Spywarefri Forum | for en sikkerheds skyld

2 af 3

for en sikkerheds skyld

[ Ignorer ] [ # 16 ] killerdane
21.04.2007 04:18:39 Antal indlæg: 305	Hej Ejvind. Det har ikke hjulpet ret meget. Mens jeg ventede på dit svar,har jeg nørdet efter “catchme 0.2” som jeg selv kunne se i combo loggen. Det mærkelige er, at når det er dette forum, tager det en evighed at skifte side/loade vinduer som for eksempel når jeg er færdig med at skrive her. resten af nettet fungerer ok. Men hvis jeg bare skriver jeres webadresse, er der ingen ventetid…..... derudover slettede avenger det sidste du havde anført uden anmærkninger. Men jeg er sikker på den ikke er helt rask endnu. f.eks. åbner IE to tabs når jeg klikker på linket i min mailboks-også skidt. Jeg tog tid for sjov. fra jeg klikker det link om flytning af tråd til jeg kan læse dit eller mit indlæg går der 1:20 min. og det på en ikke ellers optaget 10 mbit-linie. Så som det fremgår må vi have skrappere midler frem. ALt andet end format c:\ ....plz og hermed den den lange log: GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-04-21 02:14:30 Windows 5.1.2600 Service Pack 2 ——System - GMER 1.0.12—— SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject SSDT sptd.sys ZwEnumerateKey SSDT sptd.sys ZwEnumerateValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile SSDT sptd.sys ZwOpenKey SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread SSDT sptd.sys ZwQueryKey SSDT sptd.sys ZwQueryValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess ——Kernel code sections - GMER 1.0.12—— [Fjernet dele af Gmer-loggen som ikke er relevante (for at forumsoftwaren ikke skal gå død på tråden) - ejvindh teamsupporter]
[ Ignorer ] [ # 17 ] killerdane
21.04.2007 04:25:28 Antal indlæg: 305	[Fjernet dele af Gmer-loggen som ikke er relevante (for at forumsoftwaren ikke skal gå død på tråden) - ejvindh teamsupporter]
[ Ignorer ] [ # 18 ] killerdane
21.04.2007 04:31:38 Antal indlæg: 305	[Fjernet dele af Gmer-loggen som ikke er relevante (for at forumsoftwaren ikke skal gå død på tråden) - ejvindh teamsupporter]
[ Ignorer ] [ # 19 ] killerdane
21.04.2007 04:34:42 Antal indlæg: 305	[Fjernet dele af Gmer-loggen som ikke er relevante (for at forumsoftwaren ikke skal gå død på tråden) - ejvindh teamsupporter]
[ Ignorer ] [ # 20 ] killerdane
21.04.2007 04:35:52 Antal indlæg: 305	[Fjernet dele af Gmer-loggen som ikke er relevante (for at forumsoftwaren ikke skal gå død på tråden) - ejvindh teamsupporter]
[ Ignorer ] [ # 21 ] killerdane
21.04.2007 04:36:51 Antal indlæg: 305	[Fjernet dele af Gmer-loggen som ikke er relevante (for at forumsoftwaren ikke skal gå død på tråden) - ejvindh teamsupporter]
[ Ignorer ] [ # 22 ] killerdane
21.04.2007 04:38:04 Antal indlæg: 305	[Fjernet dele af Gmer-loggen som ikke er relevante (for at forumsoftwaren ikke skal gå død på tråden) - ejvindh teamsupporter]
[ Ignorer ] [ # 23 ] killerdane
21.04.2007 04:39:12 Antal indlæg: 305	[Fjernet dele af Gmer-loggen som ikke er relevante (for at forumsoftwaren ikke skal gå død på tråden) - ejvindh teamsupporter] ——Modules - GMER 1.0.12—— Module (noname) (* hidden * ) F760E000 ——Registry - GMER 1.0.12—— Reg \Registry\USER\S-1-5-21-1275210071-436374069-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACNGU:S:\Zl Qbjaybnqf\NalQIQ 5.3.2.1 + PybarQIQ 2.8.5.1 + PybarPQ 5.2.6.1 + QIQ Qrpelcgre 3 + QIQ Fuevax 3 + PENPXF!!\NalQIQ 5.3.2.1 + PybarQIQ 2.8.5.1 + PybarPQ 5.2.6.1 + QIQ Qrpelcgre 3 + QIQ Fuevax 3 + PENPXF!! ( Gbhg SE )\PybarPQ 5.2.6.1\PybarPQ 5.2.6.1.rkr 0x66 0x01 0x00 0x00 ... Reg \Registry\USER\S-1-5-21-1275210071-436374069-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACNGU:S:\Zl Qbjaybnqf\NalQIQ 5.3.2.1 + PybarQIQ 2.8.5.1 + PybarPQ 5.2.6.1 + QIQ Qrpelcgre 3 + QIQ Fuevax 3 + PENPXF!!\NalQIQ 5.3.2.1 + PybarQIQ 2.8.5.1 + PybarPQ 5.2.6.1 + QIQ Qrpelcgre 3 + QIQ Fuevax 3 + PENPXF!! ( Gbhg SE )\PybarPQ 5.2.6.1\Penpx\Fylfbsg.rkr 0x66 0x01 0x00 0x00 ... Reg \Registry\USER\S-1-5-21-1275210071-436374069-682003330-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x2D 0x50 0x8B 0xFB ... Reg \Registry\USER\S-1-5-21-1275210071-436374069-682003330-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x69 0x3E 0x43 0x58 ... ——EOF - GMER 1.0.12——
