dziwny folder i wyskakuje reklamy

**Posty:** 688 · przez **freestyler** 17 Kwi 2007, 22:30

Logfile of HijackThis v1.99.1
Scan saved at 22:13:18, on 2007-04-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Freestyler\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\AnyDVD\AnyDVD.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"STYLEXP" = "C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide" [empty string]
"AnyDVD" = "C:\Program Files\AnyDVD\AnyDVD.exe" ["SlySoft, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"NVRaidService" = "C:\WINDOWS\system32\nvraidservice.exe" ["NVIDIA Corporation"]
"WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [empty string]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"WheelMouse" = "C:\Program Files\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co., Ltd."]
"zBrowser Launcher" = "C:\Program Files\Logitech\iTouch\iTouch.exe" ["Logitech Inc. "]
"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
{C333CF63-767F-4831-94AC-E683D962C63C}\(Default) = "TGTSoft Explorer Toolbar Changer"
-> {HKLM...CLSID} = "CoTGT_BHO Class"
\InProcServer32\(Default) = "C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
MkS_Vir\(Default) = "{E64226E0-9DA1-479E-8265-8D65BA327BD4}"
-> {HKLM...CLSID} = "MkS_Vir Shell Extension"
\InProcServer32\(Default) = "/u\mksshell.dll" [file not found]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
MkS_Vir\(Default) = "{E64226E0-9DA1-479E-8265-8D65BA327BD4}"
-> {HKLM...CLSID} = "MkS_Vir Shell Extension"
\InProcServer32\(Default) = "/u\mksshell.dll" [file not found]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Freestyler\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Active Desktop web content (hidden if disabled):

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = ""
"Source" = "C:\Program Files\Windows NT\rtened.html"
"SubscribedURL" = ""

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [null data]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

StyleXPService, StyleXPService, ""C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"" [empty string]
Sunbelt Kerio Personal Firewall 4, KPF4, ""C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe"" ["Sunbelt Software"]
WinFast(R) Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor PIXMA iP1000\Driver = "CNMLM6e.DLL" ["CANON INC."]

----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 60 seconds.
---------- (total run time: 84 seconds)

ComboScan v20070306.20 run by Freestyler on 2007-04-17 at 22:15:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Freestyler.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:15:37, on 2007-04-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Freestyler\Pulpit\comboscan.exe
C:\DOCUME~1\FREEST~1\Pulpit\FREEST~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\AnyDVD\AnyDVD.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

-- Files created between 2007-03-17 and 2007-04-17 -----------------------------

2007-04-16 23:43:21 72320 --a------ C:\WINDOWS\system32\drivers\core.sys
2007-04-16 23:43:16 8464 --a------ C:\WINDOWS\system32\sporder.dll
2007-04-13 16:07:39 73928 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-04-13 10:40:19 0 d-------- C:\Program Files\XnView
2007-04-12 20:51:19 0 d-------- C:\Program Files\SkanerOnline<SKANER~1>
2007-04-01 14:34:21 86016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2007-03-30 09:21:33 0 d-------- C:\Curse.Of.The.Golden.Flower[2006]DvDrip[Eng]-aXXo<CURSEO~1.FLO>
2007-03-26 20:11:52 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll<XACTEN~4.DLL>
2007-03-26 20:11:48 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll<XINPUT~3.DLL>
2007-03-22 18:37:31 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~2.DLL>

