Spywarefri Forum | hijackthis-logs

1 af 2

hijackthis-logs

[ Ignorer ] lillefar
11.03.2007 14:49:21 Antal indlæg: 14	Hej Spywarefri jeg ny i forumet og har mistanke om der er snavs i min pc
[ Ignorer ] [ # 1 ] TheKing2 TeamSpywarefri
11.03.2007 14:53:08 Antal indlæg: 1863	Hej Lillefar og velkommen til Spywarefri. Følg denne anvisning punkt 1-6 -> [url=“http://www.spywarefri.dk/forum/links/hjtanv.htm”] Hijackthis anvisning [/url] Resultatet skal du kopiere ind i denne tråd.
[ Ignorer ] [ # 2 ] lillefar
11.03.2007 17:19:09 Antal indlæg: 14	Logfile of HijackThis v1.99.1 Scan saved at 15:14:54, on 11-03-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\netdde.exe C:\WINDOWS\system32\msdtc.exe C:\WINDOWS\System32\alg.exe C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe C:\Programmer\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\svchost.exe C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe C:\WINDOWS\system32\cisvc.exe C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\WINDOWS\system32\clipsrv.exe C:\WINDOWS\system32\dllhost.exe C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\WINDOWS\System32\svchost.exe C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe C:\Programmer\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Programmer\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Programmer\Fælles filer\MicroWorld\Agent\MWASER.EXE C:\Programmer\Fælles filer\MicroWorld\Agent\MWAgent.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\StartupMonitor.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Programmer\SPAMfighter\SFAgent.exe C:\Programmer\Windows Media Connect\mswmcls.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\Windows Media Player\WMPNSCFG.exe C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe C:\Programmer\Alwil Software\Avast4\ashWebSv.exe C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\System32\dmadmin.exe C:\WINDOWS\system32\cidaemon.exe C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\wkcalrem.exe C:\Programmer\Messenger\msmsgs.exe C:\Documents and Settings\jørgen kristiansen\Skrivebord\hijackthis\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: (no name) - {E947A403-B614-4FA8-B9E7-E790F0BDC87E} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe O4 - HKLM\..\Run: [SPAMfighter Agent] “C:\Programmer\SPAMfighter\SFAgent.exe” update delay 60 O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra button: Sandboxie Toolbar - {11E506DC-0976-4CDA-BB30-37E60A2F2F46} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O9 - Extra ‘Tools’ menuitem: Sandboxie - {11E506DC-0976-4CDA-BB30-37E60A2F2F46} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe” /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe” /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Programmer\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Programmer\Fælles filer\MicroWorld\Agent\MWASER.EXE O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ————————————————————————————- AVG Anti-Spyware - Scan Report ————————————————————————————- + Created at: 09:59:16 10-03-2007 + Scan result: C:\WINDOWS\system32\mi1.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{FED64EE6-7E33-44DF-81D9-7E4FCCD6BE0B}\RP15\A0009976.exe -> Trojan.Wow : Cleaned with backup (quarantined). ::Report end
[ Ignorer ] [ # 3 ] TheKing2 TeamSpywarefri
11.03.2007 17:24:11 Antal indlæg: 1863	Så langt så godt. - Bruger du stadig Norman, eller har du afinstalleret det? ———————————————————————————————————— Kør Hijackthis, vælg “Do a system scan only”, sæt flueben ved linjerne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O3 - Toolbar: (no name) - {E947A403-B614-4FA8-B9E7-E790F0BDC87E} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) ———————————————————————————————————— —Hent Crapcleaner her: http://www.filehippo.com/download_ccleaner/ Installer CrapCleaner, men vent med at scanne —Start CrapCleaner, fjern fluebenet i cookies. Klik på kør Cleaner og lad den fjerne hvad den finder. Klik så på Problemer ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer. Klik på OK, klik på Luk når den er færdig Genstart maskinen - kør punktet “Problemer” igen. Fortæl hvordan det står til.