[ Ignorer ] [ # 24 ] killerdane
21.04.2007 04:43:14 Antal indlæg: 305	det var vist det. men den er edderhyleme hamber denne her. det tog mig 2 nibutter for hver del af loggen. Det hænger nada samman med 10 mbit. Det er nu vi bliver kreative. gmer sagde at den havde fundet snask (rootkit actions) da den var færdig. SÅ hvordan får vi dem væk? Herinde plejer I at kunne hekse:-)
[ Ignorer ] [ # 25 ] Ejvindh
21.04.2007 23:27:29 Redaktør Supporter Emeritus Antal indlæg: 6159	Nu skal du høre. Jeg tror nu vi er temmelig meget tættere på en ren pc, end du tror. De problemer som du beskriver har vi andre også med lige præcis denne tråd. Det hænger sammen med at den er blevet ret tekst-tung. Af samme grund er jeg af admin blevet bedt om at korte lidt ned i den, som du vil kunne se ovenfor . Jeg synes selv det har hjulpet lidt, men den er stadig tung. Der er dog lidt tilbage endnu, som vi skal arbejde på: —Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet på skrivebordet som regfix.reg. Når du gemmer, skal du sikre, at der under “filtyper” står “alle filer”. ——————————————— REGEDIT4 [-HKEY_USERS\S-1-5-21-1275210071-436374069-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count] [HKEY_USERS\S-1-5-21-1275210071-436374069-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count] ——————————————— Dobbeltklik så på den fil, som du lige har lavet, og bekræft at du vil tilføje oplysningerne til registreringsdatabasen. —Hent “SuperAntiSpyware free” herfra: http://www.spywarefri.dk/downloads1.htm Installer, og opdater scannereren. —Hent Dr. Web, og gem det på skrivebordet: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe —Genstart i fejlsikret, hvis du ikke ved hvordan så kig her: http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1 —Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til. Lad den slette hvad den finder (say Yes to all). Undervejs i scanningen vil der dukke en grøn popup som tilbyder dig at købe Dr.Web, hvor du får mulighederne “Buy” eller “50% discount”. Her skal du bare lukke popuppen, ved at klikke på krydset øverst til højre. Når den skriver “Select object for Scanning” nederst til venstre, skal du klikke på Options->Change settings. Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis. Skift til fanebladet - File Types, prik i - All Files Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Move. Fjern flueben ved “Prompt on action” Ved “Move path”, skriver du i tekstboksen “c:\” Så der kommer til at stå “c:\infected”. Skift til fanbladet Log File. Der fjerner du flueben ved: “Scanned objects” og “Archivers name”. Tryk på Anvend Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt. Tryk så på den grønne pil nederst til højre, så scanner den. Lad den slette/move hvad den finder (Say yes to all) Når scanningen er færdig, gå op i file – Tryk på- Save Report list. Så ligger der en en fil der her hedder “drweb.csv” på skrivebordet. Luk Programmet —Start herefter SuperAntispyware, klik “Scan your computer”, sæt flueben i dine drev, ovre til venstre i vinduet. Ovre til højre i vinduet, sætter du prik i “Perform Complete Scan”. Klik “næste”, nu scanner den. Når den er færdig, så markerer du det den finder, og lader scannereren fjerne det. —Genstart til normal tilstand (scannereren tilbyder måske at gøre det). Åbn scannereren igen, og klik “preferences”-> “stastics/logs”. Marker loggen, og klik “View log”. Kopier loggen her ind i tråden, sammen med indholdet af drweb.csv. —Lav også en ny log med Hijackthis, som du lægger herind til gennemsyn. —Kør Gmer igen. Ovre i højre side skal du fjerne fluebenene, således at der kun er flueben i “Sections” “Modules” “Registry” ... lav så en ny scanning med programmet, og læg resultatet herind.