-- Find3M Report ---------------------------------------------------------------

2007-04-17 22:15:22 0 d-------- C:\Documents and Settings\Freestyler\Dane aplikacji\uTorrent
2007-04-17 22:09:59 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-04-17 22:00:05 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000008-00001102-00000002-80611102}.dat<DVCSTA~2.DAT>
2007-04-17 22:00:05 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000008-00001102-00000002-80611102}.dat<DVCSTA~1.DAT>
2007-04-17 21:01:39 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-04-17 20:56:21 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-04-17 00:00:25 0 d-------- C:\Documents and Settings\Freestyler\Dane aplikacji\Azureus
2007-04-16 23:59:59 0 d-------- C:\Program Files\AnyDVD
2007-04-15 21:01:35 0 d-------- C:\Program Files\foobar2000<FOOBAR~1>
2007-04-15 09:30:58 0 d-------- C:\Program Files\Mozilla Thunderbird<MOZILL~2>
2007-04-14 20:23:26 0 d-------- C:\Program Files\K-Lite Codec Pack<K-LITE~1>
2007-04-12 10:20:23 0 d-------- C:\Program Files\Kerio
2007-03-28 16:55:28 0 d-------- C:\Program Files\CloneDVD2<CLONED~1>
2007-03-25 09:42:16 355486 --a------ C:\WINDOWS\system32\perfh015.dat
2007-03-25 09:42:16 49492 --a------ C:\WINDOWS\system32\perfc015.dat
2007-03-22 18:37:31 0 dr-h----- C:\Documents and Settings\Freestyler\Dane aplikacji\SecuROM
2007-03-19 23:05:19 0 d-------- C:\Documents and Settings\Freestyler\Dane aplikacji\XnView
2007-03-18 13:32:03 0 d-------- C:\Documents and Settings\Freestyler\Dane aplikacji\foobar2000<FOOBAR~1>
2007-03-17 15:45:36 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-16 16:17:11 51733 --a------ C:\WINDOWS\system32\plugin1.dat
2007-03-15 21:29:49 0 d-------- C:\Program Files\Winamp
2007-03-15 12:00:36 466432 --a------ C:\WINDOWS\system32\SkanerOnline.dll<SKANER~1.DLL>
2007-03-08 17:38:47 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:38:47 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:38:47 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:37:33 1843840 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-07 18:25:46 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-05 18:33:27 0 d-------- C:\Documents and Settings\Freestyler\Dane aplikacji\MobileAction<MOBILE~1>
2007-02-26 18:38:04 6073 --a------ C:\WINDOWS\mozver.dat
2007-02-24 13:56:35 0 d---s---- C:\Documents and Settings\Freestyler\Dane aplikacji\Microsoft<MICROS~1>
2007-02-23 23:23:35 0 d-------- C:\Program Files\mks_vir_2007<MKS_VI~1>
2007-02-23 22:45:51 11776 --a------ C:\WINDOWS\system32\mksidsf.sys
2007-02-23 22:45:46 6144 --a------ C:\WINDOWS\system32\mksidsa.sys
2007-02-23 22:45:43 15360 --a------ C:\WINDOWS\system32\mksfwallt.sys<MKSFWA~1.SYS>
2007-02-23 22:45:38 13312 --a------ C:\WINDOWS\system32\mksfwallf.sys<MKSFWA~2.SYS>
2007-02-23 20:44:31 0 d-------- C:\Documents and Settings\Freestyler\Dane aplikacji\MksVir2007<MKSVIR~1>
2007-02-22 19:50:52 0 d-------- C:\Program Files\SubRip
2007-02-22 19:47:29 0 d-------- C:\Program Files\ImgBurn
2007-02-22 00:00:56 0 d-------- C:\Program Files\SubEdit-Player<SUBEDI~1>
2007-02-21 22:56:20 1966080 --a----c- C:\WINDOWS\UNNeroVision.exe<UNNERO~1.EXE>
2007-02-21 22:56:19 88064 --a------ C:\WINDOWS\UninstallFirefox.exe<UNINST~1.EXE>
2007-02-21 22:56:18 181248 --a------ C:\WINDOWS\system32\WISPTIS.EXE
2007-02-21 22:56:06 154112 --a----c- C:\WINDOWS\system32\nvusmb.exe
2007-02-21 22:56:06 154112 --a----c- C:\WINDOWS\system32\NVUNINST.EXE
2007-02-21 22:56:06 154112 --a----c- C:\WINDOWS\system32\nvuide.exe
2007-02-21 22:56:06 154112 --a----c- C:\WINDOWS\system32\nvugart.exe
2007-02-21 22:56:06 154112 --a----c- C:\WINDOWS\system32\nvudisp.exe
2007-02-21 22:56:05 190464 --a----c- C:\WINDOWS\system32\NvRaidMan.exe<NVRAID~1.EXE>
2007-02-21 22:56:05 854528 --a----c- C:\WINDOWS\system32\nvdspsch.exe
2007-02-21 22:56:04 122880 --a----c- C:\WINDOWS\system32\nvcolor.exe
2007-02-21 22:56:04 322048 --a----c- C:\WINDOWS\system32\nvappbar.exe
2007-02-21 22:56:03 147456 --a------ C:\WINDOWS\system32\NeroCheck.exe<NEROCH~1.EXE>
2007-02-21 22:56:00 299008 --a------ C:\WINDOWS\system32\keystone.exe
2007-02-21 22:55:16 159744 --a------ C:\WINDOWS\READREG.EXE
2007-02-21 22:55:16 180224 --a------ C:\WINDOWS\PSCONV.EXE
2007-02-21 21:00:28 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-02-19 18:37:59 0 d-------- C:\Program Files\uTorrent
2007-02-19 18:19:04 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-02-19 18:18:58 0 d-------- C:\Program Files\Konnekt
2007-02-19 18:18:49 0 d-------- C:\Program Files\Gadu-Gadu<GADU-G~1>
2007-02-05 22:19:48 185856 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-01 05:56:06 639066 --a------ C:\WINDOWS\system32\divx.dll
2007-01-30 06:03:42 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-30 06:03:28 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-30 06:03:28 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-30 05:56:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-01-30 05:56:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-01-29 10:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-19 09:40:42 89088 --a------ C:\WINDOWS\system32\SkanerOnlineUninstall.exe<SKANER~1.EXE>

-- Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"AnyDVD"="C:\\Program Files\\AnyDVD\\AnyDVD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NVRaidService"="C:\\WINDOWS\\system32\\nvraidservice.exe"
"WINDVDPatch"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"WheelMouse"="C:\\Program Files\\A4Tech\\Mouse\\Amoumain.exe"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tlen"
"hkey"="HKCU"
"command"="C:\\Program Files\\Tlen.pl\\tlen.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBDetector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="USBDetector"
"hkey"="HKLM"
"command"="C:\\USBStorage\\USBDetector.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindService"=dword:00000002
"ose"=dword:00000003
"odserv"=dword:00000003
"JavaIFX4"=dword:00000002

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ C:\Program Files\Windows NT\rtened.html

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76d28eb4-c3fa-11db-9ef8-000feaff31b3}]
Shell\AutoRun\command F:\wd_windows_tools\setup.exe

-- End of ComboScan: finished at 2007-04-17 at 22:16:33 ------------------------

comboscan zrobil mi tylko jeden log nie tak jak wczesniej dwa. ten plik zniknal jak juz pisalem okienka nie wyskakuja przynajmniej narazie ale zauwazylem ze w wiekszosci folderow znajduje sie plik o takiej samej nazwie jak folder tylko z roz exe.

**Posty:** 18165 · przez **wojtas** 17 Kwi 2007, 22:37

skasuj:

C:\WINDOWS\system32\plugin1.dat

sciagnij gmera:

http://gmer.net/gmer.zip

1. Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
2. Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

Autor postu otrzymał pochwałę

**Posty:** 688 · przez **freestyler** 17 Kwi 2007, 23:09

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-04-17 23:10:22
Windows 5.1.2600 Dodatek Service Pack 2

---- System - GMER 1.0.12 ----

SSDT \SystemRoot\system32\drivers\core.sys ZwClose
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile
SSDT \SystemRoot\system32\drivers\core.sys ZwCreateKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile
SSDT \SystemRoot\system32\drivers\core.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\core.sys ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver
SSDT \SystemRoot\system32\drivers\core.sys ZwLoadKey
SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile
SSDT \SystemRoot\system32\drivers\core.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\system32\drivers\core.sys ZwReplaceKey
SSDT \SystemRoot\system32\drivers\core.sys ZwRestoreKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile
SSDT \SystemRoot\system32\drivers\core.sys ZwSetValueKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile

---- Kernel code sections - GMER 1.0.12 ----

? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
PAGENDSM NDIS.sys!NdisMIndicateStatus F7583A5F 6 Bytes JMP F074E35C \SystemRoot\system32\drivers\fwdrv.sys
.text USBPORT.SYS!DllUnload F6A8B62C 5 Bytes JMP 865AF970
? C:\WINDOWS\System32\Drivers\vaxscsi.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
? System32\Drivers\aozgi3uy.SYS Nie można odnaleźć określonego pliku.
? C:\WINDOWS\system32\DRIVERS\update.sys
? C:\WINDOWS\system32\drivers\core.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.