[ Ignorer ] [ # 4 ] lillefar
11.03.2007 17:35:07 Antal indlæg: 14	hvordan laver man en backup af registreringsdatabasen ? Ps.jeg har ikke Norman mere
[ Ignorer ] [ # 5 ] lillefar
11.03.2007 17:59:06 Antal indlæg: 14	jeg har lavet backup i ccleaner og kørt den 2 gange ingen problemer. har genstartet er den så ok.TheKing2
[ Ignorer ] [ # 6 ] lillefar
11.03.2007 18:36:06 Antal indlæg: 14	hej her er en hijackthis logLogfile of HijackThis v1.99.1 Scan saved at 16:28:42, on 11-03-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\msdtc.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\StartupMonitor.exe C:\Programmer\SPAMfighter\SFAgent.exe C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\System32\alg.exe C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe C:\Programmer\Alwil Software\Avast4\ashServ.exe C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe C:\WINDOWS\system32\cisvc.exe C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\WINDOWS\system32\clipsrv.exe C:\WINDOWS\system32\dllhost.exe C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\WINDOWS\System32\svchost.exe C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe C:\Programmer\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Programmer\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Programmer\Fælles filer\MicroWorld\Agent\MWASER.EXE C:\Programmer\Fælles filer\MicroWorld\Agent\MWAgent.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Programmer\Windows Media Connect\mswmcls.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe C:\Programmer\Alwil Software\Avast4\ashWebSv.exe C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\System32\dmadmin.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\jørgen kristiansen\Skrivebord\hijackthis\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe O4 - HKLM\..\Run: [SPAMfighter Agent] “C:\Programmer\SPAMfighter\SFAgent.exe” update delay 60 O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra button: Sandboxie Toolbar - {11E506DC-0976-4CDA-BB30-37E60A2F2F46} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O9 - Extra ‘Tools’ menuitem: Sandboxie - {11E506DC-0976-4CDA-BB30-37E60A2F2F46} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe” /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe” /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Programmer\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Programmer\Fælles filer\MicroWorld\Agent\MWASER.EXE O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe og her er en root log ******************************* ROOTCHK-(07-03-06)-LOG, by ejvindh 11-03-2007 16:34:39,95 Driver-II Irmon is present. A rootkit scan is recommended. ******************************* ROOTCHK-LOG-end
[ Ignorer ] [ # 7 ] TheKing2 TeamSpywarefri
11.03.2007 18:50:32 Antal indlæg: 1863	Nej, den er desværre ikke ok. Jeg kan at du har et rootkit inde, som nok ikke skal være der. Jeg har skrevet til Ejvind fra vores team om at han skal kigge herind. Vi kan dog lige fjerne resten fra Norman. ———————————————————————————————————— Klik på Start->Kør skriv Services.msc og klik OK. Find Tjenesten Norman API-hooking helper stop den hvis den kører, højreklik på den, klik på Egenskaber og vælg Starttype Deaktiveret. ———————————————————————————————————— Og nu er der ikke andet at gøre end at vente på Ejvind.
[ Ignorer ] [ # 8 ] lillefar
11.03.2007 19:11:03 Antal indlæg: 14	jeg siger tak hjælpen det var ikke så svært som jeg troede det med forum og alt mulig. jeg venter på Evind ha en godag!
[ Ignorer ] [ # 9 ] Resist TeamSpywarefri
11.03.2007 21:20:14 Redaktør Team Spywarefri Antal indlæg: 11794	Jeg flytter tråden til kategorien “Rootkits”. Læs venligst her: http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=29320 Signatur Med venlig hilsen Resist TeamSpywarefri Member of: Alliance of Security Analysis Professionals
[ Ignorer ] [ # 10 ] Ejvindh
12.03.2007 00:49:30 Redaktør Supporter Emeritus Antal indlæg: 6158	(1) Bruger du en infrarød forbindelse på din computer? (2) Hent Oldtimer’s WinPFind3 herfra: http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe Dobbeltklik på WinPFind3u, som du hentede, og klik på Extract. Så udpakkes programmet i en særskilt mappe. Gå ind i denne mappe, og dobbeltklik på WinPFind3U.exe. Sæt så flueben og prikker på følgende måde: Processes: None Win32 Services: None Driver Services: Non-Microsoft Registry: None Files Created Within: None Files Modified Within: None File String Search: None Klik herefter på “Run Scan”. Efter noget tid vil der dukke en logfil op, som du gerne må paste herind. (3) Download Gmer-rootkit scanner, og pak den ud til skrivebordet: http://www.young-andersen.dk/gamer/gamer.zip Start med at omdøbe programmet gmer.exe (fx til abc.exe). Kør programmet, klik på fanebladet “Rootkit”, og klik på “Scan”. Imens der scannes, er det vigtigt at du ikke bruger computeren til andre ting. Du bør heller ikke klikke på andre ting i Gmer-scanneren. Når scanningen er færdig, skal du klikke på “Copy”. Så dukker et vindue op, som fortæller at resultatet af rootkit-scanningen er blevet lagt ind i udklipsholderen. Du kan herefter gå ind i denne tråd, og kopiere indholdet herind, ved at stille dig i indtastningsfeltet, og trykke ctrl-v.
