS\AGRSMMSG.exe[3232] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\WINDOWS\AGRSMMSG.exe[3232] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\WINDOWS\AGRSMMSG.exe[3232] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\WINDOWS\AGRSMMSG.exe[3232] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\WINDOWS\CNYHKey.exe[3240] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\CNYHKey.exe[3240] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\CNYHKey.exe[3240] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\CNYHKey.exe[3240] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\CNYHKey.exe[3240] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\CNYHKey.exe[3240] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\WINDOWS\CNYHKey.exe[3240] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\WINDOWS\CNYHKey.exe[3240] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\WINDOWS\CNYHKey.exe[3240] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\WINDOWS\CNYHKey.exe[3240] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\WINDOWS\CNYHKey.exe[3240] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\WINDOWS\CNYHKey.exe[3240] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\WINDOWS\CNYHKey.exe[3240] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\WINDOWS\CNYHKey.exe[3240] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\WINDOWS\CNYHKey.exe[3240] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\Programmer\Alwil Software\Avast4\ashDisp.exe[3296] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\Alwil Software\Avast4\ashDisp.exe[3296] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\Alwil Software\Avast4\ashDisp.exe[3296] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\Alwil Software\Avast4\ashDisp.exe[3296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\Alwil Software\Avast4\ashDisp.exe[3296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\Alwil Software\Avast4\ashDisp.exe[3296] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\Alwil Software\Avast4\ashDisp.exe[3296] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\Alwil Software\Avast4\ashDisp.exe[3296] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\Alwil Software\Avast4\ashDisp.exe[3296] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\Alwil Software\Avast4\ashDisp.exe[3296] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\Alwil Software\Avast4\ashDisp.exe[3296] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\Alwil Software\Avast4\ashDisp.exe[3296] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\Alwil Software\Avast4\ashDisp.exe[3296] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\Alwil Software\Avast4\ashDisp.exe[3296] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\Alwil Software\Avast4\ashDisp.exe[3296] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\Programmer\Alwil Software\Avast4\ashDisp.exe[3296] WS2_32.dll!socket 71A83B91 5 Bytes JMP 001308C4 .text C:\Programmer\Alwil Software\Avast4\ashDisp.exe[3296] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00130838 .text C:\Programmer\Alwil Software\Avast4\ashDisp.exe[3296] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00130950 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[3368] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[3368] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[3368] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[3368] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[3368] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[3368] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[3368] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\Programmer\Windows Media Player\wmpnscfg.exe[3368] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[3368] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\Programmer\Windows Media Player\wmpnscfg.exe[3368] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[3368] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\Programmer\Windows Media Player\wmpnscfg.exe[3368] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[3368] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[3368] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000707AC .text C:\Programmer\Windows Media Player\wmpnscfg.exe[3368] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00070720 .text C:\WINDOWS\system32\ctfmon.exe[3412] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\ctfmon.exe[3412] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\ctfmon.exe[3412] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\ctfmon.exe[3412] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\ctfmon.exe[3412] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\ctfmon.exe[3412] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\ctfmon.exe[3412] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\ctfmon.exe[3412] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\ctfmon.exe[3412] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\ctfmon.exe[3412] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\ctfmon.exe[3412] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\ctfmon.exe[3412] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\ctfmon.exe[3412] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\ctfmon.exe[3412] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\ctfmon.exe[3412] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3452] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3452] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3452] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3452] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3452] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3452] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3452] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3452] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3452] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3452] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3452] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3452] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3452] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3452] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3452] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 ——Threads - GMER 1.0.12—— Thread 4:364 F3842FF0 Thread 4:368 F38470C0 Thread 4:372 F383FD80 ——Files - GMER 1.0.12—— ADS C:\Documents and Settings\Preben\Foretrukne\Forbrug\Opvaskmaskine\elsparefonden.dk :favicon ——EOF - GMER 1.0.12——
[ Ignorer ] [ # 22 ] hem
23.02.2007 15:37:40 Antal indlæg: 199	[:D] Hej Ejvindh. Det hele kunne åbenbart ikke være i et svar, så jeg delte det. Håber jeg har gjort det rigtigt. hilsen HEM
[ Ignorer ] [ # 23 ] Ejvindh
25.02.2007 00:21:15 Redaktør Supporter Emeritus Antal indlæg: 6158	Alt i orden. Til gengæld kan jeg berolige dig med, at der ikke er tegn på rootkits i den seneste log. Jeg tror derfor godt vi kan lukke denne sag. Har du yderligere spørgsmål?
[ Ignorer ] [ # 24 ] hem
25.02.2007 12:48:31 Antal indlæg: 199	[:D] Hej Team Spywareteam. Jeg har ikke flere spørgsmål. Til slut vil jeg gerne endnu engang takke jer for jeres hjælp, samt jeres tålmodighed med at “føre mig rundt” i kassens kroge. Har i tænkt på at gøre det muligt at støtte kaffekassen via Dankort? hilsen HEM
[ Ignorer ] [ # 25 ] Perhaps Emeritus
25.02.2007 13:34:10 Redaktør Supporter Emeritus Antal indlæg: 21422	Desværre, i hvert fald ikke på nuværende tidspunkt, da der så skal oprettes en aftale med PBS og det er slet ikke lønsomt.
[ Ignorer ] [ # 26 ] Ejvindh
26.02.2007 00:35:26 Redaktør Supporter Emeritus Antal indlæg: 6158	Du er velkommen. Jeg vil på vegne af hele Spywarefri takke dig for din støtte, du vil kunne se dit navn på listen, når støtten er nået frem: http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=4923 Jeg låser tråden, får du brug for os igen, er du velkommen til at oprette et nyt spørgsmål.

2 af 2

Forrige