[ Ignorer ] [ # 26 ] killerdane
22.04.2007 05:05:35 Antal indlæg: 305	Hej. - Tak for hjælpen. Har i mellemtiden reinstalleret ie 7 og det hjalp gevaldigt. Og jeg er sikker på du har ret i vi nærmer os. Nu følger jeg dine sidste anvisninger og så har I/jeg fred et par måneder:-)
[ Ignorer ] [ # 27 ] killerdane
22.04.2007 06:29:29 Antal indlæg: 305	SUPERAntiSpyware Scan Log Generated 04/22/2007 at 04:01 AM Application Version : 3.5.1016 Core Rules Database Version : 3222 Trace Rules Database Version: 1233 Scan type : Complete Scan Total Scan Time : 00:35:33 Memory items scanned : 207 Memory threats detected : 0 Registry items scanned : 7801 Registry threats detected : 0 File items scanned : 34088 File threats detected : 27 Adware.Tracking Cookie C:\Documents and Settings\Tom\Cookies\tom@ads.adbrite[2].txt C:\Documents and Settings\Tom\Cookies\tom@2.adbrite[2].txt C:\Documents and Settings\Tom\Cookies\tom@adbrite[2].txt C:\Documents and Settings\Tom\Cookies\tom@perf.overture[1].txt C:\Documents and Settings\Tom\Cookies\tom@2932.stats.misstrends[2].txt C:\Documents and Settings\Tom\Cookies\tom@fastclick[1].txt C:\Documents and Settings\Tom\Cookies\tom@atdmt[2].txt C:\Documents and Settings\Tom\Cookies\tom@clicktorrent[2].txt C:\Documents and Settings\Tom\Cookies\tom@ad.zanox[2].txt C:\Documents and Settings\Tom\Cookies\tom@ultraxxxpasswords[1].txt C:\Documents and Settings\Tom\Cookies\tom@toplist[1].txt C:\Documents and Settings\Tom\Cookies\tom@barely18xxx[1].txt C:\Documents and Settings\Tom\Cookies\tom@www.sexypolis[2].txt C:\Documents and Settings\Tom\Cookies\tom@microsoftwga.112.2o7[1].txt C:\Documents and Settings\Tom\Cookies\tom@tribalfusion[1].txt C:\Documents and Settings\Tom\Cookies\tom@counter6.sextracker[1].txt C:\Documents and Settings\Tom\Cookies\tom@www.googleadservices[1].txt C:\Documents and Settings\Tom\Cookies\tom@3.adbrite[2].txt C:\Documents and Settings\Tom\Cookies\tom@statcounter[1].txt C:\Documents and Settings\Tom\Cookies\tom@metacafe.122.2o7[1].txt C:\Documents and Settings\Tom\Cookies\tom@doubleclick[1].txt C:\Documents and Settings\Tom\Cookies\tom@sextracker[1].txt C:\Documents and Settings\Tom\Cookies\tom@media.fastclick[2].txt C:\Documents and Settings\Tom\Cookies\tom@xiti[1].txt C:\Documents and Settings\Tom\Cookies\tom@adultadworld[1].txt C:\Documents and Settings\Tom\Cookies\tom@1831.stats.misstrends[2].txt C:\Documents and Settings\Tom\Cookies\tom@linksynergy[1].txt Desuden er den væsentligt hurtigere allerede. Men når jeg skal linke i yahoo til mail får jeg 404. Det er irriterende når jeg jeg er vant til at blive sendt til min indboks. Ingen adgang til serveren-agtigt. tyder på en fortsat dns fejl. resten virker upåklgeligt. Cureit fandt ingenting. Jeg sender en sidste gmer og så ser vi. v.h. Tom
[ Ignorer ] [ # 28 ] killerdane
22.04.2007 07:09:42 Antal indlæg: 305	gmer siger stadig den finder rootkit actions:-( hermed loggen: GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-04-22 05:07:34 Windows 5.1.2600 Service Pack 2 ——Kernel code sections - GMER 1.0.12—— .text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ F0, 11, F0, AA, 80, 74, F0, ... ] ? C:\WINDOWS\system32\drivers\sptd.sys Processen kan ikke få adgang til filen, da den bruges af en anden proces. ? srescan.sys Den angivne fil blev ikke fundet. .text USBPORT.SYS!DllUnload F646E62C 5 Bytes JMP 86F671B8 ? System32\Drivers\a4c41xy5.SYS Den angivne sti blev ikke fundet. ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Den angivne fil blev ikke fundet. ——User code sections - GMER 1.0.12—— .text C:\Programmer\Executive Software\DiskeeperLite\DKService.exe[188] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\Executive Software\DiskeeperLite\DKService.exe[188] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\Executive Software\DiskeeperLite\DKService.exe[188] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\Executive Software\DiskeeperLite\DKService.exe[188] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\Executive Software\DiskeeperLite\DKService.exe[188] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\Executive Software\DiskeeperLite\DKService.exe[188] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\Executive Software\DiskeeperLite\DKService.exe[188] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\Executive Software\DiskeeperLite\DKService.exe[188] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe[356] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0E001E .text C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe[356] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F08001E .text C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe[356] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F17001E .text C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe[356] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F14001E .text C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe[356] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F11001E .text C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe[356] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F1A001E .text C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe[356] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F05001E .text C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe[356] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0B001E .text F:\Programmer\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe[388] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text F:\Programmer\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe[388] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text F:\Programmer\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe[388] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text F:\Programmer\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe[388] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text F:\Programmer\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe[388] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text F:\Programmer\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe[388] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text F:\Programmer\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe[388] advapi32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text