[ Ignorer ] [ # 11 ] lillefar
12.03.2007 08:11:09 Antal indlæg: 14	Hej Ejvindh Jeg ved Det Ikke. Men jeg har engang overført billeder fra en mobiltelefon WinPFind3 logfile created on: 12-03-2007 05:34:28 WinPFind3U by OldTimer - Version 1.0.20 Folder = C:\Documents and Settings\jørgen kristiansen\Skrivebord\WinPFind3u\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 7.0.5730.11) 1047536 Kb Total Physical Memory \| 632560 Kb Available Physical Memory \| 60,39% Memory free 1734844 Kb Paging File \| 1393392 Kb Available in Paging File \| 80,32% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Programmer Drive C: \| 48540364 Kb Total Space \| 22028976 Kb Free Space \| 45,38% Space Free Drive D: \| 38796940 Kb Total Space \| 36970500 Kb Free Space \| 95,29% Space Free Drive E: \| 10231392 Kb Total Space \| 3243024 Kb Free Space \| 31,70% Space Free F: Drive not present or media not loaded [Driver Services - Non-Microsoft Only] (3xHybrid) 3xHybrid service [Kernel \| On_Demand \| Stopped] -> %System32%\drivers\3xHybrid.sys -> Philips Semiconductors GmbH [Ver = 1, 3, 1, 15 \| Size = 945152 bytes \| Modified Date = 06-10-2004 14:10:46 \| Attr = ] (Aavmker4) avast! Asynchronous Virus Monitor [Kernel \| System \| Running] -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.892.0 \| Size = 31560 bytes \| Modified Date = 21-12-2006 00:51:58 \| Attr = ] (Abiosdsk) Abiosdsk [Kernel \| Disabled \| Stopped] -> -> File not found (abp480n5) abp480n5 [Kernel \| Disabled \| Stopped] -> -> File not found (adpu160m) adpu160m [Kernel \| Disabled \| Stopped] -> -> File not found (AgereSoftModem) Creatix 2.0 AC’97 Soft Modem [Kernel \| On_Demand \| Running] -> %System32%\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.46 2.1.46 07/22/2004 14:50:13 \| Size = 1268234 bytes \| Modified Date = 22-07-2004 14:50:16 \| Attr = ] (Aha154x) Aha154x [Kernel \| Disabled \| Stopped] -> -> File not found (aic78u2) aic78u2 [Kernel \| Disabled \| Stopped] -> -> File not found (aic78xx) aic78xx [Kernel \| Disabled \| Stopped] -> -> File not found (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel \| On_Demand \| Running] -> %System32%\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5760 built by: WinDDK \| Size = 2300928 bytes \| Modified Date = 02-01-2004 14:58:40 \| Attr = ] (AliIde) AliIde [Kernel \| Disabled \| Stopped] -> -> File not found (amsint) amsint [Kernel \| Disabled \| Stopped] -> -> File not found (asc) asc [Kernel \| Disabled \| Stopped] -> -> File not found (asc3350p) asc3350p [Kernel \| Disabled \| Stopped] -> -> File not found (asc3550) asc3550 [Kernel \| Disabled \| Stopped] -> -> File not found (aswMon2) avast! Standard Shield Support [File_System \| Auto \| Running] -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.892.0 \| Size = 94424 bytes \| Modified Date = 21-12-2006 00:56:00 \| Attr = ] (aswRdr) aswRdr [Kernel \| On_Demand \| Running] -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.936.0 \| Size = 23352 bytes \| Modified Date = 15-01-2007 18:26:08 \| Attr = ] (aswTdi) avast! Network Shield Support [Kernel \| System \| Running] -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.936.0 \| Size = 43176 bytes \| Modified Date = 15-01-2007 18:25:24 \| Attr = ] (Atdisk) Atdisk [Kernel \| Disabled \| Stopped] -> -> File not found (ati2mtag) ati2mtag [Kernel \| On_Demand \| Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6505 \| Size = 909824 bytes \| Modified Date = 17-01-2005 19:21:36 \| Attr = ] (AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel \| System \| Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = \| Size = 4096 bytes \| Modified Date = 28-09-2006 15:13:34 \| Attr = ] (AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel \| System \| Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 \| Size = 3968 bytes \| Modified Date = 05-09-2006 17:03:16 \| Attr = ] (bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel \| On_Demand \| Running] -> %System32%\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.25.0.0 built by: WinDDK \| Size = 44928 bytes \| Modified Date = 27-05-2004 00:18:18 \| Attr = ] (BTKRNL) Bluetooth-busoptæller [Kernel \| On_Demand \| Running] -> %System32%\drivers\btkrnl.sys -> Broadcom Corporation. [Ver = 4.0.1.700 \| Size = 1337850 bytes \| Modified Date = 30-11-2004 04:33:14 \| Attr = ] (BTSERIAL) Bluetooth Serial Driver [Kernel \| Auto \| Running] -> %System32%\drivers\btserial.sys -> Broadcom Corporation. [Ver = 4.0.1.700 \| Size = 23271 bytes \| Modified Date = 30-11-2004 04:34:38 \| Attr = ] (BTSLBCSP) Bluetooth Port Client Driver [Kernel \| Auto \| Running] -> %System32%\drivers\btslbcsp.sys -> Broadcom Corporation. [Ver = 4.0.1.700 \| Size = 222876 bytes \| Modified Date = 30-11-2004 04:34:32 \| Attr = ] (BTWUSB) WIDCOMM USB Bluetooth Driver [Kernel \| On_Demand \| Stopped] -> %System32%\drivers\btwusb.sys -> Broadcom Corporation. [Ver = 4.0.1.700 \| Size = 55320 bytes \| Modified Date = 30-11-2004 04:30:44 \| Attr = ] (cd20xrnt) cd20xrnt [Kernel \| Disabled \| Stopped] -> -> File not found (cdrbsdrv) cdrbsdrv [Kernel \| System \| Running] -> %System32%\drivers\CDRBSDRV.SYS -> B.H.A Corporation [Ver = 7. 0. 0. 5 \| Size = 13567 bytes \| Modified Date = 08-03-2004 11:55:50 \| Attr = ] (cdrbsvsd) cdrbsvsd [Kernel \| System \| Stopped] -> -> File not found (Changer) Changer [Kernel \| System \| Stopped] -> -> File not found (CmdIde) CmdIde [Kernel \| Disabled \| Stopped] -> -> File not found (Cpqarray) Cpqarray [Kernel \| Disabled \| Stopped] -> -> File not found (dac960nt) dac960nt [Kernel \| Disabled \| Stopped] -> -> File not found (dmboot) dmboot [Kernel \| Disabled \| Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 \| Size = 800000 bytes \| Modified Date = 27-08-2004 13:00:00 \| Attr = ] (dmio) dmio [Kernel \| Disabled \| Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 \| Size = 153600 bytes \| Modified Date = 27-08-2004 13:00:00 \| Attr = ] (dmload) dmload [Kernel \| Disabled \| Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 \| Size = 5888 bytes \| Modified Date = 27-08-2004 13:00:00 \| Attr = ] (dpti2o) dpti2o [Kernel \| Disabled \| Stopped] -> -> File not found (fwdrv) Firewall Driver [Kernel \| System \| Running] -> %System32%\drivers\fwdrv.sys -> Sunbelt Software [Ver = 4.3.142.0 \| Size = 284184 bytes \| Modified Date = 18-07-2006 12:02:50 \| Attr = ] (Hotkey) Hotkey [Kernel \| System \| Running] -> %System32%\drivers\HOTKEY.sys -> [Ver = \| Size = 9867 bytes \| Modified Date = 28-04-2003 20:27:06 \| Attr = ] (hpn) hpn [Kernel \| Disabled \| Stopped] -> -> File not found (i2omgmt) i2omgmt [Kernel \| System \| Stopped] -> -> File not found (i2omp) i2omp [Kernel \| Disabled \| Stopped] -> -> File not found (ini910u) ini910u [Kernel \| Disabled \| Stopped] -> -> File