---- User code sections - GMER 1.0.12 ----

.text C:\Documents and Settings\Freestyler\Pulpit\gmer.exe[172] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Documents and Settings\Freestyler\Pulpit\gmer.exe[172] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Documents and Settings\Freestyler\Pulpit\gmer.exe[172] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Documents and Settings\Freestyler\Pulpit\gmer.exe[172] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Documents and Settings\Freestyler\Pulpit\gmer.exe[172] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Documents and Settings\Freestyler\Pulpit\gmer.exe[172] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Documents and Settings\Freestyler\Pulpit\gmer.exe[172] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Documents and Settings\Freestyler\Pulpit\gmer.exe[172] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Documents and Settings\Freestyler\Pulpit\gmer.exe[172] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Documents and Settings\Freestyler\Pulpit\gmer.exe[172] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Documents and Settings\Freestyler\Pulpit\gmer.exe[172] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Documents and Settings\Freestyler\Pulpit\gmer.exe[172] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Documents and Settings\Freestyler\Pulpit\gmer.exe[172] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Documents and Settings\Freestyler\Pulpit\gmer.exe[172] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Documents and Settings\Freestyler\Pulpit\gmer.exe[172] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[452] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[452] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[452] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[452] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[452] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[452] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[452] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[452] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[452] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[452] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[452] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[452] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[452] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[452] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[452] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[452] WS2_32.dll!socket 71A53B91 5 Bytes JMP 001308C4
.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[452] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00130838
.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[452] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[508] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[508] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[508] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[508] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[508] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[508] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[508] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[508] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[508] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[508] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[508] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[508] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[508] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[508] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[508] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[508] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[508] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[508] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\csrss.exe[760] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[760] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[760] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[760] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[760] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[760] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[760] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[760] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[760] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[760] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[760] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[760] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[760] KERNEL32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[760] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[760] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[784] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[784] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[784] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[784] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[784] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[784] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[784] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[784] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[784] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[784] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[784] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[784] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[784] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[784] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[784] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[784] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[784] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[784] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[828] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[828] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[828] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[828] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[828] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[828] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[828] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[828] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[828] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[828] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[828] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[828] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[828] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[828] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[828] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[828] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[828] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[828] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[992] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[992] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[992] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1072] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1072] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1072] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00080EC8
.text C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe[1132] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe[1132] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe[1132] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe[1132] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe[1132] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe[1132] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe[1132] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe[1132] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe[1132] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe[1132] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe[1132] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe[1132] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe[1132] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe[1132] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe[1132] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\rundll32.exe[1216] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\rundll32.exe[1216] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\rundll32.exe[1216] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\rundll32.exe[1216] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\rundll32.exe[1216] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\rundll32.exe[1216] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\rundll32.exe[1216] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\rundll32.exe[1216] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\rundll32.exe[1216] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\rundll32.exe[1216] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\rundll32.exe[1216] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\rundll32.exe[1216] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\rundll32.exe[1216] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\rundll32.exe[1216] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\rundll32.exe[1216] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1280] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1280] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1280] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\alg.exe[1328] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\alg.exe[1328] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\alg.exe[1328] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\alg.exe[1328] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\alg.exe[1328] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\alg.exe[1328] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\alg.exe[1328] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\alg.exe[1328] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\alg.exe[1328] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\alg.exe[1328] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\alg.exe[1328] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\alg.exe[1328] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\alg.exe[1328] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\alg.exe[1328] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\alg.exe[1328] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\alg.exe[1328] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\alg.exe[1328] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\alg.exe[1328] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\nvraidservice.exe[1356] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\nvraidservice.exe[1356] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\nvraidservice.exe[1356] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\nvraidservice.exe[1356] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\nvraidservice.exe[1356] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\nvraidservice.exe[1356] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\nvraidservice.exe[1356] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\nvraidservice.exe[1356] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\nvraidservice.exe[1356] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\nvraidservice.exe[1356] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\nvraidservice.exe[1356] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\nvraidservice.exe[1356] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\nvraidservice.exe[1356] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\nvraidservice.exe[1356] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\nvraidservice.exe[1356] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\nvraidservice.exe[1356] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\nvraidservice.exe[1356] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\nvraidservice.exe[1356] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\CTHELPER.EXE[1392] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\CTHELPER.EXE[1392] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\CTHELPER.EXE[1392] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\CTHELPER.EXE[1392] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\CTHELPER.EXE[1392] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\CTHELPER.EXE[1392] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\CTHELPER.EXE[1392] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\CTHELPER.EXE[1392] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\CTHELPER.EXE[1392] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\CTHELPER.EXE[1392] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\CTHELPER.EXE[1392] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\CTHELPER.EXE[1392] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\CTHELPER.EXE[1392] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\CTHELPER.EXE[1392] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\CTHELPER.EXE[1392] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00130DB0
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00130F54
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00130D24
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00130E3C
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00130FE0
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00130EC8
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe[1504] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1508] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1508] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1508] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1508] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1508] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1508] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1508] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1508] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1508] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00080EC8
.text C:\WINDOWS\explorer.exe[1560] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\explorer.exe[1560] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\explorer.exe[1560] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\explorer.exe[1560] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\explorer.exe[1560] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\explorer.exe[1560] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\explorer.exe[1560] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\explorer.exe[1560] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\explorer.exe[1560] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\explorer.exe[1560] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\explorer.exe[1560] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\explorer.exe[1560] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\explorer.exe[1560] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\explorer.exe[1560] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\explorer.exe[1560] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720
.text C:\WINDOWS\explorer.exe[1560] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00080DB0
.text C:\WINDOWS\explorer.exe[1560] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00080F54
.text C:\WINDOWS\explorer.exe[1560] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00080D24
.text C:\WINDOWS\explorer.exe[1560] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00080E3C
.text C:\WINDOWS\explorer.exe[1560] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00080FE0
.text C:\WINDOWS\explorer.exe[1560] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00080EC8
.text C:\WINDOWS\explorer.exe[1560] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\explorer.exe[1560] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838
.text C:\WINDOWS\explorer.exe[1560] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1584] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1584] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1584] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1584] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1584] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1584] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1584] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1584] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1584] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1584] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1584] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1584] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1584] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1584] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1584] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\Logitech\iTouch\iTouch.exe[1616] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Logitech\iTouch\iTouch.exe[1616] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Logitech\iTouch\iTouch.exe[1616] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Logitech\iTouch\iTouch.exe[1616] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Logitech\iTouch\iTouch.exe[1616] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Logitech\iTouch\iTouch.exe[1616] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Logitech\iTouch\iTouch.exe[1616] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Logitech\iTouch\iTouch.exe[1616] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Logitech\iTouch\iTouch.exe[1616] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Logitech\iTouch\iTouch.exe[1616] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Logitech\iTouch\iTouch.exe[1616] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Logitech\iTouch\iTouch.exe[1616] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Logitech\iTouch\iTouch.exe[1616] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\Logitech\iTouch\iTouch.exe[1616] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Logitech\iTouch\iTouch.exe[1616] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720
.text C:\Program Files\DAEMON Tools\daemon.exe[1624] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\DAEMON Tools\daemon.exe[1624] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\DAEMON Tools\daemon.exe[1624] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\DAEMON Tools\daemon.exe[1624] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\DAEMON Tools\daemon.exe[1624] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\DAEMON Tools\daemon.exe[1624] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\DAEMON Tools\daemon.exe[1624] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\DAEMON Tools\daemon.exe[1624] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\DAEMON Tools\daemon.exe[1624] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\DAEMON Tools\daemon.exe[1624] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\DAEMON Tools\daemon.exe[1624] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\