F:\Programmer\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe[388] advapi32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[408] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[408] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[408] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[408] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[408] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[408] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[408] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[408] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe[476] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe[476] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe[476] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe[476] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe[476] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe[476] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe[476] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe[476] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\csrss.exe[696] KERNEL32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\csrss.exe[696] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\csrss.exe[696] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\csrss.exe[696] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\csrss.exe[696] KERNEL32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\csrss.exe[696] KERNEL32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\csrss.exe[696] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\csrss.exe[696] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\winlogon.exe[728] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\winlogon.exe[728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\winlogon.exe[728] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\winlogon.exe[728] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\winlogon.exe[728] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\winlogon.exe[728] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\winlogon.exe[728] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\winlogon.exe[728] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\services.exe[772] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\services.exe[772] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\lsass.exe[784] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\lsass.exe[784] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\lsass.exe[784] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\lsass.exe[784] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\lsass.exe[784] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\lsass.exe[784] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\lsass.exe[784] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\lsass.exe[784] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\ati2evxx.exe[936] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\ati2evxx.exe[936] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\ati2evxx.exe[936] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\ati2evxx.exe[936] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\ati2evxx.exe[936] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\ati2evxx.exe[936] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\ati2evxx.exe[936] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\ati2evxx.exe[936] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\Windows Defender\MsMpEng.exe[1132] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\Windows Defender\MsMpEng.exe[1132] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\Windows Defender\MsMpEng.exe[1132] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\Windows Defender\MsMpEng.exe[1132] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\Windows Defender\MsMpEng.exe[1132] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\Windows Defender\MsMpEng.exe[1132] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\Windows Defender\MsMpEng.exe[1132] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\Windows Defender\MsMpEng.exe[1132] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\PowerISO\PWRISOVM.EXE[1148] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\PowerISO\PWRISOVM.EXE[1148] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\PowerISO\PWRISOVM.EXE[1148] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\PowerISO\PWRISOVM.EXE[1148] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\PowerISO\PWRISOVM.EXE[1148] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\PowerISO\PWRISOVM.EXE[1148] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\PowerISO\PWRISOVM.EXE[1148] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\PowerISO\PWRISOVM.EXE[1148] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\ewido anti-malware\ewidoctrl.exe[1208] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\ewido anti-malware\ewidoctrl.exe[1208] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\ewido anti-malware\ewidoctrl.exe[1208] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\ewido anti-malware\ewidoctrl.exe[1208] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\ewido anti-malware\ewidoctrl.exe[1208] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\ewido anti-malware\ewidoctrl.exe[1208] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\ewido anti-malware\ewidoctrl.exe[1208] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\ewido anti-malware\ewidoctrl.exe[1208] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\Microsoft IntelliType Pro\type32.exe[1244] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\Microsoft IntelliType Pro\type32.exe[1244] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\Microsoft IntelliType Pro\type32.exe[1244] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\Microsoft IntelliType Pro\type32.exe[1244] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\Microsoft IntelliType Pro\type32.exe[1244] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\Microsoft IntelliType Pro\type32.exe[1244] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\Microsoft IntelliType Pro\type32.exe[1244] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\Microsoft