not found (khips) Kerio HIPS Driver [Kernel \| System \| Running] -> %System32%\drivers\khips.sys -> Sunbelt Software [Ver = 4.3.142.0 \| Size = 91672 bytes \| Modified Date = 18-07-2006 12:02:52 \| Attr = ] (lbrtfdc) lbrtfdc [Kernel \| System \| Stopped] -> -> File not found (mailKmd) mailKmd [Kernel \| System \| Stopped] -> -> File not found (MemStPCI) Sony Memory Stick-controller (PCI) [Kernel \| On_Demand \| Stopped] -> %System32%\drivers\MemStPCI.SYS -> Sony Corporation [Ver = 1.00.1120.0 (xpsp_sp2_rtm.040803-2158) \| Size = 26112 bytes \| Modified Date = 03-08-2004 23:00:50 \| Attr = ] (mraid35x) mraid35x [Kernel \| Disabled \| Stopped] -> -> File not found (MxlW2k) MxlW2k [Kernel \| On_Demand \| Running] -> %System32%\drivers\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.122 \| Size = 28352 bytes \| Modified Date = 20-01-2005 21:18:40 \| Attr = ] (NSCIRDA) NSC Infrared enhedsdriver [Kernel \| On_Demand \| Running] -> %System32%\drivers\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) \| Size = 28672 bytes \| Modified Date = 04-08-2004 00:00:52 \| Attr = ] (PCIDump) PCIDump [Kernel \| System \| Stopped] -> -> File not found (PDCOMP) PDCOMP [Kernel \| On_Demand \| Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel \| On_Demand \| Stopped] -> -> File not found (PDRELI) PDRELI [Kernel \| On_Demand \| Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel \| On_Demand \| Stopped] -> -> File not found (perc2) perc2 [Kernel \| Disabled \| Stopped] -> -> File not found (perc2hib) perc2hib [Kernel \| Disabled \| Stopped] -> -> File not found (Ptilink) Driver til direkte, parallel forbindelse [Kernel \| On_Demand \| Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) \| Size = 17792 bytes \| Modified Date = 27-08-2004 13:00:00 \| Attr = ] (ql1080) ql1080 [Kernel \| Disabled \| Stopped] -> -> File not found (Ql10wnt) Ql10wnt [Kernel \| Disabled \| Stopped] -> -> File not found (ql12160) ql12160 [Kernel \| Disabled \| Stopped] -> -> File not found (ql1240) ql1240 [Kernel \| Disabled \| Stopped] -> -> File not found (ql1280) ql1280 [Kernel \| Disabled \| Stopped] -> -> File not found (Secdrv) Secdrv [Kernel \| On_Demand \| Stopped] -> %System32%\drivers\secdrv.sys -> [Ver = \| Size = 27440 bytes \| Modified Date = 27-08-2004 13:00:00 \| Attr = ] (Simbad) Simbad [Kernel \| Disabled \| Stopped] -> -> File not found (SONYPVU1) Sony USB-filterdriver (SONYPVU1) [Kernel \| On_Demand \| Stopped] -> %System32%\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) \| Size = 7552 bytes \| Modified Date = 17-08-2001 20:56:16 \| Attr = ] (Sparrow) Sparrow [Kernel \| Disabled \| Stopped] -> -> File not found (symc810) symc810 [Kernel \| Disabled \| Stopped] -> -> File not found (symc8xx) symc8xx [Kernel \| Disabled \| Stopped] -> -> File not found (sym_hi) sym_hi [Kernel \| Disabled \| Stopped] -> -> File not found (sym_u3) sym_u3 [Kernel \| Disabled \| Stopped] -> -> File not found (SynTP) Synaptics TouchPad Driver [Kernel \| On_Demand \| Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.12.2 30Sep04 \| Size = 185824 bytes \| Modified Date = 05-10-2004 16:17:32 \| Attr = ] (tifm21) tifm21 [Kernel \| On_Demand \| Running] -> %System32%\drivers\tifm21.sys -> Texas Instruments [Ver = 1.0.1.8 \| Size = 67968 bytes \| Modified Date = 13-07-2004 06:00:00 \| Attr = ] (TosIde) TosIde [Kernel \| Disabled \| Stopped] -> -> File not found (TVICHW32) TVICHW32 [Kernel \| On_Demand \| Stopped] -> %System32%\drivers\TVICHW32.SYS -> EnTech Taiwan [Ver = 6.0 \| Size = 23600 bytes \| Modified Date = 09-10-2005 01:05:16 \| Attr = ] (ultra) ultra [Kernel \| Disabled \| Stopped] -> -> File not found (V0260VID) Live! Cam Vista IM [Kernel \| On_Demand \| Running] -> %System32%\drivers\V0260Vid.sys -> Creative Technology Ltd. [Ver = 1, 1, 3, 0 \| Size = 178913 bytes \| Modified Date = 04-11-2006 06:45:48 \| Attr = ] (ViaIde) ViaIde [Kernel \| Disabled \| Stopped] -> -> File not found (w29n51) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel \| On_Demand \| Stopped] -> %System32%\drivers\w29n51.sys -> Intel® Corporation [Ver = 9001-9 Driver \| Size = 3222784 bytes \| Modified Date = 29-10-2004 18:48:10 \| Attr = ] (WDICA) WDICA [Kernel \| On_Demand \| Stopped] -> -> File not found (XUIF) X10 USB Wireless Transceiver [Kernel \| On_Demand \| Running] -> %System32%\drivers\x10ufx2.sys -> X10 Wireless Technology, Inc. [Ver = 3.0.0.187 \| Size = 17792 bytes \| Modified Date = 19-05-2005 16:52:58 \| Attr = ] < End of report > GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-12 05:56:44 Windows 5.1.2600 Service Pack 2 ——System - GMER 1.0.12—— SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey SSDT \??\C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey SSDT \??\C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile ——Kernel code sections - GMER 1.0.12—— PAGENDSM NDIS.sys!NdisMIndicateStatus F7615A5F 6 Bytes JMP BA033ED0 \SystemRoot\system32\drivers\fwdrv.sys ——User code sections - GMER 1.0.12—— .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8 .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090 .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694 .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0 .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234 .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004 .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0 .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8 .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464 .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00030608 .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000307AC .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00030720 .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000308C4 .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00030838 .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00030950 .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00030F54 .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00030FE0 .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00030D24 .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00030DB0 .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00030E3C .text C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe[288] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00030EC8 .text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[300] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[300] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[300] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 009A4D5A .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 009A4F72 .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009A508F .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 009A4E74 .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54 .