**Posty:** 18165 · przez **wojtas** 17 Kwi 2007, 23:21

nic w logu nie ma

**Posty:** 688 · przez **freestyler** 17 Kwi 2007, 23:23

ale chyba calego nie wkleja mi jakby byl uciety

**Posty:** 18165 · przez **wojtas** 17 Kwi 2007, 23:24

to wrzuc loga zgodnie z instrukcjami na rapida lub cos

**Posty:** 688 · przez **freestyler** 17 Kwi 2007, 23:39

odezwe sie do ciebie na gg

[ Dodano: Dzisiaj o 23:11 ]
http://rapidshare.com/files/26548379/logi.rar.html

okienka nadal wyskakuja :<

**Posty:** 18165 · przez **wojtas** 18 Kwi 2007, 15:39

ok teraz

W Gmerze w zakładce CMD z zaznaczoną opcją CMD.EXE wklej:

gmer -killall
gmer -del service core
gmer -del file C:\Program Files\Windows NT\rtened.html
gmer -del file C:\WINDOWS\system32\drivers\core.sys
gmer -del file C:\WINDOWS\system32\sporder.dll
gmer -reboot

I kliknij z prawej strony na Uruchom.

potem na rapida nowy log z hj, silenta, combocana, combofixa i 2 z gmera

**Posty:** 688 · przez **freestyler** 18 Kwi 2007, 17:09

http://rapidshare.com/files/26652692/logi.rar.html

**Posty:** 18165 · przez **wojtas** 18 Kwi 2007, 17:31

Pobierz i uruchom narzędzie : The Avenger
http://swandog46.geekstogo.com/avenger.zip
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\gebyw.dll.vir
C:\WINDOWS\system32\gebbxww.dll.vir
C:\Program Files\func.exe
C:\Program Files\func.js
C:\Program Files\Del.js

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz wszystkie logi + raport: C:\avenger.txt

**Posty:** 688 · przez **freestyler** 18 Kwi 2007, 18:54

http://rapidshare.com/files/26667039/logi.rar.html

**Posty:** 18165 · przez **wojtas** 18 Kwi 2007, 19:20

juz jest ok

**Posty:** 688 · przez **freestyler** 18 Kwi 2007, 20:45

zauwazylem :> normalnie 100 plusow dla ciebie

dziwny folder i wyskakuje reklamy

Kto jest na forum