IntelliType Pro\type32.exe[1244] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\ati2evxx.exe[1248] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\ati2evxx.exe[1248] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\ati2evxx.exe[1248] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\ati2evxx.exe[1248] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\ati2evxx.exe[1248] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\ati2evxx.exe[1248] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\ati2evxx.exe[1248] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\ati2evxx.exe[1248] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\DAEMON Tools\daemon.exe[1272] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\DAEMON Tools\daemon.exe[1272] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\DAEMON Tools\daemon.exe[1272] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\DAEMON Tools\daemon.exe[1272] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\DAEMON Tools\daemon.exe[1272] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\DAEMON Tools\daemon.exe[1272] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\DAEMON Tools\daemon.exe[1272] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\DAEMON Tools\daemon.exe[1272] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\Microsoft IntelliPoint\ipoint.exe[1324] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\Microsoft IntelliPoint\ipoint.exe[1324] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\Microsoft IntelliPoint\ipoint.exe[1324] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\Microsoft IntelliPoint\ipoint.exe[1324] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\Microsoft IntelliPoint\ipoint.exe[1324] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\Microsoft IntelliPoint\ipoint.exe[1324] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\Microsoft IntelliPoint\ipoint.exe[1324] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\Microsoft IntelliPoint\ipoint.exe[1324] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe[1408] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe[1408] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe[1408] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe[1408] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe[1408] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe[1408] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe[1408] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe[1408] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe[1420] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe[1420] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe[1420] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe[1420] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe[1420] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe[1420] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe[1420] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe[1420] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\LocalCooling\localcooling.exe[1496] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\LocalCooling\localcooling.exe[1496] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\LocalCooling\localcooling.exe[1496] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\LocalCooling\localcooling.exe[1496] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\LocalCooling\localcooling.exe[1496] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\LocalCooling\localcooling.exe[1496] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\LocalCooling\localcooling.exe[1496] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\LocalCooling\localcooling.exe[1496] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\SPAMfighter\SFAgent.exe[1524] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\SPAMfighter\SFAgent.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\SPAMfighter\SFAgent.exe[1524] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\SPAMfighter\SFAgent.exe[1524] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\SPAMfighter\SFAgent.exe[1524] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\SPAMfighter\SFAgent.exe[1524] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\SPAMfighter\SFAgent.exe[1524] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\SPAMfighter\SFAgent.exe[1524] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\explorer.exe[1532] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\explorer.exe[1532] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\explorer.exe[1532] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\WINDOWS\explorer.exe[1532] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\WINDOWS\explorer.exe[1532] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\WINDOWS\explorer.exe[1532] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\WINDOWS\explorer.exe[1532] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\WINDOWS\explorer.exe[1532] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1612] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1612] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1612] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1612] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1612] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1612] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1612] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe[1612] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1660] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1660] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1660] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1660] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1660] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1660] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1660] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\Alwil