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0 .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24 .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0 .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C .text C:\Documents and Settings\jørgen kristiansen\Skrivebord\gamer[1]\abc.exe[380] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8 .text C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe[572] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe[572] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe[572] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe[572] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe[572] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe[572] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe[572] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe[572] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe[572] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe[572] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe[572] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe[572] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe[572] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe[572] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe[572] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00160608 .text C:\WINDOWS\system32\csrss.exe[580] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001607AC .text C:\WINDOWS\system32\csrss.exe[580] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00160720 .text C:\WINDOWS\system32\csrss.exe[580] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00160F54 .text C:\WINDOWS\system32\csrss.exe[580] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00160FE0 .text C:\WINDOWS\system32\csrss.exe[580] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00160D24 .text C:\WINDOWS\system32\csrss.exe[580] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00160DB0 .text C:\WINDOWS\system32\csrss.exe[580] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00160E3C .text C:\WINDOWS\system32\csrss.exe[580] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00160EC8 .text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00D54D5A .text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D54F72 .text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D5508F .text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D54E74 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00070720 .text C:\WINDOWS\system32\winlogon.exe[604] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000708C4 .text C:\WINDOWS\system32\winlogon.exe[604] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00070838 .text C:\WINDOWS\system32\winlogon.exe[604] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00070950 .text C:\WINDOWS\system32\winlogon.exe[604] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00070F54 .text C:\WINDOWS\system32\winlogon.exe[604] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00070FE0 .text C:\WINDOWS\system32\winlogon.exe[604] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00070D24 .text C:\WINDOWS\system32\winlogon.exe[604] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00070DB0 .text C:\WINDOWS\system32\winlogon.exe[604] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00070E3C .text C:\WINDOWS\system32\winlogon.exe[604] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00070EC8 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\services.exe[648] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\services.exe[648] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\services.exe[648] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\services.exe[648] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\services.exe[648] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\Programmer\WinRAR\WinRAR.exe[832] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00A54D5A .text C:\Programmer\WinRAR\WinRAR.exe[832] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00A54F72 .text C:\Programmer\WinRAR\WinRAR.exe[832] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A5508F .text C:\Programmer\WinRAR\WinRAR.exe[832] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00A54E74 .text C:\Programmer\WinRAR\WinRAR.exe[832] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\WinRAR\WinRAR.exe[832] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\WinRAR\WinRAR.exe[832] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\WinRAR\WinRAR.exe[832] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\WinRAR\WinRAR.exe[832] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\WinRAR\WinRAR.exe[832] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\WinRAR\WinRAR.exe[832] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\WinRAR\WinRAR.exe[832] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\WinRAR\WinRAR.exe[832] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\WinRAR\WinRAR.exe[832] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\WinRAR\WinRAR.exe[832] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\WinRAR\WinRAR.exe[832] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\WinRAR\WinRAR.exe[832] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\WinRAR\WinRAR.exe[832] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\WinRAR\WinRAR.exe[832] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\Programmer\WinRAR\WinRAR.exe[832] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54 .text C:\Programmer\WinRAR\WinRAR.exe[832] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0 .text C:\Programmer\WinRAR\WinRAR.exe[832] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24 .text C:\Programmer\WinRAR\WinRAR.exe[832] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0 .text C:\Programmer\WinRAR\WinRAR.exe[832] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C .text C:\Programmer\WinRAR\WinRAR.exe[832] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\ati2evxx.exe[848] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\ati2evxx.exe[848] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[860] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[860] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[860] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[860] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[860] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00B64D5A .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00B64F72 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00B6508F .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00B64E74 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[868] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8 .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1012] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1012] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1012] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1012] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54 .text C:\WINDOWS\system32\svchost.exe[1012] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0 .text C:\WINDOWS\system32\svchost.exe[1012] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00080D24 .text C:\WINDOWS\system32\svchost.exe[1012] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0 .text C:\WINDOWS\system32\svchost.exe[1012] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C .text C:\WINDOWS\system32\svchost.exe[1012] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00BC4D5A .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00BC4F72 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00BC508F .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00BC4E74 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] WS2_32.dll!socket 71A83B91 5 Bytes JMP 001308C4 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00130838 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00130950 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0 .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C .text C:\Programmer\SPAMfighter\SFAgent.exe[1064] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1088] WS2_32.dll!socket
[ Ignorer ] [ # 12 ] Ejvindh
12.03.2007 12:38:37 Redaktør Supporter Emeritus Antal indlæg: 6158	Du skal lige prøve at scanne med Gmer igen. Og denne gang skal du tage netstikket ud af computeren, lukke alle aktive programmer ned (også gerne antivirus-programmer o.lign), sætte Gmer til at scanne, og så lade være med at bruge computeren til noget i mellemtiden. Det skulle gerne give en kortere log. Den du har lagt ind kunne nemlig ikke være i én post
[ Ignorer ] [ # 13 ] lillefar
12.03.2007 13:21:20 Antal indlæg: 14	hej ejvindh nu har jer lukket antivirus og firewall og her er log fra gmer.ini som jeg har omdøbt til abc.exe. men det tog tid håber det er godt nok her er så loggen gmer.ini. GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-12 11:07:35 Windows 5.1.2600 Service Pack 2 ——System - GMER 1.0.12—— SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey SSDT \??\C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey SSDT \??\C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile ——Kernel code sections - GMER 1.0.12—— PAGENDSM NDIS.sys!NdisMIndicateStatus F7615A5F 6 Bytes JMP B9D71ED0 \SystemRoot\system32\drivers\fwdrv.sys ——User code sections - GMER 1.0.12—— .text C:\WINDOWS\system32\alg.exe[108] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\alg.exe[108] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\alg.exe[108] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\alg.exe[108] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\alg.exe[108] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\alg.exe[108] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\alg.exe[108] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\alg.exe[108] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\alg.exe[108] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\alg.exe[108] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\alg.exe[108] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\alg.exe[108] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\alg.exe[108] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\alg.exe[108] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\alg.exe[108] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\alg.exe[108] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\alg.exe[108] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\alg.exe[108] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\netdde.exe[128] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\netdde.exe[128] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\netdde.exe[128] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\netdde.exe[128] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\netdde.exe[128] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\netdde.exe[128] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\netdde.exe[128] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\netdde.exe[128] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\netdde.exe[128] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\netdde.exe[128] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\netdde.exe[128] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\netdde.exe[128] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\netdde.exe[128] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\netdde.exe[128] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\netdde.exe[128] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00BC4D5A .text C:\Programmer\SPAMfighter\SFAgent.exe[136] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00BC4F72 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00BC508F .text C:\Programmer\SPAMfighter\SFAgent.exe[136] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00BC4E74 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\SPAMfighter\SFAgent.exe[136] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\SPAMfighter\SFAgent.exe[136] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\SPAMfighter\SFAgent.exe[136] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\SPAMfighter\SFAgent.exe[136] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] WS2_32.dll!socket 71A83B91 5 Bytes JMP 001308C4 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00130838 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00130950 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0 .text C:\Programmer\SPAMfighter\SFAgent.exe[136] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C .text C:\Programmer\SPAMfighter\SFAgent.exe[136] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00B64D5A .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00B64F72 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00B6508F .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00B64E74 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0 .