Software\Avast4\ashServ.exe[1660] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\spoolsv.exe[1936] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\spoolsv.exe[1936] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\spoolsv.exe[1936] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\spoolsv.exe[1936] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\spoolsv.exe[1936] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\spoolsv.exe[1936] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\spoolsv.exe[1936] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\spoolsv.exe[1936] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[1976] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[1976] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[1976] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[1976] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[1976] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[1976] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[1976] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[1976] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\SlySoft\CloneCD\CloneCDTray.exe[2036] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\SlySoft\CloneCD\CloneCDTray.exe[2036] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\SlySoft\CloneCD\CloneCDTray.exe[2036] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\SlySoft\CloneCD\CloneCDTray.exe[2036] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\SlySoft\CloneCD\CloneCDTray.exe[2036] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\SlySoft\CloneCD\CloneCDTray.exe[2036] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\SlySoft\CloneCD\CloneCDTray.exe[2036] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\SlySoft\CloneCD\CloneCDTray.exe[2036] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2072] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2072] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2072] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2072] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2072] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2072] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2072] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2072] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\Windows Defender\MSASCui.exe[2080] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\Windows Defender\MSASCui.exe[2080] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\Windows Defender\MSASCui.exe[2080] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\Windows Defender\MSASCui.exe[2080] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\Windows Defender\MSASCui.exe[2080] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\Windows Defender\MSASCui.exe[2080] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\Windows Defender\MSASCui.exe[2080] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\Windows Defender\MSASCui.exe[2080] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe[2100] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe[2100] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text F:\Programmer\iolo\System Mechanic Professional 6\IoloSGCtrl.exe[2116] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text F:\Programmer\iolo\System Mechanic Professional 6\IoloSGCtrl.exe[2116] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text F:\Programmer\iolo\System Mechanic Professional 6\IoloSGCtrl.exe[2116] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text F:\Programmer\iolo\System Mechanic Professional 6\IoloSGCtrl.exe[2116] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text F:\Programmer\iolo\System Mechanic Professional 6\IoloSGCtrl.exe[2116] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text F:\Programmer\iolo\System Mechanic Professional 6\IoloSGCtrl.exe[2116] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text F:\Programmer\iolo\System Mechanic Professional 6\IoloSGCtrl.exe[2116] advapi32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text F:\Programmer\iolo\System Mechanic Professional 6\IoloSGCtrl.exe[2116] advapi32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text F:\Programmer\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe[2192] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text F:\Programmer\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe[2192] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text F:\Programmer\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe[2192] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text F:\Programmer\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe[2192] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text F:\Programmer\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe[2192] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text F:\Programmer\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe[2192] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text F:\Programmer\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe[2192] advapi32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text F:\Programmer\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe[2192] advapi32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\CyberLink\Shared Files\RichVideo.exe[2216] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\CyberLink\Shared Files\RichVideo.exe[2216] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\CyberLink\Shared Files\RichVideo.exe[2216] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\CyberLink\Shared Files\RichVideo.exe[2216] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\CyberLink\Shared Files\RichVideo.exe[2216] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\CyberLink\Shared Files\RichVideo.exe[2216] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\CyberLink\Shared Files\RichVideo.exe[2216] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\CyberLink\Shared