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C .text C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe[192] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8 .text C:\WINDOWS\system32\ctfmon.exe[208] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00974D5A .text C:\WINDOWS\system32\ctfmon.exe[208] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00974F72 .text C:\WINDOWS\system32\ctfmon.exe[208] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0097508F .text C:\WINDOWS\system32\ctfmon.exe[208] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00974E74 .text C:\WINDOWS\system32\ctfmon.exe[208] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\ctfmon.exe[208] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\ctfmon.exe[208] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\ctfmon.exe[208] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\ctfmon.exe[208] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\ctfmon.exe[208] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\ctfmon.exe[208] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\ctfmon.exe[208] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\ctfmon.exe[208] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\ctfmon.exe[208] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\ctfmon.exe[208] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\ctfmon.exe[208] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\ctfmon.exe[208] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\ctfmon.exe[208] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\ctfmon.exe[208] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\ctfmon.exe[208] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54 .text C:\WINDOWS\system32\ctfmon.exe[208] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0 .text C:\WINDOWS\system32\ctfmon.exe[208] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00080D24 .text C:\WINDOWS\system32\ctfmon.exe[208] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0 .text C:\WINDOWS\system32\ctfmon.exe[208] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C .text C:\WINDOWS\system32\ctfmon.exe[208] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00854D5A .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00854F72 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0085508F .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00854E74 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000707AC .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00070720 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00070F54 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00070FE0 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00070D24 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00070DB0 .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00070E3C .text C:\Programmer\Windows Media Player\wmpnscfg.exe[292] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00070EC8 .text C:\WINDOWS\system32\msdtc.exe[420] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\msdtc.exe[420] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\msdtc.exe[420] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\msdtc.exe[420] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\msdtc.exe[420] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\msdtc.exe[420] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\msdtc.exe[420] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\msdtc.exe[420] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\msdtc.exe[420] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\msdtc.exe[420] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\msdtc.exe[420] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\msdtc.exe[420] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\msdtc.exe[420] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\msdtc.exe[420] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\msdtc.exe[420] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\msdtc.exe[420] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\msdtc.exe[420] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\msdtc.exe[420] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464 .text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00160608 .text C:\WINDOWS\system32\csrss.exe[580] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001607AC .text C:\WINDOWS\system32\csrss.exe[580] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00160720 .text C:\WINDOWS\system32\csrss.exe[580] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00160F54 .text C:\WINDOWS\system32\csrss.exe[580] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00160FE0 .text C:\WINDOWS\system32\csrss.exe[580] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00160D24 .text C:\WINDOWS\system32\csrss.exe[580] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00160DB0 .text C:\WINDOWS\system32\csrss.exe[580] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00160E3C .text C:\WINDOWS\system32\csrss.exe[580] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00160EC8 .text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00D54D5A .text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D54F72 .text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D5508F .text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D54E74 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00070720 .text C:\WINDOWS\system32\winlogon.exe[604] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000708C4 .text C:\WINDOWS\system32\winlogon.exe[604] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00070838 .text C:\WINDOWS\system32\winlogon.exe[604] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00070950 .text C:\WINDOWS\system32\winlogon.exe[604] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00070F54 .text C:\WINDOWS\system32\winlogon.exe[604] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00070FE0 .text C:\WINDOWS\system32\winlogon.exe[604] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00070D24 .text C:\WINDOWS\system32\winlogon.exe[604] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00070DB0 .text C:\WINDOWS\system32\winlogon.exe[604] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00070E3C .text C:\WINDOWS\system32\winlogon.exe[604] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00070EC8 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\services.exe[648] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\services.exe[648] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\services.exe[648] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\services.exe[648] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\services.exe[648] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\services.exe[648] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\lsass.exe[660] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\lsass.exe[660] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\lsass.exe[660] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[772] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[772] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[772] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[772] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[772] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[772] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[772] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[772] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[772] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[772] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[772] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[772] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[772] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[772] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[772] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[772] WS2_32.dll!socket 71A83B91 5 Bytes JMP 001308C4 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[772] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00130838 .