Files\RichVideo.exe[2216] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\ctfmon.exe[2224] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\ctfmon.exe[2224] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\ctfmon.exe[2224] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\ctfmon.exe[2224] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\ctfmon.exe[2224] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\ctfmon.exe[2224] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\ctfmon.exe[2224] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\ctfmon.exe[2224] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\alg.exe[2348] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\alg.exe[2348] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\alg.exe[2348] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\alg.exe[2348] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\alg.exe[2348] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\alg.exe[2348] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\alg.exe[2348] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\alg.exe[2348] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\alg.exe[2348] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\svchost.exe[2584] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[2584] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe[2628] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe[2628] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe[2628] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe[2628] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe[2628] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe[2628] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe[2628] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe[2628] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe[2628] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe[2792] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe[2792] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe[2792] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe[2792] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe[2792] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe[2792] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe[2792] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe[2792] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe[2792] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2864] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0E001E .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2864] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F08001E .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2864] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F17001E .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2864] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F14001E .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2864] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2864] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F11001E .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2864] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F1A001E .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2864] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F05001E .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2864] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0B001E .text C:\Programmer\Internet Explorer\iexplore.exe[3104] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3104] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3104] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3104] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3104] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Programmer\Internet Explorer\iexplore.exe[3104] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3104] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3104] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3104] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3104] USER32.dll!DialogBoxParamW 7E37555F 5 Bytes JMP 00C25415 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3104] USER32.dll!DialogBoxIndirectParamW 7E382032 5 Bytes JMP 00DBC510 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3104] USER32.dll!MessageBoxIndirectA 7E38A04A 5 Bytes JMP 00DBC491 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3104] USER32.dll!DialogBoxParamA 7E38B10C 5 Bytes JMP 00DBC4D5 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3104] USER32.dll!MessageBoxExW 7E3A05D8 5 Bytes JMP 00DBC3D9 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3104] USER32.dll!MessageBoxExA 7E3A05FC 5 Bytes JMP 00DBC413 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3104] USER32.dll!DialogBoxIndirectParamA 7E3A6B50 5 Bytes JMP 00DBC54B C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3104] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 00DBC44D C:\WINDOWS\system32\IEFRAME.dll .text C:\Documents and Settings\Tom\Skrivebord\gamer\abc.exe[3204] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Documents and Settings\Tom\Skrivebord\gamer\abc.exe[3204] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Documents and Settings\Tom\Skrivebord\gamer\abc.exe[3204] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Documents and Settings\Tom\Skrivebord\gamer\abc.exe[3204] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Documents and Settings\Tom\Skrivebord\gamer\abc.exe[3204] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Documents and Settings\Tom\Skrivebord\gamer\abc.exe[3204] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Documents and Settings\Tom\Skrivebord\gamer\abc.exe[3204] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Documents and Settings\Tom\Skrivebord\gamer\abc.exe[3204] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\Tom\Skrivebord\gamer\abc.exe[3204] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3656] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3656] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3656] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3656] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3656] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Programmer\Internet Explorer\iexplore.exe[3656] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3656] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3656] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3656] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\Inter
[ Ignorer ] [ # 29 ] killerdane
22.04.2007 07:11:17 Antal indlæg: 305	.text C:\Programmer\Internet Explorer\iexplore.exe[3104] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3104] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3104] USER32.dll!DialogBoxParamW 7E37555F 5 Bytes JMP 00C25415 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3104] USER32.dll!DialogBoxIndirectParamW 7E382032 5 Bytes JMP 00DBC510 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3104] USER32.dll!MessageBoxIndirectA 7E38A04A 5 Bytes JMP 00DBC491 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3104] USER32.dll!DialogBoxParamA 7E38B10C 5 Bytes JMP 00DBC4D5 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3104] USER32.dll!MessageBoxExW 7E3A05D8 5 Bytes JMP 00DBC3D9 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3104] USER32.dll!MessageBoxExA 7E3A05FC 5 Bytes JMP 00DBC413 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3104] USER32.dll!DialogBoxIndirectParamA 7E3A6B50 5 Bytes JMP 00DBC54B C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3104] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 00DBC44D C:\WINDOWS\system32\IEFRAME.dll .text C:\Documents and Settings\Tom\Skrivebord\gamer\abc.exe[3204] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Documents and Settings\Tom\Skrivebord\gamer\abc.exe[3204] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Documents and Settings\Tom\Skrivebord\gamer\abc.exe[3204] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Documents and Settings\Tom\Skrivebord\gamer\abc.exe[3204] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Documents and Settings\Tom\Skrivebord\gamer\abc.exe[3204] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Documents and Settings\Tom\Skrivebord\gamer\abc.exe[3204] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Documents and Settings\Tom\Skrivebord\gamer\abc.exe[3204] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Documents and Settings\Tom\Skrivebord\gamer\abc.exe[3204] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\Tom\Skrivebord\gamer\abc.exe[3204] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3656] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3656] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3656] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3656] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3656] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Programmer\Internet Explorer\iexplore.exe[3656] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3656] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3656] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3656] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A .text C:\Programmer\Internet Explorer\iexplore.exe[3656] USER32.dll!DialogBoxParamW 7E37555F 5 Bytes JMP 00C25415 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3656] USER32.dll!DialogBoxIndirectParamW 7E382032 5 Bytes JMP 00DBC510 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3656] USER32.dll!MessageBoxIndirectA 7E38A04A 5 Bytes JMP 00DBC491 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3656] USER32.dll!DialogBoxParamA 7E38B10C 5 Bytes JMP 00DBC4D5 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3656] USER32.dll!MessageBoxExW 7E3A05D8 5 Bytes JMP 00DBC3D9 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3656] USER32.dll!MessageBoxExA 7E3A05FC 5 Bytes JMP 00DBC413 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3656] USER32.dll!DialogBoxIndirectParamA 7E3A6B50 5 Bytes JMP 00DBC54B C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Internet Explorer\iexplore.exe[3656] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 00DBC44D C:\WINDOWS\system32\IEFRAME.dll .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[3740] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F0D0F5A .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[3740] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[3740] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F160F5A .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[3740] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F130F5A .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[3740] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[3740] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F100F5A .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[3740] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F190F5A .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[3740] ADVAPI32.dll!RegSetValueExA 77DCEBE7 6 Bytes JMP 5F040F5A .text C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe[3740] ADVAPI32.dll!RegSetValueA 77DD6F49 6 Bytes JMP 5F0A0F5A ——Modules - GMER 1.0.12—— Module (noname) (* hidden * ) F75CE000 ——Registry - GMER 1.0.12—— Reg \Registry\USER\S-1-5-21-1275210071-436374069-682003330-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x2D 0x50 0x8B 0xFB ... Reg \Registry\USER\S-1-5-21-1275210071-436374069-682003330-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x69 0x3E 0x43 0x58 ... ——EOF - GMER 1.0.12——
[ Ignorer ] [ # 30 ] Ejvindh
23.04.2007 00:21:03 Redaktør Supporter Emeritus Antal indlæg: 6159	Jeg er heller ikke helt tilfreds med Gmer-loggen. —Jeg kan se at jeg ovenfor bad dig om at køre Virtumondebegone, men der kom aldrig nogen logfil fra dig. Fik du kørt det program? Hvis nej, så prøv at gøre det nu, og lægge den nævnte logfil herind. —Hent derefter FixWareout fra et af disse links: http://downloads.subratam.org/Fixwareout.exe http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe —Gem filen på dit Skrivebord og dobbeltklik på den. Klik Next -> Install og check, at der er et flueben i “Run fixit” - klik herefter på Finish. Fixet vil nu starte, og du skal blot følge instruktionerne. Du vil blive bedt om at genstarte din computer - gør venligst det. Genstarten vil tage lidt længere tid end normalt… —Når dit system genstarter skal du fortsat følge den vejledning, der gives på skærmen. Når fixet er færdigt vil der åbnes en log (report.txt), som du skal gemme og lægge herind i næste post. —Så vil jeg også gerne have den log fra Hijackthis, som jeg bad dig om sidste gang. —Når du har gjort dette, så vil jeg gerne have en ny log fra Gmer, som du laver på denne måde: Kør Gmer igen. Ovre i højre side skal du fjerne fluebenene, således at der kun er flueben i “Sections” “Modules” ... lav så en ny scanning med programmet. Når scanningen er færdig må du gerne nøjes med at lægge de dele herind, som ligger mellem disse to linier: ——Kernel code sections - GMER 1.0.12—— ................ ................ ——User code sections - GMER 1.0.12—— og det, der står nedenunder denne linie: ——Modules - GMER 1.0.12——

2 af 3

Forrige

Næste