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[772] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00130950 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[816] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[816] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[816] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[816] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[816] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[816] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[816] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[816] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[816] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[816] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[816] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[816] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[816] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[816] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[816] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[816] WS2_32.dll!socket 71A83B91 5 Bytes JMP 001308C4 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[816] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00130838 .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[816] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\ati2evxx.exe[848] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\ati2evxx.exe[848] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\ati2evxx.exe[848] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[860] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[860] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[860] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[860] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[860] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[964] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[964] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[964] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[964] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[964] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[964] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[964] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[964] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[964] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[964] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[964] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[964] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[964] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[964] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[964] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!socket 71A83B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\wscntfy.exe[1000] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\wscntfy.exe[1000] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\wscntfy.exe[1000] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\wscntfy.exe[1000] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\wscntfy.exe[1000] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\wscntfy.exe[1000] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\wscntfy.exe[1000] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\wscntfy.exe[1000] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\wscntfy.exe[1000] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\wscntfy.exe[1000] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\wscntfy.exe[1000] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\wscntfy.exe[1000] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\wscntfy.exe[1000] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\wscntfy.exe[1000] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\wscntfy.exe[1000] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00070720 .text C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe[1004] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe[1004] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe[1004] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe[1004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe[1004] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe[1004] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe[1004] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe[1004] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe[1004] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe[1004] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe[1004] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe[1004] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe[1004] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe[1004] WS2_32.dll!socket 71A83B91 5 Bytes JMP 001308C4 .text C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe[1004] WS2_32.dll!bind 71A83E00 5 Bytes JMP 00130838 .text C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe[1004] WS2_32.dll!connect 71A8406A 5 Bytes JMP 00130950 .text C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe[1004] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC .text C:\Programmer\WIDCOMM\Bluetooth-software\bin
[ Ignorer ] [ # 14 ] Ejvindh
12.03.2007 13:30:59 Redaktør Supporter Emeritus Antal indlæg: 6158	Ja, du gør det rigtigt nok. Desværre er loggen stadig for lang til at kunne være i en enkelt post. Og jeg får ikke mulighed for at se det, der er rigtig væsentligt. På det foreløbige ser det dog ud til at du ikke har et rootkit på computeren alligevel. Men jeg synes lige vi skal tage et ekstra check: —Hent Combofix fra et af disse links, og gem den på dit skrivebord: http://download.bleepingcomputer.com/sUBs/combofix.exe http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe Kør så combofix.exe, og følg anvisningerne. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt Indholdet af denne fil må du gerne lægge herind. —Kør så en ny scanning med Gmer, og læg resultatet herind. Hvis ikke det hele kan være i én post, må du lægge det ind i flere dele.
[ Ignorer ] [ # 15 ] lillefar
12.03.2007 13:51:05 Antal indlæg: 14	hvordan lægger jeg gmer loggen ind i flere dele

1 af 2

Næste